AWS

Windows 365 makes it easy to configure and deploy a PC in the cloud. Once configured, you may ask yourself, “How are Cloud PCs different from a system management perspective? Should I do anything different for these endpoints?” The fact is you can manage your Windows 365 environment the same way you have been managing your physical fleet of Windows endpoints. But there are a few configurations that can improve the experience for you and your users. This blog will provide guidance on each of the features below to help you get the most out of your investment in Windows 365. Cloud PC Dynamic Groups and Filters Conditional Access policies specifically for Cloud PCs Endpoint Analytics Multimedia Redirection RDP Shortpath Targeting Windows 365 Devices As you create more Cloud PCs, you may want to target specific subsets of your devices for specific applications or configurations. This can be done with either dynamic groups or device filters. Below are the most common groups and filters used by Cloud PC administrators. See these articles if you are looking for step-by-step instructions on how to create a dynamic group or filter. Target Devices Dynamic Group Query Filter Windows 365 Devices (device.deviceModel -contains "Cloud PC") (device.model -contains "Cloud PC") All Windows 365 Devices of Model 2vCPU/8GB/128GB or other model (device.deviceModel -contains "Cloud PC Enterprise 2vCPU/8GB/128GB") (device.model -contains "Cloud PC Enterprise 2vCPU/8GB/128GB") All Windows 365 Devices with Provisioning Policy “Microsoft Hosted Network - US East 2” Modify this to your Provisioning Policy name (device.enrollmentProfileName -eq "Microsoft Hosted Network - US East 2") (device.enrollmentProfileName -eq "Microsoft Hosted Network - US East 2") If you’re unsure when to use a Dynamic Group vs a Filter, see the Intune Support Team’s blog Intune grouping, targeting, and filtering: recommendations for best performance. Conditional Access You’re likely comfortable with using Conditional Access to enforce MFA to protect your information in Office 365. You can also configure Azure Active Directory (Azure AD) Conditional Access to tighten your Windows 365 security posture in a multi-step approach: Control access methods Enforce session limits on the local device Require Intune compliance for organization access Control Access to Cloud PCs Windows 365 can be accessed by using the Windows 365 app, navigating to the web portal, or using the Remote Desktop client. Access via all three is controlled via Conditional Access policies targeted at the Windows 365 Azure AD application. However, because Windows 365 is built on the same technology as Azure Virtual Desktop, Conditional Access policies targeting Azure (or Windows) Virtual Desktop will still apply to connections initiated from the Windows 365 app and the Remote Desktop client. Enforce Session Limits The Sign-in frequency Session Control can be used to force reauthentication after a specific amount of time. For example, configuring this to 24 hours can ensure that your users are prompted to reauthenticate to the Windows 365 service at least once per day. If a user’s authentication token expires while they are using their Cloud PC, the user will be allowed to continue their active session and will only be prompted for re-authentication the next time they connect to their Cloud PC. See the Set conditional access policies for Windows 365 docs page for step-by-step instructions on creating a basic Windows 365 Conditional Access policy. Enforce Intune Compliance Once connected to a Cloud PC, the same Conditional Access rules targeted at the rest of your client environment apply. However, if you are using the Require device to be marked as compliant configuration in your Conditional Access Grant Rules, there are a few Compliance policy settings that may report inaccurately on Cloud PCs. To avoid these issues, consider excluding this requirement for both the Azure Virtual Desktop (AVD) and Windows 365 apps. Reference the Known Issues page for specific details. Enable Endpoint Analytics Endpoint Analytics provides you with insights into the quality of the endpoint experience in your environment. The information the reports provide can help you optimize the end user experience across your physical and virtual endpoint platforms. The resource performance report provides insights into CPU and RAM usage to help identify devices that may need more resources. In addition to the core reports available in Endpoint Analytics, there are reports specifically targeted for usage with Windows 365. The Remoting Connection report provides insights into both Round-Trip Time and Sign-in Time. And the Cloud PC Performance & Utilization report helps you ensure your Cloud PCs are efficiently being used. The Endpoint Analytics enrollment process is different depending on if your devices are managed by Intune or Co-Managed with Configuration Manager. Once enrolled, device information can take several days to start to populate into reports. Multimedia Redirection Multimedia redirection allows for smooth playback of video in Teams live events and streaming video platforms in both Microsoft Edge and Google Chrome. Smooth playback is enabled by offloading the video processing to the local machine for faster rendering. This feature is in preview on Azure Virtual Desktop and supported on Windows 365 endpoints. It is enabled by installing an extension for Edge or Chrome and configuring a few additional policies. Once configured, you’ll see the extension appear in the upper right of your Edge and Chrome browser. For specific details on how to configure multimedia redirection see Multimedia redirection on Azure Virtual Desktop on the Microsoft Docs site. RDP Shortpath RDP Shortpath is a feature that changes how users connect to their Cloud PC from a TCP connection to a secure UDP connection. Enabling RDP Shortpath has several key benefits that can improve end user experience and allow for added control at network layer. These include: Changing the connection protocol from TCP to Universal Rate Control Protocol (URCP). This is a low delay and low loss protocol that dynamically adapts to network parameters. Reduces network hops between RDP Clients and Cloud PCs to improve connection reliability and bandwidth. Improves performance of latency dependent applications by reducing connection round-trip time. Enables support for QoS on RDP connections (Azure Network Connection Only). Enables support for bandwidth throttling on outbound network traffic (Azure Network Connection Only). Because Windows 365 is built on the same technology as Azure Virtual Desktop, the configuration of RDP Shortpath is the same for both technologies. Be sure you review the correct requirements and configuration steps depending on if you use a Azure Network Connection or a Microsoft Hosted Network for your Windows 365 environment. Summary After configuring each of these features, you’ll be well on your way to delivering the best Cloud PC experience to your end users. Keep an eye on the What's new in Windows 365 and Windows 365 In Development pages for upcoming service enhancements and features. There are a lot of exciting capabilities coming soon! Continue reading...

We are excited to announce the general availability of Azure IoT Edge for Linux on Windows (EFLOW) 1.4 LTS, a new long-term servicing branch which includes the 1.4 version of Azure IoT Edge. With this release, you will be able to take advantage of the latest features of Azure IoT Edge on Windows devices. EFLOW 1.4 LTS is recommended for all new production deployments and will be supported until November 12, 2024, according to the Azure IoT Edge product lifecycle. Customers currently on EFLOW 1.1 LTS will be able to upgrade to EFLOW 1.4 LTS without needing to reinstall. The EFLOW CR branch will still be available in preview for customers who require the latest non-LTS stable release of Azure IoT Edge. Note that customers can only have one version of EFLOW installed at a time. We are continuously listening to customer feedback and bringing the latest Azure IoT Edge features to EFLOW. EFLOW 1.4 LTS includes the following features: Latest features in Azure IoT Edge 1.4 release. CBL Mariner 2.0 Support for additional networking configurations and control including: Static IP & DHCP, Multiple NICs, Static MAC address, DNS configurations Support for exposing host hardware capabilities to the Linux workloads including: TPM for DPS provisioning, Camera over RTSP, Serial Passthrough, and USB over IP Shared storage for sharing files and folders across Windows & Linux. GPU passthrough, including support for a broader set of GPUs. Support for deploying EFLOW on virtualized infrastructure including VMWare Windows virtual machines See full details of the update here: Release 1.4.1.13112 LTS · Azure/iotedge-eflow If you are new to EFLOW and want to learn more about it, we recommend starting with reading the EFLOW 1.1 LTS GA announcement blog and visiting the EFLOW documentation. Continue reading...

Newsworthy Highlights Microsoft Priva is generally available to GCC, GCC High and DoD As the privacy landscape continues to evolve, the way that government organizations respond to privacy regulations will be critical to maintaining their privacy posture and responding to constituent requests. Microsoft’s newest security brand category, Microsoft Priva, was first announced at Ignite in 2021—today, we are excited to announce the general availability of Microsoft Priva for the Government Community Cloud (GCC), GCC High, and Department of Defense (DoD) customers. Announcing New Teams Developer Portal for GCC Teams Developer Portal for GCC will allow developers to Configure, distribute, and manage Microsoft Teams apps. Formerly App Studio, the Developer Portal can help wherever you are in your Microsoft Teams app development journey. What’s New in Microsoft Teams | October 2022 These features currently available to Microsoft’s commercial customers in multi-tenant cloud environments are now rolling out to our customers in US Government Community Cloud (GCC), US Government Community Cloud High (GCC-High), and/or United States Department of Defense (DoD). Windows 365 brings Cloud PCs to government Built to meet the enhanced security and compliance requirements of the US government, Windows 365 Government is a full Windows 365 experience—combining the power and security of the cloud with the familiarity of the PC to empower flexibility and innovation. With Windows 365 Government, US government agencies, contractors, partners (State, Local, Federal Civilian, Defense), and native Indian tribes (US only) can securely stream their Windows apps, data, content, and settings from the Microsoft cloud to any supported device at any time. It’s a complete Windows experience that is: FedMake Microsoft Federal's FedMake program delivers hackathon style events, exclusively for Federal (Civilian / DoD / Intel) organizations, where conditions are created, and facilitated, by Microsoft experts, for cross-organization teams to leverage Microsoft expertise and develop solutions that achieve their mission. Where to Start with Microsoft Teams Apps in Gov Clouds Customers in our Office 365 government clouds, GCC, GCCH, and DoD, are continuing to evolve how they do business in the hybrid workplace. As Microsoft Teams is the primary tool for communication and collaboration, customers are looking to improve productivity by integrating their business processes directly into Microsoft Teams via third-party party (3P) applications or line-of-business (LOB)/homegrown application integrations. Microsoft 365 Government Adoption Resources Empowering US public sector organizations to transition to Microsoft 365 Release News Exchange Online Exchange Online support for Windows PowerShell 2.0 connections is ending SharePoint / OneDrive for Business We are updating the e-mails that are sent when users that share SharePoint sites to match the behavior of our other sharing e-mails The Stream web app will provide an enriched playback experience for videos stored in SharePoint or OneDrivej Teams Users will now be able to open teams calendar scheduling form in a new window – GCC December, GCCH January, DoD February Additional logs in Teams Call History – GCC October, GCCH and DoD November Human Interface Devices (HID) for Teams on VDI environments – GCC October, GCCH & DoD November Contact Group management is now available in the Calls App pane – GCC October, GCCH & DoD November View users and groups assigned to a policy - GCC Companion mode updates provide a differentiated meeting experience on mobile that complements the overall meetings experience across devices or in hybrid environments – Android – GCC September, GCCH & DoD October When accepting a PSTN call, an automatic browser launch can pop out alongside Teams, displaying relevant information to the user – GCC November, GCCH & DoD December Microsoft Purview eDiscovery (Premium): Usability enhancements for list pages in compliance portal Security/Identity Data loss prevention (DLP) support for trainable classifiers AIP Scanner admin experience moving to Microsoft Purview compliance portal Safe Documents is now Generally Available - GCC August, GCCH & DoD November New service plan: Data classification in Microsoft 365 Deep link to Content Viewer from DLP alert Announcing the retirement of ‘Office 365 Security and Compliance Center’ (protection.office.com) - GCC Intune Microsoft Endpoint Manager branding change Microsoft 365 The Office app for web (Office.Com), Windows, iOS, and Android is becoming the Microsoft 365 app References and Information Resources Microsoft 365 Public Roadmap This link is filtered to show GCC, GCC High and DOD specific items. For more general information uncheck these boxes under “Cloud Instance”. Stay on top of Microsoft 365 changes Here are a few ways that you can stay on top of the Office 365 updates in your organization. Microsoft Tech Community for Public Sector Your community for discussion surrounding the public sector, local and state governments. Microsoft 365 for US Government Service Descriptions · Office 365 Platform (GCC, GCCH, DoD) · Office 365 U.S. Government GCC High endpoints · Office 365 U.S. Government DoD endpoints · Microsoft Purview (GCC, GCCH, DoD) · Enterprise Mobility & Security (GCC, GCCH, DoD) · Microsoft Defender for Endpoint (GCC, GCCH, DoD) · Microsoft Defender for Cloud Apps Security (GCC, GCCH, DoD) · Microsoft Defender for Identity Security (GCC, GCCH, DoD) · Azure Information Protection Premium · Exchange Online (GCC, GCCH, DoD) · SharePoint (GCC, GCCH, DoD) · OneDrive (GCC, GCCH, DoD) · Teams (GCC, GCCH, DoD) · Office 365 Government (GCC, GCCH, DoD) · Power Apps (GCC, GCCH, DoD) · Power Automate US Government (GCC, GCCH, DoD) · Power BI (GCC, GCCH, DoD) · Planner (GCC, GCCH, DoD) · Outlook Mobile (GCC, GCCH, DoD) · Viva Insights (GCC) · Dynamics 365 US Government Be a Learn-it-All Public Sector Center of Expertise We bring together thought leadership and research relating to digital transformation and innovation in the public sector. We highlight the stories of public servants around the globe, while fostering a community of decision makers. Join us as we discover and share the learnings and achievements of public sector communities. [attachment=26825:name] Microsoft Teams for US Government Adoption Guide [attachment=26826:name] Message Center Posts and Updates for Microsoft Teams in GCC Looking for what’s on the map for Microsoft Teams and only Teams in GCC? Go right to the GCC Teams Feature Communications Guide Message Center Highlights SharePoint Online / OneDrive for Business MC454797 — SharePoint and OneDrive deploying hard block for IE11 in January 2023 As communicated in MC278815 (August '21) Microsoft 365 apps and services ended providing support for Internet Explorer 11 in August, 2021. Beginning mid-January, 2023, access to SharePoint Online and OneDrive from Internet Explorer 11 will be hard blocked for all users. Users should access these services through a modern browser, and we recommend Microsoft Edge as a faster, more innovative browser than IE11. When this will happen: Mid-January 2023 How this will affect your organization: Once the hard block is deployed, the connection requests will fail and users will no longer be able to access these services through IE11. These users would need to use a modern browser, such as Microsoft Edge, to continue accessing SharePoint Online and OneDrive. Current soft block experience: Future hard block experience: What you need to do to prepare: If you still use IE11 to access SharePoint or OneDrive content, we strongly recommend you review the following guidelines to help avoid service disruption for users: 1. Deploy a modern browser such as Microsoft Edge 2. Prepare your SharePoint environment for the retirement of Internet Explorer 11 for Microsoft 365 apps and services - SharePoint in Microsoft 365 | Microsoft Docs Note: If your organization has already finished upgrading to Microsoft Edge, no further actions are needed. Please click Additional Information to learn more. MC445742 — OneDrive: Folder Backup for macOS Microsoft 365 Roadmap ID 82032 Folder Backup enables an admin and/or end-user to redirect the local macOS Desktop and Documents folder to OneDrive. This allows the end user to keep using those folders to save their content while delivering the protection and access anywhere promise that OneDrive offers. The feature and relative list entries are very similar to the Folder Backup experience that has been on Windows for a while. Note: If your organization does not use macOS you can safely disregard this message. When this will happen: Standard Release: We will begin rolling out mid-October and expect to complete by mid-November. How this will affect your organization: As the feature is rolled out, end users will be able to access this feature via OneDrive Sync Settings. As end-users enroll in this feature all of their files within Desktop and Documents will be uploaded to their OneDrive for Business root folder. What you need to do to prepare: · Ensure that the Standalone OneDrive Sync client version 22.191 is rolled out within your workplace · Ensure that macOS 12.1 Monterey or later version of macOS is rolled out within your workplace · Enable the best plist entries for your workspace once the feature has rolled out (KFMOptInWithWizard, KFMSilentOptIn, KFMBlockOptIn, KFMBlockOptOut) MC445418 — Retiring Turn On File Synchronization Via SOAP Over HTTP We are removing the “Turn on file synchronization via SOAP Over HTTP” policy from Group Policy. This policy allows IT admins to turn file synchronization via SOAP over HTTP on or off for Office. When is this change taking effect? This change is rolling out in MEC mid-October, and it will be in the Semi-Annual candidate in January 2023. How will this affect you? This policy was originally introduced when Office switched to using the SOAP protocol to connect and exchange information with newer versions of SharePoint. This policy was implemented to give admins better control of this transition, particularly for older versions of SharePoint 2013 on-premises deployments. As this transition completed, we’ve found that some users turn this policy off in an attempt to troubleshoot "Sorry we can't open https://" or "Upload failed." error messages when trying to open documents on a SharePoint website. Setting the policy to Disabled adds the FSSHTTPOff registry key and it prevents Office from using its preferred protocol to open documents on SharePoint. It also prevents features such as co-authoring, checking documents in and out, reverting to earlier versions of documents, filling out required file properties, and so on, to function properly. As a result, we are retiring this policy in favor of always using SOAP as the Office preferred protocol to open documents on SharePoint. What do you need to do to prepare for this change? If you or your organization is affected by this retirement, please let us know about your scenario by emailing: FileSyncViaSOAP@microsoft.com. MC444990 — Update to sharing e-mails Microsoft 365 Roadmap ID 98197 We are updating the e-mails that are sent when users that share SharePoint sites to match the behavior of our other sharing e-mails. When this will happen: This feature is now rolling out and will complete by late-October. How this will affect your organization: Going forward, if the user who is sharing a SharePoint site has an Exchange mailbox, the mail will come from their e-mail account instead of no-reply@sharepointonline.com. This change will make it easier for users to spot important sharing e-mails and improve delivery reliability. What you need to do to prepare: You may want to update your internal documentation. MC408994 — (Updated) Private drafts for SharePoint pages and news Microsoft 365 Roadmap ID 85629 Updated October 6, 2022: We have updated the rollout timeline below. Thank you for your patience. We’re adding the ability to create private drafts for pages and news posts. A private draft is visible only to the page author, the people the author chooses to share it with, and site admins. It's great for creating and editing content that’s not ready for others to see except the people you want to collaborate with. When this will happen: This update will roll out to Targeted Release customers starting early August and to all customers by mid-November (previously mid-September). How this will affect your organization: Authors of SharePoint pages and news will be able to create private drafts. When a private draft is created, only the creator and site admins can see the page (including from within the Pages library). The creator can then share the private draft with other people to allow them to access and edit the page. They will also have access to the assets associated with the page which are stored in the site’s assets library. Like all pages and news posts, only one person at a time can edit the draft. When the draft is published, its permissions are reset and everyone in your organization who has access to the site will be able to view it. What you need to do to prepare: You do not need to do anything to prepare for this update, but you may want to let your users know about these improvements. More information available here: Create a private SharePoint page or news post MC408694 — (Updated) New 'Activity' Column in OneDrive 'My Files' list view Microsoft 365 Roadmap ID 88913 Updated October 27, 2022: We have updated this message with a link to additional information. Thank you for your patience. We are introducing a new Activity column in OneDrive My Files list view. The goal of this feature is to help users stay up-to-date on the files that they are working on with others by surfacing relevant activity information. We will show file activity related to actions, such as, user comments, edits, share, and @mentions. When this will happen: We will begin rolling out this feature in mid-October (previously mid-September) and expect to complete rollout by late October (previously late October). How this will affect your organization: There is no impact to your organization. This feature will be delivered as a user interface update in the form of an additional column in My Files list view with activity information related to files (e.g., file shared, user comment, @mentions). What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC405984 — (Updated) Site Limits for SharePoint Lists, Libraries, and Subsites Updated October 11, 2022: We are providing updates to provide you with additional information. Thank you for your patience. We would like to provide clarification on the enforcement of maximum count of lists and libraries per site. As described in the SharePoint limits - Service Descriptions, the service limit is 2,000 lists and libraries combined per site collection (including the main site and any subsites). Beginning February 2023, we will enforce the limit of 2,000 lists and libraries independently at the main (root) site and the subsite level. For instance, a site collection can have 2,000 subsites (including the main site) and each subsite (including the main site) could have 2,000 lists and libraries (including the hidden and default out of the box libraries). These limits may get further re-aligned based on the service description in the future, but the timeline is TBD. In the meantime, we still recommend customers to follow the limits defined in the service description to achieve the best performance and service reliability. SharePoint recommends a maximum of 2,000 lists and libraries per site, and 2,000 subsites per site. These have been long standing limits for SharePoint but have not been formally enforced. There have been cases where some sites exceeded these limits, resulting in poor site performance and low-quality viewing experience. One of the most impacted areas is the API performance that degrades significantly when users access data on the sites that exceed their recommended limits. The API calls may time out or get throttled, blocking the users from opening the site or resulting in unexpected failures. In some extreme cases, the issue can impact functionalities beyond these sites. To ensure site performance and help customers have the best possible experience, Microsoft will implement a safeguard to prevent customers from exceeding these limits. When will this happen: The change will only impact the creation of new lists, libraries or subsites outside the approved limits starting in February 2023 (previously early November) and will be completely enforced by late April (previously late December). How this will affect your organization: Once these limits are enforced, sites that exceed the limit of 2,000 lists and libraries will no longer be able to have new libraries or lists added to the site. Similarly, any site that exceeds the limit of 2,000 subsites will no longer be able to have new subsites added to the site. When a site reaches these limits, users will see the following message on SharePoint web: On the API request to create a new list or document library, SharePoint will return the error code, ERROR_SHARING_BUFFER_EXCEEDED on the API request. Libraries, lists, and subsites that have been created before the enforcement rollout and exceed the corresponding limit, will continue to function and their access will not be blocked. The change will only impact the creation of new lists, libraries or subsites outside the approved limits starting in November. These new additions will get blocked at the time of creation once the site reaches the corresponding limit. What you need to do to prepare: Share these limits with people who manage SharePoint sites in your organization. If the sites in your tenant are below the limits, this change will not impact you. It is uncommon for the organic growth of site to reach these limits. However, there is a possibility that custom solutions can generate a high volume of lists and libraries. In that situation, our recommendation is to work with their solution providers to prepare an alternative solution in order to stay compliant with these limits. Additional Information: · SharePoint limits - Service Descriptions | Microsoft Docs MC394844 — (Updated) Stream on SharePoint: Inline playback of videos in Hero web part Microsoft 365 Roadmap ID 93351 Updated October 13, 2022: We have updated the rollout timeline below. Thank you for your patience. When users click to play a video in the Hero web part section of a SharePoint site, the video will play inline. This feature allows users to watch a video without being taken off the SharePoint page and allows users to browse or scroll through the other contents of the page while the video plays. When this will happen: We will begin rolling out by mid-July and expect to complete by early November 2022 (previously early October 2022). Note: Some users may see this feature before other users within your organization. How this affects your organization: Video consumers on Hero webpart will now be able to consume video on the same site page where they encountered the video. That allows them to browse through other site content while watching/listening to the video, thus saving their browsing time. What you can do to prepare: You may consider updating your training and documentation as appropriate. Microsoft Teams MC455193 — Delete or rename files in a channel and in your OneDrive folder in Teams Microsoft 365 Roadmap ID 98073, 98074 To rename or delete a file in a channel, go to the files tab and find the file you want. Then select More options (the three dots) on the file. To rename or delete a file from your OneDrive, select More at the bottom of the app, then select Files. Once you find the file you want, select the three dots and choose to rename or delete it. When this will happen: Standard Release: We will begin rolling out early November 2022 and expect to complete by late November 2022. How this will affect your organization: No impact to admins, no process required by admins. Users will be able to rename or delete their files from the Teams Mobile app now. What you need to do to prepare: You may consider updating training and documentation as appropriate. MC455187 — 2x2 Video in Gallery View for Web Meetings in Firefox Microsoft 365 Roadmap ID 100983 Gallery view now can show up to 4 participant videos during a meeting in Firefox browser. Users can also start streaming their own video for the rest of the meeting participants. When this will happen: We will begin rolling out early December and expect to complete by mid-December. How this will affect your organization: Users joining meetings from Firefox browsers have now a richer video experience. What you need to do to prepare: You may need to update the documentation for your Firefox users to mention existence of this feature. MC454501 — Introducing Call Quality Dashboard v3 for GCC-High and DoD Tenants Call Quality Dashboard v3 (CQD) will be available to GCC-High and DoD tenants using Microsoft Teams. When will this happen: GCC-High and DoD tenants will be onboarded to Microsoft Teams Call Quality Dashboard v3 in mid-November. A notice announcing this change was sent on May 5th, 2022 (MC376244). How this will affect your organization: Accessing CQD v3 is the same as you previously accessed CQD v2. · GCCH: https://cqd.gov.teams.microsoft.us · DoD: https://cqd.dod.teams.microsoft.us Any building data files, or custom reports previously uploaded to or created in CQD v2 are no longer available and must be uploaded into CQD v3 again. Microsoft support staff will not be able to assist in retrieving these files from the decommissioned CQD v2. What you need to do now that the change is complete: Now that the cutover to CQD v3 has completed, we recommend that administrators: · Upload your building data files to CQD v3 using an administrator account with the 'Upload building data' permission. Only one administrator needs to perform this step. Verify that the correct date ranges are applied to each data file to ensure your building mapping is accurate in your reports. · Import any custom reports back into CQD v3, if desired. This is a per-user step, so User A can upload their own custom reports, but User B cannot do this on behalf of User A. MC454491 — Customizable dashboard in Teams admin center We apologize for not communicating about this change prior to it rolling out. Teams admin center has added support for customization of the widgets in the dashboard. Administrators can now personalize the dashboard widgets as per their preference. They can reorder the widgets and pin them at a position they would like to see. For widgets that are not being used frequently, Teams admin center now gives the flexibility to hide them from the dashboard. The widgets are now optimized for smaller screens too. When this will happen: This feature is available now. How this will affect your organization: Administrators will now see ‘re-order icon’ and ‘more icon’ on every widget in the dashboard. By clicking and holding the re-order icon, the placement of the widget can be changed by dragging it to the position preferred by the administrator. Using the ‘Remove’ option under the dropdown menu of more icon, administrators can hide the widget from the dashboard. To add widgets to the dashboard, administrators can click on the ‘Edit’ icon on the top-right corner of the page and click on the thumbnails of the widget. What you need to do to prepare: You might want to notify your Teams administrators about this new capability and update your training and documentation as appropriate. MC450498 — Sign Language View Microsoft 365 Roadmap ID 99452 We are introducing a new Sign Language experience in Teams Meetings to help meeting participants who use sign language to prioritize interpreters and other sign language users so that they remain visible in in a static, central location on the meeting stage, with higher video quality. Specific sign language users inside the organization that you work with regularly – such as regular interpreters – can be prioritized across all meetings by adding them to a prioritized signer list under Settings > Accessibility in the Teams app. Sign language view is a personal, user-level setting, and is visible only for those who have turned it on. It will not be shown to the rest of the meeting participants. The feature is presently available only on Teams Desktop. Sign Language View addresses three key concerns raised by Deaf/hard of hearing users: · It keeps interpreters and other signers in a static location, unaffected by the dynamic placement of other videos as people enter and exit a meeting. · It simplifies the meeting join process by providing settings for sign language and captioning that persist across all meetings. · It keeps interpreters and other signers visible and prioritized even when content is shared. When this will happen: Preview: We will begin rolling out early November. Production, GCC: We will begin rolling out early December and expect to complete by mid-December. GCC-H, DoD: We will begin rolling out January. How this will affect your organization: Here are the changes your end users will see as Sign Language View rolls out: · They will see a new option, “Sign Language” in the More menu accessed under three dots in the top menu bar. · A new Accessibility pane will appear in the main Settings menu that will include toggles for turning on Sign Language View and setting captioning to appear across all meetings. · Within the Accessibility settings pane, users can also create a list of people internal to their organization to always prioritize for sign language – for example, the regular interpreters they work with in meetings. If more than two individuals are prioritized for sign language, the first two to join a meeting and turn on video will be prioritized. · Within a meeting, Sign Language View will show the participants you designate as signers (people who use sign language) at a larger size, in a static location, with a fit-to-frame aspect ratio and higher quality video with low bandwidth scenario support. · When no content is shared, prioritized signers appear on the lower part of center stage; when content is shared, prioritized signers shift location, still with prioritized, larger video for up to two signers. What you need to do to prepare: You may need to update documentation for your users interested in using this feature. You may provide documentation and support for the scenarios below. Enable User-level setting and add signers Go to Settings > Accessibility and turn on the Switch for Sign language. Add sign language users that you would like to prioritize videos of across your meetings. In a meeting, add and remove signers Via the context menu on another person, try adding them as signer. You should be seeing maximum two signers prioritized for sign language in the center of the meeting. The rest of the signers will overflow to the side or top gallery. Change views and come back to Sign language view Use the overflow menu with view options to change among views. Main Gallery, Large Gallery and Together Mode. Only Sign Language view supports prioritizing sign language users. In a meeting go to the “More” context menu on the toolbar and select Accessibility Manage the list here or make captions on by default. The Live Captions will be turned on for the next meeting you join. MC450203 — My Activity retirement in Teams desktop and web clients As announced in MC411679 (August '22) we are retiring "My Activity" feature within the Activity app from Microsoft Teams desktop and web clients. Activity will now support only activities directed to you (the option to view activities initiated by you will be retired), where we will continue to invest our development resources. When this will happen: We will begin rolling this out mid-November and expect to complete by early December. How this affects your organization: Once this change is implemented Teams desktop and web client users will no longer see the "My activity" dropdown. What you can do to prepare: You may consider updating your training and documentation accordingly. MC450186 — Support PSTN attendees in meetings to join Breakout Rooms Microsoft 365 Roadmap ID 100297 This Breakout Rooms feature enables PSTN participants to be assigned and join breakout rooms. PSTN participants includes dial-in users, dial-out users, and call-me users. Scenarios supported in this version: · PSTN participants can be assigned to breakout rooms (manually or automatically) · PSTN participants can join breakout rooms and hear an announcement. · PSTN participants can join back to the main room and hear an announcement after breakout rooms are closed. (manually closed or timer ends) When this will happen: Preview: We will begin rolling late October and expect to complete by early November. Standard Release: We will begin rolling out mid November and expect to complete by late November. How this will affect your organization: Enabling dial-in, dial-out and call-me PSTN participants to join breakout rooms and come back to the main room when breakout rooms end. What you need to do to prepare: No preparation is needed. You may want to update your training materials indicating that PSTN users are now supported. MC449930 — (Updated) Microsoft Teams: Additional Filters in Approvals Microsoft 365 Roadmap ID 92486 Updated October 26, 2022: We have updated the rollout timeline below. Thank you for your patience. Microsoft Teams approval list within the personal app will include additional filters to filter your approval list such as key word search and other options such as Approved. When this will happen: Preview: We will begin rolling out early October and expect to complete by mid-November 2022 (previously mid-October 2022). Standard Release: We will begin rolling out mid-November (previously mid-October) and expect to complete by late November 2022 (previously late October 2022). What you need to do to prepare: There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate MC448362 — Changes Coming to the Call Routing behavior for the On-Behalf-Of PSTN Delegate Calling Experience Based on customer feedback, we will be changing the call routing behavior for the on-behalf-of PSTN calling delegate experience. When this will happen: We are planning to start rolling out mid-December and complete rollout by late December. How this will affect your organization: If your organization is not using call delegation in Microsoft Teams, please disregard this message. Today, when a Microsoft Teams user (the delegate) makes an outbound PSTN call on behalf of a delegator, the check for appropriate licensing, call restrictions, and the call routing are based on settings on the delegate. For example, today if a delegate with a Microsoft Teams Calling Plan phone number makes an outbound PSTN call on behalf of a delegator with a Direct Routing phone number, we will check that the delegate has the appropriate license, check dial-out restrictions on the delegate, and route the call based on the delegates Teams Calling Plan and called number. We will be changing this, so that the check for appropriate licensing, any dial-out restrictions, and the call routing are based on settings on the delegator. After the change, if a delegate with a Teams Calling Plan phone number makes an outbound PSTN call on behalf of a delegator with a Direct Routing phone number, we will check that the delegator has the appropriate license, check dial-out restrictions on the delegator and route the call based on the delegators Online Voice Routing Policy. The change will cover all the different PSTN connectivity options in Microsoft Teams (Teams Calling Plan, Operator Connect and Direct Routing PSTN connectivity). There will be no change to the personal outbound PSTN call experience for Microsoft Teams users, i.e., when a user makes an outbound PSTN call without calling on behalf of someone else. There will be no change in behavior for Location-Based Routing enabled delegates, it will continue to be based on the settings of the delegate. There will be no user interface changes in Microsoft Teams related to this change. There will be no licensing changes for delegate/delegator scenarios. What you need to do to prepare: You should ensure that any delegator have the necessary PSTN calling license, dial-out restrictions and PSTN call routing settings to enable any delegate to make outbound PSTN calls on their behalf. The change will not be configurable by administrators. Please click Additional Information to learn more. Outbound calling restriction policies for Audio Conferencing and user PSTN calls Share a phone line with a delegate) Shared line appearance in Microsoft Teams MC448356 — New praise compose experience in Teams and praise trends in Viva Insights Microsoft 365 Roadmap ID 101161 Praise in Microsoft Teams is designed to appreciate the effort that goes into the wide-ranging, collaborative work that Teams users do. Users can send praise to their colleagues through the messaging extension pinned to the Teams messaging bar or through the Microsoft Viva Insights app in Teams. For both, admins can use the Microsoft Teams admin center to enable/disable Praise. The praise composer and praise card design will be updated for all Teams users. The praise composer - accessible through the messaging extension pinned to the Teams messaging bar or through the Viva Insights app in Teams - is being refreshed to replace praise badges with emojis, introduce the ability to select gradient backgrounds. Additionally, in the Viva Insights app in Teams, praise trends are being introduced, privately surfacing analytics such as counts of praise sent and received, your top fans and top praises received. When this will happen: Standard Release: We will begin rolling out in early November and expect to complete by early December. How this will affect your organization: The new composer which loads through messaging extension and the Viva Insights app creates a more delightful composing experience when sending praise. Praise badges will be replaced with emoji pairings and the user can select from multiple gradient backgrounds to customize the praise card for a more celebratory feel. The praise page in Viva Insights Teams App will also be updated. The praise feed will show the 6 most recent praises and users can use the dropdown to filter between recent sent and received praises. For more praises, users can still go to their praise history page to see up to 6 months of their complete history, ordered by the latest month. All EXO users will continue to see recommendations on the right panel. Users with Viva Insights subscriptions will have access to the Trends tab. Praise trends shares analytics only visible to them, including praise sent and received counts, their top fans and top praises received. What you need to do to prepare: Refer to Praise with Viva Insights | Microsoft Docs which will be updated in sync with this roll out. MC446130 — Transcription for Calls on Microsoft Teams for Android Microsoft 365 Roadmap ID 98510 Transcription for 1:1 calls and group calls will be available on the Microsoft Teams app for Android. When this will happen: Standard Release: We will begin rolling out in late-October and expect to complete rollout by early-November. How this will affect your organization: Users in your tenant can now start transcription for Teams calls and view transcripts after calls have ended, including both 1:1 calls and group calls. What you need to do to prepare: You can configure the availability of transcription for calls via Transcription Meeting Policy in admin center. MC445744 — Teams admin center: View users and groups assigned to a policy Microsoft 365 Roadmap ID 97253 The Microsoft Teams admin center provides an ability to admins to view the list of users and groups that are assigned to a policy. This capability will help admins to better manage policies and get an understanding of which policies are in use and are assigned to whom all. When this will happen: This feature shall be available in Oct 2022 for all Microsoft Teams licensees. Standard Release: We will begin rolling out mid-October 2022 and expect to complete by late October 2022. How this will affect your organization: Now admins can see two columns – 1) Assigned to users, 2) Assigned to groups on various policy pages such as Meeting policies, Messaging policies, etc. As the name suggests, “Assigned to users” is for the users that are assigned via direct assignment and “Assigned to groups” is for user groups that are assigned via group policy assignment, to a particular policy. Both columns will have a clickable link to view, which will take you to the Users > Manage users page to view directly assigned users, and corresponding Group policy assignment page to view groups that are assigned to a policy via group assignment. What you need to do to prepare: Review how the policy assignment for users and groups works. You can then go to any policy such as Meeting policies and review various custom policies that are applied to users via direct assignment and to groups via group policy assignment. After clicking on the view link, you can review the list of users and group and then verify the correctness if those are correctly assigned. If a policy has no assignments, then clicking on view link will fetch zero results. Such custom policies can be deleted as per the need of the organization. MC445406 — Announcing Microsoft Teams Premium Today, we are excited to announce Microsoft Teams Premium. Built on the familiar, all-in-one collaboration experience of Microsoft Teams, this new offering makes every meeting from 1:1s to large meetings, to virtual appointments to webinars more personalized, intelligent, and secure. Unlike the disconnected experience and costs of multiple point products or add-ons, with Teams Premium you get advanced meeting solutions you need for just one low price. As part of the Teams Premium announcement, these existing features will move to Teams Premium when it becomes available in February. · Live Translated captions · Custom Together mode scenes · Timeline markers in Teams meetings recordings (join/leave meetings) · Virtual Appointments: o SMS notifications o Organizational analytics in Admin Center o Scheduled queue view These features will continue to be usable in Teams until Teams Premium becomes generally available in February. We will share more details prior to Teams Premium public preview in December. Learn more about Teams Premium here: Introducing Microsoft Teams Premium, the better way to meet. MC443385 — Microsoft Teams: Music on Hold for Call Transfer for GCCH and DoD Microsoft 365 Roadmap ID 98431 Microsoft Teams users can now play music to callers on hold when a call transfer is initiated. This feature ensures that music can be played to caller on hold when call transfer is initiated, feature applies to 1-1 VoIP and PSTN calls. When this will happen: We will begin rolling out in mid-October and expect to complete rollout by late October. How this will affect your organization: There is no change for users as this feature will take place automatically. This feature will be applied to 1:1 VoIP and PSTN calls transferred. What you need to do to prepare: There is no action required to prepare for this change. You may want to notify your users and update training documentation as appropriate. MC437263 — (Updated) Unread Toggle in Activity Feed Microsoft 365 Roadmap ID 88389 Updated November 1, 2022: We have updated the content below to show as intended. Thank you for your feedback. Unread toggle will help users quickly view all the unread activities in their activity feed. When this will happen: Preview: We will begin rolling out late September and expect to complete by early October. Standard Release: We will begin rolling out early November and expect to complete by late November. How this will affect your organization: There are no tenant level settings. Defaults will not change. What you need to do to prepare: There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate. MC430094 — (Updated) Microsoft Teams: Build and Deploy Connectors Microsoft 365 Roadmap ID 96290 Updated October 28, 2022: We have updated the content below for clarity. Thank you for your patience. GCC customers are able to build and deploy Connectors in their Microsoft Teams environment. Previously, Connectors were disabled by default with this change we will be enabling Connectors by default. When this will happen: We will begin rolling out in early October and expect rollout to be completed by end of October (previously mid-October). How this will affect your organization: GCC customers will now have access to Connectors. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC423128 — (Updated) Dynamic caller ID in Voice-enabled channels for government clouds: GCCH, DOD Updated October 6, 2022: We have updated the rollout timeline below. Thank you for your patience. Last year we enabled the capability where agents can use Dynamic Caller ID to call on behalf of a Call Queue or Auto Attendant from within Voice Enabled Channels. We are now bringing this capability to government clouds including GCCH and DOD. We apologize for not meeting our commitment of providing notification prior to implementation and for any inconvenience. When this will happen: This has begun rolling out and will be complete by end of November (previously end of September). How this affects your organization: You can assign outbound caller ID numbers for the agents by specifying one or more resource accounts with a phone number. Agents can select which outbound caller ID number to use with each outbound call they make. What you can do to prepare: Review the Additional Information and consider updating your training and documentation as appropriate. MC420060 — (Updated) Microsoft Teams: Leave a Meeting From All of Your Devices Microsoft 365 Roadmap ID 97397 Updated October 31, 2022: We have updated the rollout timeline below. Thank you for your patience. We will be rolling out a new feature in Microsoft Teams that will allow multi-device users to leave all of their devices at once when leaving a meeting. When this will happen: Rollout began out in early August and is expected to be completed by late November (previously early October). How this will affect your organization: When a Teams user attempts to leave a meeting or call from multiple personal devices, there have been challenges to fully disconnect from the meeting or call on all devices. With this new feature, there will now be an option displayed to multi-device users in a call that will prompt the user to leave the meeting or call from all devices when selected. This feature will be enabled for desktop, iOS, and Android clients. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC400206 — (Updated) Microsoft Teams: Usability Improvements to In-Meeting Notifications Microsoft 365 Roadmap ID 96283 Updated October 31, 2022: We have updated the rollout timeline below. Thank you for your patience. Microsoft Teams is updating the user experience for how in-meeting notifications are displayed. With this update, there will be less distractions during meetings and it will be easier to understand important information (e.g. a meeting being recorded). When this will happen: We will begin rolling out in mid-September (previously early August) and expect rollout to be completed by early November (previously mid-October). How this will affect your organization: Notifications will now be consistent in design and in a consistent position when displayed (top center of the meeting stage) as bubbles stacked on top of each other. This will avoid overlaps and give the user a cleaner visual experience. In addition, users can also snooze repeat notifications, such as chat bubbles. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC392295 — (Updated) Disable chat write access for anonymous or unauthenticated users Microsoft 365 Roadmap ID 91142 Updated October 12, 2022: We have updated the rollout timeline below. Thank you for your patience. Financial institutions consider chat messages as a form of data exfiltration, so it's imperative for IT admins to gain flexibility and control over chat access for anonymous or unauthenticated users. The latter may be expected to join Teams meetings, but they should be restricted from seeing and accessing any type of electronic communication on chat. This feature provides additional security by only disabling chat write access for non-federated users and unauthenticated users who join Teams meetings through a link, so it must be used in conjunction with disabled meeting chat policy applied to financial advisors to remain compliant. When this will happen: · Standard: early June through mid-July · GCC: late July through mid-August · GCC High: late August through late November (previously early September) · DoD: mid-September through early December (previously late September) How this affects your organization: With this change IT admins can now disable chat write access at the policy level for non-federated users and unauthenticated users who join Teams meetings through a link. What you can do to prepare: There are two ways IT admins can disable chat write access for non-federated users and unauthenticated users who join Teams meetings through a link: · PowerShell: Admins can run the syntax [-MeetingChatEnabledType ] with current supported values Enabled, Disabled, or EnabledExceptAnonymous. · Teams Admin Portal: Admins can select the option, "Turn it on for everyone but anonymous users" in the "Chat in meetings" dropdown and apply this meeting policy to a subset or all tenant users. Note: the scope of EnabledExceptAnonymous or "Turn it on for everyone but anonymous users" is limited to disabled write access. Once this meeting chat policy is applied to user/s, an organizer cannot override this policy through meeting options. MC391950 — (Updated) Viva Topics in Teams Microsoft 365 Roadmap ID 72189 Updated November 2, 2022: We have updated the rollout timeline below. Thank you for your patience. Viva Topics in Teams allows users to mention topics in their chat conversations so that others in the conversation can easily learn more about a topic by hovering over the topic name and viewing the topic card. This feature requires users to have a Viva Topics license. When this will happen: · Public Preview: We began rolling out in April and will continue rolling out through June and expect complete rollout by late June. · General Availability: We will continue rolling out through late June and expect complete rollout by early November (previously mid-October). · GCC: We will continue rolling out in early July and expect complete rollout by mid-November (previously late October). How this will affect your organization: If your organization has users with Viva Topics licenses, those users will be able to mention topics by typing the # character and choosing a topic from the topic picker. The topic picker will narrow selections based on what the user types. Once a topic is selected, users can post the message. Recipients with Viva Topics licenses will see the selected topic's name as highlighted text and will be able to hover over the highlight and see details of the topic in the topic card such as the alternate names for the topic, descriptions, associated people and resources. What you need to do to prepare: There is nothing you need to do to prepare for this change. The topics being displayed will be the same topics that are shown in Outlook Web and SharePoint. MC383876 — (Updated) Collaborative Annotations on Presenter Shared Screen Microsoft 365 Roadmap ID 86732 Updated October 11, 2022: We have updated the content below for clarity. Thank you for your patience. Collaborative Annotation helps you collaborate with others while screen sharing in Teams meetings. For example, if you want to ask for feedback on a design or if you’re working with a group on a project, Collaborative Annotation helps you get work done faster and with more voices included. When this will happen: · Standard: begin rollout in mid-June and expect to complete rollout by late June. - Complete · GCC: begin rollout in early August (previously late July) and expect to complete rollout in late August (previously early August). · GCC-High: begin rollout in late September (previously late August) and expect to complete rollout by late October (previously early October). · DoD: begin rollout in late January (previously late October) and expect to complete rollout in late February (previously early November). How this will affect your organization: During screenshare, meeting attendees with Presenter roles will see the Annotation button in meeting controls at the top-center of their screen. To turn on Collaborative Annotation while you're sharing your screen in a meeting, select the pen icon to Start annotation in meeting controls at the top-center of your screen, as shown below: Note: You must be a Presenter role in a meeting to turn on Collaborative Annotation. The red outline around the screenshare will turn blue, indicating Collaborative Annotation mode is on. All participants will see the Microsoft Whiteboard toolset at the top of the shared screen, as shown below. Everyone in the meeting can begin annotating right away in real-time. Collaborative Cursors show the name of every attendee as they annotate and are turned on by default. Collaborative Cursors can be turned off by anyone attending the meeting from the Settings menu in the Collaborative Annotation toolbar. To control who can annotate, the main Presenter can select Only I can annotate and unselect Everyone can annotate from the Settings menu in the Collaborative Annotation toolbar, as shown below: To begin annotating, select one of the tools in the Whiteboard toolset, such as text, Sticky notes, Reaction tags, or digital ink, and begin typing or drawing on the screen. To end the annotation session for everyone, select Stop annotation in meeting controls at the top-center area of your screen. Collaborative Annotation is only available for full-screen sharing, not individual window sharing at this time. Note: Mobile users cannot start Collaborative Annotation while sharing content. However, if a desktop user shares the screen and starts Collaborative Annotation mode, mobile users are able to participate in annotating as well. Annotations for Teams web users is not supported at this time. Exporting annotations is not supported at this time, but you can take screenshots during the meeting to save annotated content for later if necessary. Meeting rooms using Android-based devices are not supported. What you need to do to prepare: This feature is enabled by default so there is no action needed. Note: Annotation is powered by Microsoft Whiteboard. If Microsoft Whiteboard is disabled, it will also disable Annotations. Learn More: · Enable Microsoft Whiteboard for your Organization MC333941 — (Updated) New Fluent Emoji style coming to Teams emojis and reactions Microsoft 365 Roadmap ID 88277 Updated October 17, 2022: We have updated the rollout timeline below. Thank you for your patience. This update will have Teams joining Microsoft 365 and Windows in updating all emojis and reactions to the new Microsoft Fluent emoji style, bringing users a more vibrant and expressive emoji experience. When this will happen: We will begin rolling this out in late February and expect to complete rollout by mid-November (previously late September). How this will affect your organization: This update will only change the styling of the emojis and reactions in Teams. There is no functional change to the features. What you need to do to prepare: You might want to notify your users about this change and update your training and documentation as appropriate. Learn More: · An Emoji For Your Thoughts Microsoft Viva MC448361 — Microsoft Viva: MyAnalytics dashboard redirects to Viva Insights web app MyAnalytics dashboard users will be automatically redirected to the Viva Insights web app as a central place to explore work-pattern insights alongside actionable experiences to improve productivity and wellbeing. Select MyAnalytics functionality (focus time booking and insights, quiet time settings and insights, meeting habits, and settings) will continue to be available as a part of the Viva Insights apps in Teams and web. Additional functionality from MyAnalytics (including some personal network and collaboration insights) will be included in the Viva Insights web app with future updates. When this will happen: We'll begin redirecting users from the digest email in mid-November, and from the MyAnalytics dashboard by mid-December. How this will affect your organization: MyAnalytics dashboard, in its current form, will no longer be accessible after mid-December 2022, and users will be redirected to the Viva Insights web app to discover key work-pattern insights. Since Viva Insights Teams and web apps are becoming the central place for personal insights, we are streamlining the user experience. · Currently, users access the MyAnalytics web dashboard via https://myanalytics.microsoft.com/ or https://myanalytics-gcc.microsoft.com/ or via links in the Viva digest email and Outlook add-in. · After this change, users will be automatically redirected to Viva Insights or Viva Insights. Users will also be able to find the Viva Insights web app in the Microsoft 365 app launcher on office.com Select MyAnalytics functionality (focus time booking and insights, quiet time settings and insights, meeting habits) will continue to be available as a part of the Viva Insights apps in Teams and web. In the future, additional work pattern insights from MyAnalytics will be highlighted alongside productivity and wellbeing experiences in the Viva Insights apps in Teams and web to support building better work habits. A unified settings experience for users will be available in the Viva Insights Teams and web apps moving forward. These unified settings will let users modify: Digest email settings, Briefing email settings, some MyAnalytics settings and Viva Insights Outlook add-in settings. · Users of the semi-monthly Digest and daily Briefing emails will now get redirected to the relevant email setting on Viva Insights web app if they click the settings modification link within one of the emails. Currently, users are directed to the email settings on the MyAnalytics web dashboard. · Users will also be able to use a new Briefing email setting on Microsoft Viva Insights dashboard (previously known as MyAnalytics dashboard), and Viva Insights app in Teams and web to personalize their favorite and snooze preferences. · Viva Insights Outlook add-in settings that currently only exist in the add-in experience (Productivity inline suggestions, Set Lunch hours and Schedule send suggestions) will now also be available on the settings page on Viva Insights Teams app and web app. · Currently, the ability to opt out of Digest email and Outlook add-in exists in MyAnalytics web dashboard. After this change, these two settings will be available on Viva Insights app in Teams and web Please click Additional Information to learn more. MC448014 — Viva Connections is available for GCC Microsoft 365 Roadmap ID 101152 Microsoft Viva Connections is your gateway to a modern employee experience designed to keep everyone engaged and informed. Viva Connections is a customizable app in Microsoft Teams that gives everyone a personalized destination to discover relevant news, conversations, and the tools they need to succeed. Some experiences in Viva Connections that are powered by other services and/or other Viva apps are not ready for GCC. When this will happen: Viva Connections 1st party app experiences for desktop and mobile will be available for GCC starting November 2022. How this will affect your organization: This update allows organizations using GCC to deploy and use Viva Connections 1st party app experiences. What you need to do to prepare: Admins wanting this update will need to enable Viva Connections in the Teams Admin Center. GCC is a government cloud that ensures certain security, compliance, and administrative capabilities tailored for government entities. Learn more here: Office 365 Government MC445412 — Microsoft Viva: Viva Insights web app in Government Community Cloud (GCC) Microsoft 365 Roadmap ID 100496 Updated October 19, 2022 to show the rollout dates correctly. A new web interface for the Microsoft Viva Insights app is being released in GCC, providing GCC users an additional way to access the Viva Insights app in Microsoft Teams. The new web app will be discoverable via Viva Insights and the Microsoft 365 app launcher on Office.com. Like the Viva Insights app in Teams, the Viva Insights web app will provide personal insights to improve productivity and wellbeing and data-driven recommendations to help users build better work habits. · The Home page provides timely suggestions and access to personal wellbeing experiences, such as o A curated set of guided meditations and focus music from Headspace accessible to help users start the day grounded, relax their mind before a big meeting, or find focus before starting an important project o Praise: users can schedule reminders to send praise to their top collaborators and build a habit of sharing gratitude o Reflect: users can schedule reminders to check in on how they are feeling and privately reference their personal reflection history o Virtual commute: users can schedule a virtual commute to help them wrap up their tasks from today, prepare for tomorrow’s activities, and mindfully disconnect from work · The Stay connected tab makes it seamless to pin an important collaborator to see communications from emails, chats and shared documents that might require follow up in one place, and schedule regular 1:1s to maintain strong relationships. · The Protect time tab makes it seamless to schedule time in the week before it fills up with meetings for focused, uninterrupted work. Notifications from Teams chats and calls are silenced while focusing. The tab also offers quiet time settings to silence after-hours mobile notifications from Teams and Outlook. · Inspiration Library: Users can use the Inspiration library in Viva Insights to learn more about the things that matter most to them. This library brings together thought leadership from industry experts that’s designed to inspire users in life and at work to get the most out of both. The inspiration library article sources include Microsoft, Harvard Business Review, and Thrive. Updated documentation will continue to be available here. The opt in opt out privacy setting already available in Viva Insights Teams app will also be available on the Viva Insights web application to allow end users to opt out of receiving personal insights on both web & Teams app with a single click. Users can also opt out using the existing Viva Insights toggle on Viva Insights dashboard. The insights in the Viva Insights web and Teams apps will remain completely personal and private; no administrator or manager can see another individual’s insights. All data is stored inside the user’s mailbox. The Viva Insights app complies with GDPR requirements. Learn more about how Microsoft protects your privacy. When this will happen: In GCC, the new Microsoft Viva Insights web app will be rolled out to users between late November and mid-January 2023. How this will affect your organization: Users with provisioned Exchange Online mailboxes and access to Microsoft Teams can access features within the Viva Insights app in Teams and on the web. There are no installation requirements to access Viva Insights web app. The Viva Insights web app will be discoverable via Viva Insights and the Microsoft 365 app launcher on Office.com. Microsoft Purview MC447330 — Microsoft Purview | eDiscovery (Premium): New role for review set tag management Microsoft 365 Roadmap ID 100498 We are introducing a new role in Microsoft Purview eDiscovery (Premium) for review set tag management. When this will happen: Rollout will begin in mid-October and is expected to be complete by late November. How this will affect your organization: In eDiscovery (Premium), reviewers can apply tags to items in a review set to better organize and refine content included within a case. This update introduces a new role called "manage review set tags" which will enable granular permissions for creating, editing, and deleting review set tags in eDiscovery (Premium) cases. What you need to do to prepare: No action is needed to enable this update. You can assign users to the new role via the Permissions page in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for WW and GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn More: · Tag documents in a review set · Set up eDiscovery (Premium) in Microsoft Purview MC447310 — Important Azure Information Protection (AIP) Portal updates Microsoft 365 Roadmap ID 100505 We are moving the admin configuration of the Azure Information Protection (AIP) Scanner from the Azure portal to the Microsoft Purview compliance portal, and with the migration will be deprecating the Azure Information Protection (AIP) portal on 1/15/2023. When this will happen: The migration of the AIP Scanner admin configuration is currently rolling out to public preview (as of 10/15/2022) and will be available within your environment shortly. The new admin experience will be generally available by mid-November. On 1/15/2023, the AIP portal will be deprecated, and all subsequent admin actions will need to be completed through the Microsoft Purview compliance portal. How this will affect your organization: Within the Microsoft Purview compliance portal, the admin configuration will be available under Settings as "Information protection scanner". The pages that will be moved are clusters, nodes, and content scan jobs. As previously communicated, the network scan jobs functionality has been removed. The AIP PowerShell cmdlets used to configure the AIP Scanner on-premises will remain unchanged. AIP Scanner configurations on existing content scan jobs will remain unchanged, and this portal change will not affect any scanners already deployed. Please ensure that your organization transitions to using the functionality within the Microsoft Purview compliance portal before 1/15/2023 to not be impacted by the AIP portal deprecation. What you need to do to prepare: We encourage you to begin using the admin experiences for the Information Protection scanner within the Microsoft Purview compliance portal as soon as the public preview begins in mid-October. Until the end of the year, you can use either admin portal for your scanner configuration and relevant changes will appear in both portals. Starting 1/15/2023, the admin configuration will only be available from the Microsoft Purview compliance portal. The AIP portal will be deprecated on that date as all functionality will have either been deprecated or moved to the Microsoft Purview compliance portal. Configure the Information Protection scanner in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for WW and GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Refer to documentation for guidance on how to perform admin actions for the Information Protection scanner in Microsoft Purview compliance portal: · Configuring and installing the Azure Information Protection (AIP) unified labeling scanner · Running the Azure Information Protection scanner MC443391 — Microsoft Purview | eDiscovery API for Microsoft Graph now generally available for U.S. Government clouds Microsoft 365 Roadmap ID 93348 We are excited to announce the general availability of the Microsoft Graph API for Microsoft Purview eDiscovery (Premium) to help you automate common eDiscovery workflows and integrate 3rd party applications into eDiscovery (Premium). When this will happen: Rollout will begin in early October and is expected to be complete by early November. How this will affect your organization: In many organizations, eDiscovery workflows are frequent, critical, and high volume. In the cases where there are common repeated tasks or a high volume of activities, the API will help provide a scalable way to repeat processes consistently and effectively. Tenants can use the Graph API to integrate with 3rd party or in-house legal systems, holds databases, or review tools to automate workflows. Partners can use the Graph API to build applications that enhance the Microsoft Purview eDiscovery (Premium) capabilities. For more details, refer to the Graph API reference documentation: Use the Microsoft Graph eDiscovery API Note: The following eDiscovery endpoints (preview) are currently only available in beta. · Search > Purge data (preview) · Hold policy (preview) · eDiscovery export operation (preview) · eDiscovery export operation > Get download URL (preview) · Review set > Export (preview) · Review set > Query > Export (preview) · Review set > Query > Run (preview) · eDiscoveryFile (preview) What you need to do to prepare: The following licenses provide the rights to the APIs for eDiscovery (Premium) capabilities: · Microsoft 365 G5 · Microsoft 365 G5/F5 Compliance and F5 Security & Compliance · Microsoft 365 G5 eDiscovery and Audit · Office 365 E5/G5/Advanced Compliance Note: The use of the ‘addToReviewSet’ API requires a premium license (listed above) which provides a seeded capacity without consumption cost until the seeded capacity is reached. Seeded capacity is how much volume an app can consume before having to pay usage fees. Capacity is pooled at the tenant level—the seeded capacity for all users in the tenant is added up and compared against the app's usage in the tenant. Once seeded capacity is exceeded, consumption meters will kick in. Consumption meter charges for the ‘addToReviewSet’ API usage beyond available seeded capacity is planned to commence in CY2023. A 90-day notice will be provided before these charges go into effect. Get started with eDiscovery (Premium) in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn More: · Manage your eDiscovery workflows · Use the Microsoft Graph eDiscovery API MC442111 — (updated) Microsoft Purview Information Protection: User-defined permissions support domain name restrictions Microsoft 365 Roadmap ID 98131 Updated October 21, 2022: We have updated the rollout timeline below. Thank you for your patience. Coming soon to public preview and general availability, we're updating the options for custom permissions, also referred to as user-defined permissions, to support domain name restrictions. When this will happen: Rollout to public preview will begin in mid-November (previously mid-October) and is expected to be complete by late November (previously late October). Rollout to general availability will begin in early December (previously early November) and is expected to be complete by end of December (previously end of November). How this will affect your organization: Within Microsoft Office files (Word, Excel, PowerPoint), when you choose a sensitivity label configured for user-defined permissions, you can now use domain names to restrict file access to specific individuals, or to all individuals from that domain. For example, you can specify "someone@example.com" or "@example.com" and permissions will be restricted based on those parameters. What you need to do to prepare: If you have previously configured user-defined permissions for your organization, no further action is needed to enable this feature. Configure and manage sensitivity labels in the Microsoft Purview compliance portal. Learn More: · Let users assign permissions · Support for organization-wide custom permissions MC301684 — (Updated) General availability of AIP client and scanner audit logs in Microsoft 365 Audit and Activity explorer Microsoft 365 Roadmap ID 89777 Updated October 19, 2022: We have updated the rollout timeline below. Thank you for your patience. Azure Information Protection (AIP) administrators will soon be able to access data in Microsoft 365 compliance center Audit logs and Activity explorer, in addition to the AIP Analytics (Preview) portal. When this will happen: Rollout will begin in early December 2021 and is expected to be complete by mid-November 2022 (previously late September 2022). How this will affect your organization: As part of our unified labeling and analytics experience across the Microsoft Information Protection (MIP) solution, we are expanding your ability to access and review data logged by AIP client, scanner, and MIP SDK beyond the existing AIP Analytics (Preview) portal. · With this update, audit logs reported by the AIP client, the AIP scanner, and MIP SDK flowing today into the Log Analytics workspace will also be available in Microsoft 365 Audit logs. · Additionally, you can use the Activity explorer screen for additional insights into labeling activity and history. What you need to do to prepare: Your data will be available in Activity Explorer, and you will be able to explore your AIP audit logs in Microsoft 365 portal. No action is needed as audit log data will flow into Activity Explorer by default. If you wish to opt-out, please follow the procedure explained here. Administrators will be able to continue exploring AIP Audit logs in the Log analytics workspace in the AIP Analytics (Preview) portal. This is a supplemental access point. You might want to notify your administrators about this new capability and update your training and documentation as appropriate. Get started with Activity explorer in the Microsoft 365 compliance center: · Microsoft 365 compliance center for GCC · Microsoft 365 compliance center for GCC-H · Microsoft 365 compliance center for DoD Learn More: · Azure Information Protection unified labeling client - Version release history and support policy · Get started with Activity explorer · Search the Audit log in the Microsoft 365 compliance center Microsoft Defender MC447340 — Microsoft Defender for Endpoint on Mac is Retiring Support of MacOS Catalina A newer version of macOS will be released later this year. With Apple’s release of macOS Ventura (13), macOS Catalina (10.15) will become the third oldest version and will cease to be supported at that time, As a result, Microsoft Defender for Endpoint will no longer support macOS version Catalina (10.15). Note: this message applies only to organizations with macOS devices in their environments. When this will happen: Microsoft Defender for Endpoint will no longer support macOS version Catalina (10.15) after mid-December. How this will affect your organization: After mid-December, if your environment still has macOS devices running macOS version Catalina (10.15), after the change any macOS Catalina machine running Microsoft Defender for Endpoint (Mac) will remain protected until the agent expiration, however it will fail to update (error will be logged in /Library/Logs/Microsoft/autoupdate.log ). What you need to do to prepare: To eliminate risk of losing protection, review the version of macOS devices in your environment and ensure macOS devices that are still running macOS version Catalina (10.15) are updated to a more recent macOS version. We will send another announcement soon as a reminder. Microsoft Defender for Endpoint (MDE) on Mac currently supports macOS versions Ventura (13), Monterey (12) and Big Sur (11). · Refer to MDE (Mac) public documentation for list of system requirements: Microsoft Defender for Endpoint on Mac · Monitor “what’s new on Mac” page for incremental changes across versions of MDE (Mac): What's new in Microsoft Defender for Endpoint on Mac MC447684 — Retirement of Legacy Microsoft Defender Online Alerts Based on customer feedback and tendency to surface false positives in investigations, Microsoft 365 Defender is retiring a number of default alert policies. These legacy alerts are past their intended usage. When this will happen: We plan to retire these alert policies by mid-November. How this affects your organization: The following default alert policies will be retired: 1. Malware campaign detected after delivery 2. Malware campaign detected in SharePoint and OneDrive 3. Unusual increase in email reported as phish 4. Malware Campaign detected and blocked 5. Users targeted by malware campaigns 6. Users targeted by phish campaigns 7. Unusual volume of file deletion 8. Unusual External User File Activity 9. Unusual volume of external file sharing As part of the retirement, the following changes will happen: These policies will no longer be available in 'Default Alert policies' in the Microsoft 365 Defender portal or the Microsoft 365 Purview compliance portal. Existing alerts that have already been generated from these alert policies will be in the system (as part of Alerts) until data retention policies (Refer : Data retention information for Microsoft Defender for Office 365) are applied and the alerts expire. What you should do to prepare: Review your existing policies to see if you are utilizing any of the default policies outlined above. As a work around, customers can recreate these retired alert policies as custom alert policies to continue generating these alerts. Note that there are a couple of ways that you can replace these alerts: 1. If you want a literal replacement of what is being retired, use Anomaly or Threshold to build the custom alert. 2. If you want specific users, groups, activities to fire with entity information, we suggest creating scoped single event alerts. MC362283 — (Updated) Updates to the Zero-hour auto purge (ZAP) alerts Microsoft 365 Roadmap ID 93206 Updated October 31, 2022: We have updated the rollout timeline below. Thank you for your patience. We will be updating the current zero-hour auto purge (ZAP) alerts and introduce a new ZAP alert that will notify you if a message has not been removed by ZAP. Updates to the ZAP alerts will include: · Scoping the success ZAP alerts for only ZAP related scenarios. You will no longer be alerted as part of the ZAP alert for Dynamic Delivery scenarios. · A new failure ZAP alert is being introduced. You will receive an alert when a message was not successfully removed from the mailbox. Manual action will be required to remediate the message. The alert will be correlated and linked to both Automated Investigation and Response (AIR) and Incidents. The alert will be on by default and can be configured in alert policies. When this will happen: We expect these updates to roll out in early November (previously mid-October) and expect to be complete by early December (previously mid-November). How this will affect your organization: Due to these new changes, you can expect a change in the volume of the successful ZAP alerts. The new ZAP failure alert will be on by default and can be configured in the alert policy settings. You can review both default alerts in the portal. However, if you’re exporting these alerts into external systems, you will need to include the new alert generated by the new policy. What can you do to prepare: Review the following resources below to Learn More: · Microsoft 365 alert policies · Zero-hour auto purge in Microsoft Defender for Office 365 Exchange Online MC454500 — Office for the web: Suggested Replies Expansion to GCC High Microsoft 365 Roadmap ID 101160 GCC High users will now receive suggestions for short replies on received messages in Office for the web. When this will happen: Rollout for this feature will begin in late November and should be fully completed by early December. How this will affect your organization: A user may choose to click on this suggestion, which will generate a draft reply with the suggested response pasted into the draft. If a user does not wish to take this suggestion, they may simply ignore it. What you need to do to prepare: This feature will be enabled automatically and there is no action required from you at this time. To turn off this setting, select Settings > Mail > Suggested Replies. Swipe the toggle for Show suggested replies to turn this feature off. For more information, please visit this page. MC454497 — Announcing Retirement of Legacy Exchange Data Loss Prevention As communicated previously, we will be retiring the Data Loss Prevention experience from the classic Exchange Admin Center. Instead, we recommend the utilization of Data Loss Prevention (DLP) in the Microsoft 365 compliance center which enables you to extend your protection to locations such SharePoint online, OneDrive for Business, Teams chats, Devices, and more. Microsoft 365 compliance center provides access to advanced classification capabilities like EDM, ML etc. along with rich alerts, incident management features, and more. When this will happen: Starting December 1, 2022, policy management experience in Exchange Admin Center will be retired. Administrators will still be able to view rules that are associated with a policy using the mail flow rules experience. How this will affect your organization: To use the Migration Wizard for moving DLP policies, please follow the below steps: 1. Launch the Microsoft 365 Compliance Center DLP console. 2. A banner will appear if there are Exchange DLP policies that can be migrated. 3. Click on the Migrate policies button in the banner to open the migration wizard. 4. Select the Exchange DLP policies to be migrated individually or in groups and click on Next. 5. Resolve any issues with regard to warnings or messages that may appear on the flyout pane. 6. Select between Active, Test, or Disabled modes for migrating the policies to the Microsoft 365 compliance center. 7. Click on Complete import after reviewing the migration wizard session settings and the migration report for warnings and errors. 8. The selected Exchange DLP policies will appear in the compliance center DLP console. What you need to do to prepare: If you currently have DLP policies being maintained in the classic Exchange admin center, you can use the migration wizard which will help you migrate policies to the Microsoft 365 compliance center in just a few clicks, and then you can disable/delete policies from the classic Exchange Admin center. Please click Additional Information to learn more. MC450188 — Changes to navigation in Outlook for Android Microsoft 365 Roadmap ID 100570 Outlook for Android is making it easier to find all your contacts, files, and more. See our blog post at Navigating Outlook for Android and iOS - Microsoft Community Hub Users will see changes to the tab bar at the bottom of Outlook for Android, a new Floating Action button, search will be renamed Feed with a new Icon, and Contacts and Files will be found under the “More” button. When this will happen: These changes are available now in Android Beta. We will begin rolling out to production late October and plan to complete rollout by mid-November. How this will affect your organization: There is no admin-level control of this change. Admins can learn more about these changes and why they are happening in our blog post at Navigating Outlook for Android and iOS - Microsoft Community Hub MC447339 — Quarantine Admin Role Required for Exchange Admins for Quarantine Operations Tenant Exchange Administrators who visit the Quarantine Security Portal (Sign in to your account) need to be a Quarantine Administrator to perform Quarantine operations in the portal. When this will happen: Starting early February 2023, we will stop honoring the execution of Quarantine operations by Exchange Administrators who are not Quarantine Administrators, Security Administrators or Global Administrators in the security portal We will first provision a Quarantine Admin role for all Exchange Administrators who have performed Quarantine operations in the past on the security portal. This will allow those Exchange Admins to continue executing Quarantine operations successfully in the security portal in early to late January 2023. How this will affect your organization: Exchange Admins were able to perform Quarantine operations (such as release, delete, download, preview of quarantined messages) in the security portal on behalf of users in their organization without being in the Quarantine Administrator role. With this change, Exchange Administrators will also need to be assigned a Quarantine Administrators to perform these Quarantine operations. What you need to do to prepare: Admins should update their organization roles as they see fit and update and relevant training documentation. Learn More: · Manage Quarantined Messages and Files as an Admin in EOP · Permissions in the Microsoft 365 Defender Portal MC445411 — (Updated) Exchange: Message Recall Option to Disable the Recalling of Read Messages Microsoft 365 Roadmap ID 59438 Updated October 14, 2022: We have updated the content below to show as intended. Thank you for your patience. We are releasing a new Message Recall for Exchange Online feature that will recall messages that are flagged as "read” – the classic Message Recall in Outlook doesn’t recall read messages. Before we release the new feature, we want to let you know that tenant admins now have the option to disable the recalling of read messages for your organization. When this will happen: The new Message Recall feature will begin rolling out in mid-November. The ability to disable the recalling of read messages for your organization is available now. How this will affect your organization: Once the new Message Recall is rolled out, by default the feature will recall read messages, which is different from how the classic Message Recall feature in Outlook behaves. This change in behavior will be welcomed by many, but it could be confusing for recipients who read a message only to have it disappear from their mailbox shortly thereafter. While recalling read messages can significantly increase the success rate of recalls, tenant admins concerned about potential user confusion or frustration can disable the ability to recall read messages for their entire organization. What you need to do to prepare: If you want to accept the default behavior for the new Message Recall to recall read messages, there’s nothing you need to do to prepare. If you want to disable the recalling of read messages for your organization, you can do it either via the EAC or via Remote PowerShell: 1) Via the EAC uncheck the following setting: EAC > Settings > Mail Flow > Message Recall > Allow users to recall messages read by the recipient 2) Via Remote PowerShell: Set-OrganizationConfig -RecallReadMessagesEnabled $false MC406647 — (Updated) General availability of Advanced Message Encryption - Office 365 Message Encryption portal access logs Microsoft 365 Roadmap ID 93372 Updated October 28, 2022: We have made the decision to make additional changes prior to proceeding with this feature rollout. We will communicate via Message center when we are ready to proceed. Thank you for your patience. With this update, admins will be able to enable logging of external user activities accessing the Office 365 Message Encryption Portal to retrieve encrypted mail. When this will happen: We will communicate via Message center when we are ready to proceed. How this will affect your organization: This feature will enable logging of external user activities accessing the Office 365 Message Encryption Portal to retrieve encrypted mail. These logs can be retrieved using the Audit Logs functionality in the Microsoft Purview compliance portal. You can also access these audit logs through the management API. What you need to do to prepare: This feature is not available by default unless you have enabled auditing. To enable the feature, go to Microsoft Purview compliance portal > Audit log search page and select Turn on auditing. · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments You can enable the portal logs using Exchange PowerShell: · Set-IrmConfiguration -EnablePortalTrackingLogs $true Learn More: · Search the audit log in the Microsoft Purview compliance portal · Advanced Message Encryption MC383901 — (Updated) Microsoft Defender for Office 365: Hourly option for notifications Microsoft 365 Roadmap ID 93304 Updated November 1, 2022: We have updated the rollout timeline below. Thank you for your patience. We are adding a new hourly option to end user quarantine notifications, which will allow users to rely on receiving prompt notifications about quarantined items when appropriate. With this feature, users will be updated frequently once new items land in their quarantine folder. When this will happen: Standard: will begin rolling out in late November (previously early October) and be completed by late February 2023 (previously early November). Government: will begin rolling out in early July 2023 (previously early March 2023) and be completed by late July 2023 (previously late March 2023). How this will affect your organization: Using the quarantine policy, Admins will be able to configure an hourly notification frequency for users in their organization. What you need to do to prepare: You might want to notify your users about this change and update your training and documentation as appropriate. MC382821 — (Updated) Custom organization branding for quarantine notification (custom sender address and Custom subject) Microsoft 365 Roadmap ID 93301 Updated October 13, 2022: We have updated the rollout timeline below. Thank you for your patience. We will be adding capabilities to making it possible for Security Operations (SecOps) to customize end user quarantine notifications with their respective organization sender address and custom subject. When this will happen: Standard: will begin rolling out in late August (previously late July) and is expected to be complete by early November (previously early October). Government: will begin rolling out in early November (previously early October) and is expected to be complete by late November (previously late October). How this will affect your organization: This change will enable admins to customize the sender address of the quarantine notification as well as the subject of the notification. What you need to do to prepare: You might want to notify your users about this change and update your training and documentation as appropriate. MC373880 — (Updated) Migrating the Safe Links Block List to Tenant Allow Block List Updated October 06, 2022: As a reminder Tenants will have until January 2023 to review and take action on any entries in the Safe Links Block List that were unable to be migrated. Any entries that are unable to be migrated will be marked as such and organizations will have the ability to resolve that entry and run the migration again. In January 2023 the Safe Links Global Block List will be retired. We have stopped the automated migration efforts to migrate all entries from your Safe Links Block List to the Tenant Allow Block List. Organizations will have the ability to review and take action on the entries that were unable to be migrated. Any entries that are unable to be migrated will be marked as such and organizations will have the ability to resolve that entry and run the migration again. Tenants will have until January 2023 to complete this activity, at which point the Safe Links Global Block List will be retired. Note: Any entry migrated from the Safe Links Block List to the Tenant Allow/Block List will adopt the behavior of TABL. This means that any message with the URL present will be moved to Quarantine. If deleting an already migrated entry from TABL, it needs to be removed from BlockURLS to avoid migration. As a reminder beginning in June tenants will no longer have the ability to add to the Safe Links Block List in the Global Setting menu. Then we will attempt to migrate the Safe Links Block List to the Tenant Allow Block List (TABL) on behalf of the organization. Any entries that are unable to be successfully migrated, they will be marked as such in the Block List and organizations will have the ability to take action as needed beginning in July. Another update will be sent closer to July as a reminder for tenants to review the migration status of the Block List. Beginning in June organizations will no longer have the ability to add to the Safe Links Block List in the Global Setting menu. Following this, we will attempt to migrate the Safe Links Block List to the Tenant Allow Block List (TABL) on behalf of the organization. For any entries that we are unable to migrate, they will be marked as such in the Block List and organizations will have the ability to take action as needed. When this will happen: · Early June: Organizations will no longer have the ability to add to the URL/Domain entries to the Safe Links Block List in the Global Settings flyout and we will attempt to migrate all the entries in an organization's Safe Links Block List to TABL on their behalf · Mid-June through December: Organizations will have the ability review entries that were not able to be migrated and resolve the issue(s) · January: The Safe Links Block List will be retired How this will affect your organization: Organizations who are utilizing the Safe Links Block List will need to review the list to ensure all entries were migrated successfully. Any entries that are unable to be migrated will be marked as such and organizations will have the ability to resolve that entry, at which point migration will run again. Organizations will use the Tenant Allow Block List to manage URL/Domain blocks moving forward. What you need to do to prepare: In June an update to this Message center post will be sent notifying organizations that the first migration has been completed and they will need to review their Safe Links Block Lists for potential actions. Power Platform MC443282 — Important - Canvas apps in Dataverse environments associated with a security group On October 24, 2022, we will begin releasing an update for canvas apps in Dataverse environments associated with a security group. The update will be fully completed in all regions by November 11, 2022. How does this affect me? Currently, in environments associated with a group, group membership doesn't influence users' ability to access canvas apps. Users with a sufficient license and have been shared canvas apps can run those apps. After October 24, 2022, users will not be able to run canvas apps regardless of app share status unless they are in a security group associated with Dataverse. Instead, they will see an error page that informs them that they must contact their governance admin to continue using canvas app resources within the environment. How do I prepare for this change? There is no required action. It is recommended that you review any security group associated with Dataverse environments in Power Platform admin center and the memberships within those groups to ensure that all users have the correct access. For additional information see the following: · How to add users to a security group · Move apps between environments by exporting and importing solutions Microsoft 365 MC455190 — Graph connectors available with index capacity Microsoft Graph connectors for Microsoft Search are now available with index capacity for G5. Microsoft Graph connectors for Microsoft Search provide a set of out-of-the-box search connectors and search & indexing APIs that enable Microsoft 365 customers to connect Microsoft Search to data sources outside of Microsoft 365. This release of Microsoft Graph connectors includes several connectors available within the Microsoft 365 Admin Center such as ServiceNow, Enterprise websites, MediaWiki, Azure Data Lake Storage Gen2, and Azure SQL and more. For a detailed list of available connectors see also Microsoft Graph connectors gallery. Upon rollout completion, index quota utilization from connectors content will become subject to billing. For more information on licensing and pricing details see also License requirements and pricing. When this will happen: We will begin rolling out early November and expect to complete by late December. How this will affect your organization: There is no change to the user experience for users and/or administrators. What you need to do to prepare: Review the following material to learn more about Graph connectors: · Microsoft Graph connectors overview for Microsoft Search MC452253 — Announcing the New Look of Office for the Web Microsoft 365 Roadmap ID 87307 We are excited to announce a new look in Office for the Web. We've changed the visuals to give you a clean modern look to help you focus, but nothing has moved. We will start flighting at this date. When this will happen: Targeted Release: We will begin rolling out mid-November and expect to complete rollout by mid-December. Standard Release: We will begin rolling out mid-December and expect to complete rollout by late February. How this will affect your organization: People will notice the look and feel changes and might have questions if commands moved. We have not moved location of commands nor changed any icons. Functionality and how you use things will not be affected. What you need to do to prepare: There is no action required from you at this time. We recommend sending this link to your organization for more information and updating any relevant training materials as necessary. MC450856 — IE11 desktop app will be permanently disabled as part of the February 2023 Windows security update (“B”) release As previously announced, the Internet Explorer 11 (IE11) desktop app has been retired as of June 15, 2022. IE11 retirement is occurring through two phases: 1. A redirection phase, currently in progress with devices progressively redirected from IE11 to Microsoft Edge 2. An upcoming Windows Update phase that includes IE11 being permanently disabled. The Windows security update (“B”) release that will permanently disable IE11 is scheduled to be available for roll out on February 14, 2023. When this will happen: The Windows Update containing the permanent disablement of IE11 is scheduled to be available in the following releases: · January non-security preview release, also known as 1C, scheduled for January 17, 2023 · February security release, also known as 2B, scheduled for February 14, 2023 The permanent disablement of IE11 will be included in all subsequent Windows Updates after the January non-security preview release and February security release. How this will affect your organization: · All IE11 activity, including shortcuts using IE11 and invoking iexplore.exe will be redirected to Microsoft Edge · Opening shortcuts or file associations that use IE11 will be redirected to open the same file/URL in Microsoft Edge · The IE11 icons on the Start Menu and the taskbar will be removed · This Windows Update will only affect in-scope SKUs (see our FAQ for in-scope SKUs) At this time, IE11 has been retired, but if your organization has not yet completed your transition away from IE11, continued reliance on IE11 when the Windows Update becomes available may cause business disruption. What you need to do to prepare: For organizations that are ready to remove IE11, it is strongly recommended to use the Disable IE policy to remove IE11 on your organization’s devices to control the timing of permanent IE11 disablement on your own schedule before the Windows Update. Please see this blog for information on how and when to configure the Disable IE policy to replicate the effects of the Windows Update. If you need help moving off IE11, please reach out to the App Assure team for help with app compatibility and open a support ticket for help with technical issues. Microsoft Edge brings you a faster, more secure, and more modern web experience than Internet Explorer and is the only browser with built-in compatibility for legacy IE-based sites and apps with IE mode. Learn More: · For cost-free help with web app and site compatibility, especially if you have legacy site concerns after configuring IE mode, learn more about the App Assure program. · Read our June 15 retirement blog here. · Read our FAQ to help answer your questions. We always value feedback and questions from our customers. Please feel free to submit either feedback or questions via Message center (where available). MC446132 — The Office app is becoming the Microsoft 365 app Microsoft 365 Roadmap ID 98173 On October 12, 2022 at Microsoft Ignite we announced that the Office app for web (office.com), Windows, iOS, and Android will be rebranded to become the Microsoft 365 app. In the coming months, these apps will automatically update to the Microsoft 365 app, which will include a new icon, styling, and features. When this will happen: Changes will begin rolling out to customers of the Office web app (Office.com) in November 2022. This will be part of a phased rollout, so not every customer will receive the update at the same time. Users will be able to experience the new Microsoft 365 app at microsoft365.com or office.com. In mid-2023, office.com will begin automatically redirecting to microsoft365.com. The Office mobile apps for iOS and Android and the Office app for Windows will update to become the Microsoft 365 app at a later time. In November 2022, users of these Office apps will begin seeing in-product messaging notifying them of the upcoming change. In January 2023, these apps will automatically update to become the Microsoft 365 app. When that update occurs, users will see the new Microsoft 365 icon on their device home screens instead of the current Office icon. How this will affect your organization: Users in your organization should understand that the Office app is changing to the Microsoft 365 app. The web app will be accessed at a new URL (www.microsoft365.com) although the experience can also be used at the existing URL (www.office.com) for a limited time. Users of the Windows and mobile versions of the app will use the Microsoft 365 app represented by a new icon instead of the Office app represented by the Office icon. The Microsoft 365 app is an evolution of the current Office app. Existing users will be familiar with many of the core experiences. The app provides a single destination for users to find all their content across multiple file types and storage locations, start new files in the Create module from a wide variety of apps and templates, and find all the applications entitled to them through their Microsoft 365 plan. Additionally, mobile-centric capabilities, such as scanning documents and using voice to create content, will continue to be part of the mobile application. The apps will also include some new features: • Feed – a new page that uses intelligence from the Microsoft Graph to surface relevant content based on who they work with and what they do. • Tagging (web and Windows only) – a new feature that helps users to individually group content with “tags” that they determine, regardless of where the content is stored. • Apps module – a new apps module connects users to Microsoft 365 apps beyond Word, Excel, and PowerPoint, including third-party apps that have integrated with Microsoft 365. What you need to do to prepare • Ensure that the microsoft365.com domain is added to the Allow list for your organization’s firewall to ensure the new domain is not blocked. Additional security configuration details are in Microsoft 365 endpoints documentation. • Update any internal documentation that references office.com or the Office app to refer to microsoft365.com or the Microsoft 365 app. • Review the blog announcement from Microsoft Ignite for more information about the Microsoft 365 app. MC428511 — (Updated) Grid view for Planner "Assigned to me" and plan drill-down views in Planner Web Microsoft 365 Roadmap ID 98104 Updated November 2, 2022: We have updated the rollout timeline below. Thank you for your patience. In addition to the existing board, chart, and schedule views, customers can now view their tasks in a grid/list format. When this will happen: The grid view will be available in Planner web in the mid-December timeframe (previously late October). How this will affect your organization: Once available, users can now view more tasks on your screen at once and more easily compare task metadata like like "Priority" with one another. This applies to the Web version of Planner and is available for both the "Assigned to me" and the plan drill-down views. What you need to do to prepare: You may consider updating your training and documentation as appropriate. Microsoft 365 IP and URL Endpoint Updates Documentation - Office 365 IP Address and URL web service October 31, 2022 - GCC September 29, 2022 – GCC High September 29, 2022 - DOD Continue reading...

Introduction An edge deployment model commonly constitutes many smaller, independently managed environments where the total cost of ownership needs to be optimized. In today's configurations, infrastructure runs on the same servers and CPUs that host customer workloads. Infrastructure overhead (for example, processing network traffic) places a significant drain on resources which necessitates larger cluster deployments and increased cost. SmartNICs or Data Processing Units (DPUs) bring an opportunity to double down on the benefits of a software-defined infrastructure without sacrificing the host resources needed by your line-of-business apps in your (virtual machines) VMs or containers. With a DPU, we can enable SR-IOV usage removing the host CPU consumption incurred by the synthetic datapath, alongside the SDN benefits. Over time, we expect that DPUs will provide even larger benefits and redefine the host architecture for our flagship edge products, like Azure Stack HCI. Recently, we demonstrated how to build and run CBL-Mariner on an NVIDIA BlueField-2 DPU. DPUs enable the use of Software-defined networking (SDN) policies alongside traditional kernel-bypass technologies like SR-IOV. This is a powerful combination that yields the security and agility benefits only possible through hardware accelerators in a software-defined network. In this blog, we’ll demonstrate a prototype running the Azure Stack HCI SDN Network Controller integrated with the NVIDIA BlueField-2 DPU. Topology There are several components to this demonstration: Two hosts with: An NVIDIA BlueField-2 DPU running CBL-Mariner on its system-on-chip (SoC) A host agent that communicates with the NVIDIA BlueField-2 DPU [*]The Microsoft SDN Network Controller [*]Two tenant virtual machines in an SDN virtual network, one on each host [*]One virtual machine using Windows Admin Center for remote management Prototype Description In a traditional (non-DPU) SDN environment, Virtual Filtering Platform (VFP) is loaded as an extension in the Hyper-V virtual switch. Since policy is enforced in the Hyper-V virtual switch, and SR-IOV bypasses this component on the data path, Access Control Lists (ACL) and Quality of Service (QoS) cannot be enforced. In this prototype, we move VFP to the DPU so that policies can be applied to the SR-IOV data path as well. In this prototype, the policy application now works in the following way: We use Windows Admin Center to set ACLs for an SR-IOV enabled virtual machine on the Microsoft SDN Network Controller. The Network Controller communicates with the host agents running on each host. The host agent uses a gRPC communication channel to program the policy to the VFP component on the DPU. Prototype Configuring SDN Policies In the image below you can see the hosts have a virtual network, tenant1, configured in Windows Admin Center. In this image, there is a Network Security Group with a Network security rule (ACL) named, NTTTCP_Allow_All that allows NTTTCP to receive inbound traffic for all virtual machines in the tenant1 virtual network. Comparing Synthetic and SR-IOV Network Performance The image below shows the workload VMs running traffic over the synthetic network stack which must be processed by the host CPU cores. Looking at the _Total report you can see that 42% of the hosts CPU cores (on this system, 8 cores) were spent processing (in this case 60 Gbps) network traffic over the synthetic data path. This host CPU consumption will continue to grow as bandwidth consumption by VMs and containers increases. Now we enable an SR-IOV VF on the guest VMs, offloading the data path while still enforcing the SDN policies. This image shows NTTTCP output from within the guest reaching line rate of 96 Gbps. In this image, the host CPU remains nearly untouched. This returns the 8 cores previously used by the synthetic data path (42% of the host CPU for 60 Gbps) to be used by customer workloads (VMs or Containers). This means more VMs on the same servers, or less servers needed for your workloads. Conclusion In a common edge deployment model, there are many smaller, independently managed environments where the total cost of ownership needs to be optimized. In today's configurations, infrastructure runs on the same server and CPUs that host customer workloads placing a significant drain on resources which necessitates larger cluster deployments and increased cost. In this prototype we demonstrated the host CPU reduction with SR-IOV alongside the Microsoft SDN stack, enabled by a Nvidia BlueField-2 DPU. Stay tuned for more prototypes! Thanks for reading, Alan Jowett Continue reading...

On December 13, 2022, all editions of Windows 10, version 21H1 will reach end of servicing. The December 2022 security update, to be released on December 13, is the last update available for this version. After that date, devices running this version will no longer receive monthly security and quality updates containing protections from the latest security threats. This article serves as a reminder of this upcoming change and as a guide to help you with the next steps. Staying protected and productive To help keep devices protected and productive, Windows Update will automatically initiate a feature update for devices running Home and Pro (non-domain joined) editions of Windows 10, version 21H1 that are reaching end of servicing. This keeps devices supported and receiving monthly updates that are critical to security and ecosystem health. Remember that you and your users can choose a convenient time for devices to restart and complete the update while remaining productive. We will automatically update devices nearing end of servicing to the latest version of Windows 10, but you can opt to upgrade eligible devices to Windows 11. For information about servicing timelines and lifecycle, see: Windows 10 release information Windows 11 release information Windows lifecycle FAQ Upgrading to Windows 11 Windows 11, version 22H2 – also known as the Windows 11 2022 Update – is available to you on eligible Windows devices. Just check for updates as explained on the Update Windows support page. Please note, if we detect that your devices might have an issue, such as an application incompatibility, we might put a safeguard hold in place and not offer the update until that issue is resolved. Find information regarding safeguard holds on the Windows 11, version 22H2 known issues and notifications page, which is part of the Windows release health experience. If you are interested in experiencing the latest feature update, follow three easy steps: Open Windows Update Settings. Select Check for updates. Click the option to Download and install. Note: You’ll only see this option if your device is ready. If you are using Windows 10, you can check if your device is eligible for the upgrade to Windows 11 by using the PC Health Check app or checking Windows 11 specs, features, and computer requirements. In the meantime, enjoy IT tools to support Windows 10, version 22H2. For more information on the Windows 11 upgrade experience for Window 10 devices, watch How to get the Windows 11 2022 Update or read the blog article What’s new for IT pros in Windows 11, version 22H2. Windows 11 was designed to empower productivity and inspire creativity, and we hope you take advantage of the best experiences Windows can offer you. Continue the conversation. Find best practices. Visit the Windows Tech Community. Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter. Continue reading...

What's new this month? We're recapping recent events, launching an episode of our video series Behind the ccreens with Windows Autopatch" about device registration (and more), and highlighting updates to the service, including the new tenant management blade, regional data centers, Azure Virtual Desktops support, and expanded SKU availability. Recap: Microsoft Ignite and Technical Takeoff We're grateful to everyone who participated in Microsoft Ignite and Technical Takeoff events: thanks to your feedback and enthusiasm for the service, the Windows Autopatch team is on a roll. Autopatch was a big story at Microsoft Ignite this year! Satya Nadella's keynote, the session Windows: Building what matters most for your business, and the breakout Secure your workforce with Windows + Intune all highlighted the ways in which Autopatch helps improve security and productivity. Our "Ask Microsoft Anything" session at Microsoft Technical Takeoff was full of great questions and answers – catch up on everything we covered in this recording. If you missed our Microsoft Ignite sessions, don't worry – we created a to help you find all the news about Autopatch in one place. New episode: Behind the screens with Windows Autopatch We're also pleased to announce a new episode that takes a deep dive into the device registration flow is now live: Our "Behind the screens" series will continue to introduce you to our product team and provide insights into how the service works – and if there are any topics that interest you, be sure to let us know about them, or any other questions you have about Autopatch on our Tech Community. New resource: click-through demos We're also launching our interactive demos for IT admins who want to get a detailed look at the service before adding a single device. Visit aka.ms/AutopatchDemo to experience tenant enrollment, device management, release management and support, and reporting. Screenshot from the interactive demo series that can guide you through common Autopatch tasks New feature: Tenant management blade You'll notice a new selection available in the Windows Autopatch Tenant Administration area of Intune: Tenant management. Screenshot of where to find tenant management in the Endpoint Manager admin center This new feature will centralize any actions customers may be required to take at the tenant level. For those who enrolled in Windows Autopatch before July 11, 2022, the blade will display an action 'Tenant access' that will remove the conditional access policy, service accounts, and groups that were required before Autopatch went to an "app-only" authorization model. (There's more on that in the new "Behind The Screens" episode, and you can read about the specific changes for those early adopters here: What's New in Windows Autopatch - New Feature: Tenant Management Blade - Microsoft Community Hub) Important announcements regarding Tenant management actions will also be displayed as a banner on the Device Management > Windows Autopatch > Devices blade. New feature: global data storage As of October 31, 2022, the Autopatch data of customers located in the European Union (EU) will be stored in an EU data center. Plans to regionalize more data are in the works, so subscribe to this newsletter if this is a topic of interest, and for more information regarding Windows Autopatch data storage, check out Privacy - Windows Deployment | Microsoft Learn New feature – Azure Virtual Desktop support The versatility and power of Azure Virtual Desktop make them a favorite of IT pros – and, as of next month, the ability to update Azure Virtual Desktops with Autopatch will be generally available. Adding Azure Virtual Desktops to Autopatch is as simple as nesting your devices' Azure AD group into the Windows Autopatch device registration group. New update: SKU list The list of products that include Windows Autopatch will be expanded in Mid-November to include additional Windows E3/5 SKUs. The complete list of qualifying licenses for the Windows Autopatch product can be found here, Prerequisites - Windows Deployment | Microsoft Learn. Whether or when Autopatch may be available to Education (A), Frontline worker (F), or Government SKUs is still under consideration. That's what's new for November. Look for the next installment of "What's new" to drop in January, when we'll have some exciting new capabilities to announce. Until then, continue the conversation and send your feedback by participating in the Autopatch Tech Community. Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter. For more frequent updates, please make sure to connect with me on LinkedIn and @Bela Lior on Twitter. Continue reading...

Following the release of the 2022 Microsoft Digital Defense Report, Microsoft Defender for IoT is proud to share our contributions and insights with our Tech Community readers. The annual cybersecurity and threat intelligence report analyzes over 43 trillion daily security signals and includes contributions from research teams and security groups from 77 countries, including Microsoft Defender for IoT’s research team, Section 52. The convergence of IoT and OT devices presents new challenges for organizations as the economy of malicious actors and cyber threats has shifted to target critical asset. Microsoft’s new report contains insights about the constantly evolving threat-landscape, cyber-security trends and mitigation guidelines to manage risks and improve security posture. The State of Cyber-Crime Microsoft’s security teams actively track global threats, from ransomware and phishing to cybercrime-as-a-service. Section 52 has shared insights on how threat actors abuse infrastructure in the State of Cyber-Crime section of the Digital Defense Report. Cyber-attacks are increasingly becoming more complex as cybercriminals are building sophisticated enterprises out of their activities. With the inclusion of our research on how unpatched routers are abused by malware operators for their operations, our researchers shared new insights on how devices are actively compromised for crypto-mining resources. We have shared strong indications that popular IoT devices such as routers are becoming active components of coordinated attacks and a popular target for inclusion in criminal operations. Devices and Infrastructure As more organizations are adopting internet-connected devices and solutions across a broad range of industries including critical infrastructure, Section 52 has worked closely with Microsoft’s global security groups to track the threats that are most relevant to your IoT and OT (operational technology) assets. The opportunity for organizations adopting these solutions is closely related to that of threat actors, with the business of cybercrime targeting these assets becoming a multi-billion-dollar business. This year, we have released insights on trends and attacks, supply chain risks, firmware hacking, and OT reconnaissance. IoT devices pose unique security risks as entry and pivot points in networks. Millions of IoT devices are unpatched or exposed. This year we have observed how IoT malware operators have updated modular botnets with new capabilities to increase attacks on architectures like ARM, and the abuse of non-IoT specific vulnerabilities to deliver malicious payloads to vulnerable IoT devices. As organizations are increasingly adopting security solutions like Microsoft Defender for IoT to protect their devices and networks, we have observed threat actors using creative methods and reconnaissance to target valuable assets. This year we have included information on supply chain risks, firmware hacking, and how threat actors can use sensitive design files, the files which are used to map environments and their assets, to gain new footholds into increasingly secure networks. Actionable insights Microsoft Defender for IoT encourages customers to take proactive action against potential security risks: Ensure devices are robust by applying patches, changing default passwords, and default SSH ports. Reduce the attack surface by eliminating unnecessary internet connections and open ports, restricting remote access by blocking ports, denying remote access, and using VPN services. Use an IoT/OT-aware network detection and response (NDR) solution and a security information and event management (SIEM)/security orchestration and response (SOAR) solution to monitor devices for anomalous or unauthorized behaviors, such as communication with unfamiliar hosts. Segment networks to limit an attacker’s ability to move laterally and compromise assets after initial intrusion. IoT devices and OT networks should be isolated from corporate IT networks through firewalls. Ensure ICS devices are not exposed directly to the internet. We hope you will read about these areas and more, in the 2022 report. Continue reading...

Ignite was here and gone before we could blink! The cool thing, Ignite shared so many of our incredible investments, announcements and new fun features we are all extremely excited about. Please take a read, learn about new integrations for PDFs, ways to collaborate using Video and the enhancements for Frontline Workers. Take a read, leave your comments and we thank you for being as enthusiastic about the October features as we are! Meetings Calling Devices Chat and Collaboration Power Platform and custom development Management Teams for Education Frontline Workers Government Meetings Assign seats in Together Mode Together mode makes meeting participants feel more like they’re in the same room during virtual meetings. With this latest innovation, meeting organizers and presenters can now assign seats to participants in Together mode. Pop out shared content into a separate window Previously, you could pop out individual Teams chat conversation, meeting, and calling experiences into a separate in window to help streamline the workflow. We are now bringing the ability for users to also pop out shared meeting content in a separate window so you can see both shared content and meeting participants with ease. Live Translated Captions in Teams Premium Live translated captions for Microsoft Teams delivers AI-powered, real-time translations from 40 spoken languages so meeting participants can read captions in their own language. This helps break down language barriers for your global meetings and calls to be productive and effortless. Live translated captions is temporarily available for all customers. Once Teams Premium is available, each user will need a Microsoft Teams Premium license. If an organizer has Teams Premium, all meeting attendees can enjoy live translated captions. For more information, see Teams Premium add-on for Microsoft Teams. Updated companion mode for Android users For a better hybrid meeting experience, we have updated companion mode in Teams mobile to give in-room attendees quick access to engagement features like chat, live reactions, and Microsoft Whiteboard. We are making it easier to access meeting and device controls, like the ability to join a meeting, cast a PowerPoint, mute the room, turn room cameras on and off, and more. Here are some areas companion mode in Teams mobile makes hybrid meetings better: Users can use a single tap to join a meeting on both their device and Microsoft Teams Room. Users can easily access chat, participant list (see who's in the meeting), live reactions, and raise hands to easily participate from the room Audio on the mobile device will automatically turn off to ensure echo doesn’t happen. This updated companion mode was previously available in iOS and now available in Android. Learn more. Calling Detailed call history Get a more comprehensive view of your call history to see how calls arrived, whether calls were transferred or forwarded, and how they were controlled once received. This detailed call history, combined with the ability to access call recordings and transcriptions from within call details, gives you the context you need to be efficient and productive. Creation of Contact Groups in Calls App Creation of Contact Groups is now available in the right rail pane of the Calls App. Users can now create new groups, and edit the membership of existing groups via the Calls App. Certified Devices Crestron Flex Crestron Flex Displays for Microsoft Teams provide a dedicated conferencing companion for Microsoft Teams-based collaboration that gives quick access to channels, chats, files, calendars, and all other Microsoft Teams features. The ideal desktop solution for both in-office hot desks and remote home offices, the Crestron Flex Display for Microsoft Teams were designed to facilitate cleaner management of daily workflow and activity while freeing up other devices for more specialized work. Sony YY2969 Earbuds Sony’s new LinkBuds headphones improve convenience of participating in online meetings with a truly wireless audio experience. The newly developed ring driver unit features an open central diaphragm for audio transparency, enabling users to tune in to their call and direct surroundings, which is ideal for multi-tasking and on-the-go work. Calls can be easily operated by tapping the headphones. For instance, to mute the microphone, tap the right earbud three times, a useful feature when you step away from your PC during a meeting and want to speak up in a hurry. These Microsoft Teams certified headphones also boast Teams specific features like joining a meeting, receiving calls, and raising hands for meetings in Microsoft Teams. By connecting to your PC through the included USB transceiver and mobile phone via Bluetooth, you can seamlessly switch between your PC and phone to ensure you don’t miss anything said. For instance, users can switch their Microsoft Teams meeting from their phone to their PC without having to reconnect their LinkBuds. Neat Frame Neat Frame is a portable, portrait-oriented personal video device that pairs well with laptops and desktop computers. This device caters to flexible hybrid work scenarios because it can be used in various environments: at home, in the office, in focus pods, or for hot desking. Users can sign into Microsoft Teams on Neat Frame and sync their calendar, files, and chats. Chat & Collaboration Microsoft 365 connected templates We are combining the best of Microsoft Teams templates with SharePoint site templates – into the same flow of creation. When you create a new team using a default template – for example the Manage a Project template, the project management channels and apps, and the connected SharePoint template gets applied automatically. Adobe PDF experience Tenant admins can set Adobe Acrobat as the default app in Teams admin center to view and edit PDF files in the Microsoft Teams. End-users can view, search, comment and annotate PDF files without an Adobe Acrobat subscription or an Adobe ID. This feature is in public preview. Learn how to set up Adobe Acrobat as the default app. Suggested Replies in Group Chat Instead of spending time typing a routine response to an incoming message, simply reply with one click by choosing a suggested response to your group chat. Suggested replies uses machine learning to generate responses that are most relevant to the conversation. Video clip You can now create short, lightweight, rich video clips allow you to express yourself, deliver a more personal touch and strengthen your connections. Simply record, send and view a video clip in chat. The recipient of the video clip can easily reply with a chat message or a video clip of their own. Generally available in desktop and will be in public preview in mobile by end of the year. Delete or rename files in a channel and in your OneDrive folder in Teams To rename or delete a file in a channel, go to the files tab and find the file you want. Then select More options (the three dots) on the file. To rename or delete a file from your OneDrive, select More at the bottom of the app, then select Files. Once you find the file you want, select the three dots and choose to rename or delete it. Teams calendar now includes scheduling form pop-outs In a Teams calendar, users will now be able to pop-out an existing meeting using the pop-up icon in a Teams calendar scheduling form. Users will be able to pop out the meeting and have it visible while creating a new meeting. This feature will allow users to view multiple meetings in separate windows while also being able to check their chats or edit their files without the need to switch apps. Power Platform and custom development ISV App Subscriptions instead of 3P app subscriptions in Teams Admin Center Ability for Admins to view and manage in single place all third-party app subscriptions they’ve purchased from Teams Admin Center, easily adding more licenses for the purchased subscriptions, cancel, upgrade and downgrade subscriptions and access invoices. Simplified app update experience Users will have a clear and transparent app update experience. Users will only need to approve an update once per app, and the new version will take effect seamlessly in all their chats, channels and meetings. Teams Platform Apps in One-on-One VOIP Calls All the familiar functionalities of meeting apps - tabs, bots, in-meeting dialogue, and meeting stage - will be supported in Teams VOIP Calls. Users of your apps will enjoy the same familiar app experience as seen in Teams Meetings, in their Teams VOIP Calls. Teams Platform Apps in Group VOIP Calls All the familiar functionalities of meeting apps - tabs, bots, in-meeting dialogue, and meeting stage - will be supported in Teams VOIP Calls. Users of your apps will enjoy the same familiar app experience as seen in Teams Meetings, in their Teams VOIP Calls. Zero install link unfurling Users can now see a preview card when a pasted link unfurls even when they don't have the app installed. Management Upgraded usage analytics for Teams administrators and users Updates and improvements were made to Teams related usage report in the Microsoft 365 admin center (and corresponding graph APIs) to be more accurate and upgraded. We are bringing consistency across different reporting surfaces, we are updating the Teams admin center usage reports and end user analytics in Teams with same underlying data source as Microsoft 365 Admin Center Teams usage reports. Individual usage metrics reported in different reports and in the end user analytics in Teams, as well as the Graph APIs for the usage data will have data consistency across Teams and M365 admin center usage reports. In addition to 7/30/90 days of aggregated metrics, Teams admin center usage reports and end user analytics for teams will have additional 180 days aggregated metrics. Thus, historical usage data up to 180 days will be available for reporting. Teams app usage report is updated to include more reporting metrics, data quality fixes for reported metrics and usage for Line of business applications as well. (Available only for Public/worldwide cloud customers) Team App usage and Teams team usage report will be available in both Teams admin center as well as M365 admin center. Teams user activity report and Team usage report is updated to include shared channel related usage metrics. To learn more: Microsoft 365 admin center activity reports - Microsoft 365 admin | Microsoft Learn , Microsoft Teams analytics and reporting - Microsoft Teams | Microsoft Learn, View analytics for your teams (microsoft.com), Microsoft 365 usage reports in Microsoft Graph | Microsoft Learn Enhancement to app usage report - support for Line of Business apps An updated version of Teams app usage report with support for Live of business apps in alignment with Teams app usage in M365 admin center. The new enhancements includes the support for usage of line of business (LoB) apps, Tenant level install trend, enhanced quality of metrics reported, tenant wide usage of Microsoft, 3P and LoB apps etc. These enhancements will help the admin measure the usage of Teams app across their organization and to categorize them. Teams for Education We're showcasing one of this months Teams for Education features here but be sure to take a look at the monthly Teams for Education blog for a look at the great new updates. Education Insights - Student Support Card New AI-based Student Support spotlight in Education Insights helps educators better support students before they fall behind. Frontline Workers Approvals as a PDFs can be saved, printed and transferred Approval creators will be able to save a completed approval request to a PDF file and have the option to print it. This feature will also allow customers to easily transfer their proof of approval as a PDF to another system or store as a file. Approvals in integrated SharePoint Lists List users will now be able to create and manage simple approval requests directly within integrated SharePoint Lists. Assign Approvals to a Tag in Teams For an approval assigned to a tag, the tag will expand and send to the correct members when the approval requestor hits submit. Rich notes in Tasks field Tasks will also support rich text support in the notes field, so you can include more detailed instructions with the help of rich formatting such as bold, italic, and underlined text, bulleted and number lists, and hyperlinks. Learn more about how to get started with Tasks in Teams. Government These features currently available to Microsoft’s commercial customers in multi-tenant cloud environments are now rolling out to our customers in US Government Community Cloud (GCC), US Government Community Cloud High (GCC-High), and/or United States Department of Defense (DoD). Enhancement to app usage report - support for Line of Business apps An updated version of Teams app usage report with support for Live of business apps in alignment with Teams app usage in M365 admin center. This will help admins track all app usage metrics over time. Music on hold for Voice over IP calls, consultative transfer, and call transfer for GCCH and DOD Music on hold is available for VoIP calls placed on hold, as well as VoIP and PSTN placed on hold for a call transfer and consultative transfer. Live Share SDK support for meeting extensions Live Share is a new developer capability designed to transform Teams meeting apps into collaborative multi-user experiences without writing any dedicated back-end code. Live Share SDK support for meeting extensions enables general-purpose collaboration features, turn-key media synchronization to co-watch videos in meetings, and inking, cursors & annotations. Text prediction for Teams mobile in GCC-High and DoD When you compose or reply to a message in Teams, Editor Text Predictions anticipates your writing and suggests a suitable word or phrase inline. This saves time and helps you reduce typos. Connectors in GCC Teams Connectors, which support webhook integrations, will be made available in GCC. Firefox Meeting Support for Outgoing Screen Sharing Extend outgoing screen sharing capabilities for Teams Meetings from the Firefox browser. Updated companion mode for Android users for GCC, GCC-High and DoD For a better hybrid meeting experience, we have updated companion mode in Teams mobile to give in-room attendees quick access to engagement features like chat, live reactions, and Microsoft Whiteboard. We are making it easier to access meeting and device controls, like the ability to join a meeting, cast a PowerPoint, mute the room, turn room cameras on and off, and more. Here are some areas companion mode in Teams mobile makes hybrid meetings better: Users can use a single tap to join a meeting on both their device and Microsoft Teams Room. Users can easily access chat, participant list (see who's in the meeting), live reactions, and raise hands to easily participate from the room Audio on the mobile device will automatically turn off to ensure echo doesn’t happen. This updated companion mode was previously available in iOS and now available in Android. Continue reading...

With the announcement of Microsoft Store for Business retiring in early 2023, organizations that use Windows Autopilot to register devices and create and manage Windows Autopilot profiles will need to use a different platform. Microsoft Intune and the Microsoft 365 admin center are two available options. Microsoft Intune If you don't already use Intune, you can use an Intune tenant to register devices and create and manage Windows Autopilot profiles. To access a free Intune tenant, refer to Microsoft Intune Licensing for more information. Using Intune to register devices and create and manage Autopilot profiles doesn't require a paid subscription. Once you have access to Intune, set up and manage Autopilot profiles at Home > Devices > Windows > Windows enrollment > Deployment profiles. A screenshot of the Windows Autopilot deployment profiles screen in Microsoft Intune Microsoft 365 admin center The Microsoft 365 admin center can also be used to register devices and to create and manage Windows Autopilot profiles. Access the Microsoft 365 admin center at www.admin.microsoft.com and select Devices > Autopilot > Create profile. A screenshot of the Autopilot devices and profiles options in Microsoft 365 admin center Other considerations What happens to profiles I have created in the Microsoft Store for Business? Profiles created within the Microsoft Store for Business will still exist in Windows Autopilot. However, you may not be able to edit or access the profile once the changes take effect. We recommend reviewing whether any of the profiles you created are available in either Microsoft Intune or Microsoft 365 admin center prior to the Microsoft Store for Business retirement in early 2023. If they're not available, the Autopilot profiles will need to be recreated and re-targeted to devices within one of the two platforms as they may not be migrated. Learn more at Configure Autopilot profiles. What permissions do I need to access the Autopilot devices menu in the Microsoft 365 admin center? Global administrator rights are currently required to make changes in the Microsoft 365 admin center. When will the original equipment manufacturer (OEM) consent form move from the Microsoft Store for Business? The consent form for OEMs to register devices to your tenant is available in the Microsoft 365 admin center and will coexist with the Microsoft Store for Business link until March 2023. Contact your OEM to provide the updated link. If I have already consented to my OEM, do I need to do it again? All existing relationships will remain. There is no need to re-establish consent with an OEM. Continue reading...

Welcome to Microsoft Ninja training! This blog post will walk you through Microsoft Defender Threat Intelligence (Defender TI) level 400 training and help you become a Defender TI master. Curriculum This program is comprised of six training modules that will enable users to get to know and get the most out of their Defender TI instance. Throughout this training, you'll get familiar with Defender TI, how it collects and analyzes threat intelligence, and how to use it to unmask adversaries and their tools and infrastructure. Once complete, you'll be ready to leverage the advanced intelligence in Defender TI to up-level your threat hunting and incident response. The modules listed below are split into four groups: Part 1: Overview Module 0: Other Learning and Support Options Module 1: Use Cases, Users, and How to Get Started Part 2: Data Collection, Threat Analysis, and Defender TI's Dataset Overview Module 2: Data Collection and Threat Analysis Module 3: Understanding Internet Datasets and their Investigative Use Part 3: Integrated Use Cases Module 4: Microsoft Defender Threat Intelligence Detections in Microsoft Sentinel Part 4: Using Defender TI for Cyber Threat Investigations Module 5: Making Use of Projects Module 6: Understanding & Utilizing Finished Threat Intelligence Part 1: Overview Module 0: Other Learning and Support Options The Ninja training is a level 400 training. If you don't want to go as deep or have a great feature request to share, other resources might be more suitable: Already a Ninja? Join our Private Preview program to be informed of new features. We will update this Ninja training as new features or integrated use cases are introduced. Have a good feature idea you want to share with us? Let us know on the MS Defender Threat Intelligence channel of the Cloud Security Private Community [EXTERNAL] Teams site. Think you're a true Microsoft Defender Threat Intelligence Ninja? Take the knowledge check and find out. If you pass the knowledge check with a score of over 80%, you can request a certificate to prove your ninja skills! Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content. Take the knowledge check here. If you score 80% or more in the knowledge check, request your participation certificate here. If you achieved less than 80%, please review the questions that you got wrong, study more, and take the assessment again. Module 1: Use Cases, Users, and How to Get Started Defender TI is an analyst workbench aggregating many intelligence data sources in a way that is searchable and pivotable. Data sources include both raw data ingested via a world-wide collection engine as well as finished intelligence in the form of articles. The workbench allows for correlating data and aggregating identified attributes or entities by grouping them into projects or assigning tags, which can be shared within an organization. The intent of the platform is to enable organizations to derive insights, which will be utilized to defend themselves against threat actors in cyberspace (read more). Defender TI aids the following target user functions: Security Operations Incident Response Threat Hunting Cyber Threat Intelligence Analysis Cybersecurity Research Common tactical use cases include: Identify Existing Threat Intelligence Data Enrichment Infrastructure Chaining Monitoring Internet Infrastructure Changes Collaborating on Investigations For more information regarding Defender TI's target user functions and use cases, see "Microsoft Defender Threat Intelligence's Target User Functions and Use Cases". If you want to get an initial overview of Microsoft Defender Threat Intelligence's technical capabilities, the Microsoft Security Public Community webinar, "Special Report: Ukraine | A Microsoft Overview of Russia's Cyberattack Activity in Ukraine" and our Microsoft Security Digital Event "Stop Ransomware with Microsoft Security" are good starting points. You might also find the What is Microsoft Defender Threat Intelligence (Defender TI)? useful. Lastly, want to try it yourself? Defender TI 30-day Premium trials are available to start in the M365 Admin Center (read more). If your organization is not ready to trial the Premium Defender TI experience, you can also register for Community Defender TI access with your standard Microsoft authentication when accessing the Defender TI standalone portal. Community access presents users with limited datasets and data history as well as limited access to articles (read more). Part 2: Data Collection, Threat Analysis, and Defender TI's Dataset Overview While the previous section provides an overview of our Defender TI platform, use cases it supports, and how to get started, this section provides thorough information regarding Defender TI's data collection processes, threat analysis, and data sets. It also provides dataset investigative examples to provide more information regarding the value Defender TI's datasets can bring to analysts. Module 2: Data Collection and Threat Analysis It is oftentimes difficult to make a determination as to whether a security alert identified truly malicious activity without the ability to conduct additional research into the entities associated with the alert. Entities could include IP addresses, domain names, host names, URLs, file names or hashes, and more. Analysts will have to turn to outside sources in order to gather needed context on these entities to properly triage the activity that has been identified. Defender TI is built on top of well over a decade's worth of collection against Internet datasets. The technologies in place enable the collection, processing, and storage of data at a scale unmatched by most in the industry. Improvements to the ability to search across and pivot through datasets occur on an ongoing basis, in conjunction with improving the ability for analysts to collaborate across research and investigations. This module will provide an overview of the primary methods by which Internet data is collected. Defender TI collects internet telemetry data via its' Passive DNS sensor network, web crawling with virtual users, global proxy network, internet scanning, and select 3rd parties. As a result, the following datasets are available in the Defender TI platform: Resolutions Whois Certificates Subdomains Trackers Host pairs Components Cookies Reverse DNS DNS Services For more information, see "How Does Microsoft Defender Threat Intelligence Collect Internet Telemetry Data?". Note: As mentioned previously in Module 1, Community users will have access to limited datasets and history of those datasets (read more). By collecting these internet datasets, Defender TI leverages a ML algorithm to produce real-time reputation scores for IP addresses, domains, and hosts. In addition, analysts can gain more context into these IP addresses, domains, and hosts by leveraging Defender TI's Analyst Insights feature (read more). Module 3: Understanding Internet Datasets and their Investigative Use Microsoft collects, analyzes, and indexes internet data to assist users in detecting and responding to threats, prioritizing incidents, and proactively identifying adversaries' infrastructure associated with actor groups targeting their organization. We learned how Defender TI provides raw and finished threat intelligence in Module 2. The focus of this module is to dive into the raw intelligence, in the form of internet datasets, Defender TI includes. Defender TI's internet data is categorized into two distinct groups: core and derived. Core datasets include Resolutions, Whois, SSL Certificates, Subdomains, DNS, Reverse DNS, and Services. Derived datasets include Trackers, Components, Host Pairs, and Cookies. Trackers, Components, Host Pairs, and Cookies datasets are collected from observing the Document Object Model (DOM) of web pages crawled. Additionally, Components and Trackers are also observed from detection rules that are triggered based on the banner responses from port scans or SSL Certificate details. To learn more and practice working with Defender TI's datasets, see "Microsoft Defender Threat Intelligence's Datasets and How to Use Them During Investigations." Part 3: Integrated Use Cases Now that we have a foundational understanding of Defender TI's use cases, features, and raw and finished intelligence, let's learn how Defender TI's threat intelligence can be used to drive more detections within Microsoft Sentinel. As Defender TI evolves, more integrated use cases will come to speed up security operations, incident response, threat hunting, and threat intelligence workflows. Be on the lookout for new content in this section as new integrated use cases present themselves natively across the Microsoft Security ecosystem or through configuration. In addition, if you have ideas for new integrated use cases, feel free to email mdti-pm@microsoft.com, add a comment in the Module 4's blog, or join our Cloud Security Private Community and start a discussion in the MS Defender Threat Intelligence channel. Module 4: Defender TI Detections in Microsoft Sentinel Defender TI provides free threat intelligence indicators to Microsoft Sentinel customers. These indicators come from Defender TI's malware and phishing indicator feeds as well as indicators from Defender TI's articles. While users cannot export the indicators and ingest them into their TIP or SIEM, they can enable "TI map*" Analytic rules in Sentinel. These rules run every hour and correlate these indicators against logs stored in their Log Analytics workspace to generate more high-confidence detections. Once a detection happens, they will be able to view the associated entities (threat intelligence indicators from Defender TI) in their Microsoft Sentinel Threat Intelligence blade (read more). Part 4: Using Defender TI for Cyber Threat Investigations At this point, you've learned a great deal about how Defender TI can be used within its user interface and how it can integrate with Microsoft Sentinel to generate more detections. These next modules will focus on how you can apply what you've learned from the previous modules by putting those teachings into practice. Note: For those of you with Defender TI Community access, your dataset, dataset history, and feature access will be limited compared to our Defender TI Premium experience. As such, many of the exercises below in Module 6 may be difficult to execute without a Defender TI Premium license. Module 1 covers how you can work with your team to start a Defender TI Premium Trial if you'd like to practice the following exercises and evaluate full access to our Defender TI solution. Module 5: Making Use of Projects The Microsoft Defender Threat Intelligence (Defender TI) platform allows users to develop private personal or team project types for organizing indicators of interest and indicators of compromise from an investigation (read more). Module 6: Understanding and Utilizing Finished Threat Intelligence Threat intelligence is the data that organizations need in order to map threats to the enterprise and enable the best possible decision making related to risk. Defender TI serves as a valuable source of attack surface threat intelligence on global, industry, and local threats, with content from hundreds of OSINT sources complementing original research shared from Microsoft's own Defender, MSTIC, and Section52 research groups. As an analyst working with threat intelligence, it's easy to become overwhelmed by the volume of data out there, but within the Defender TI portal, the ability to quickly find data relevant to your needs is kept top of mind. For more information regarding Defender TI's articles, vulnerability articles, and exercises to practice gathering raw intelligence, see "Understanding and Utilizing Finished Threat Intelligence with Microsoft Defender Threat Intelligence". Continue reading...

Want to simplify your on-premises management of updates? Try the public preview of the Unified Update Platform (UUP)! Following on a successful limited private preview, the UUP on premises is available for commercial organizations now. UUP on premises is an integration with Windows Server Update Services (WSUS) and Microsoft Configuration Manager. This new capability simplifies Windows content management and streamlines the process for upgrading to Windows 11 for those who manage Windows devices with these update management platforms. Prepare yourself and your organization for the complete transition of servicing to UUP by early 2023. Let's see how UUP on premises simplifies quality and feature update deployment and act now to enroll in our public preview! What is the Unified Update Platform? The Unified Update Platform (UUP) is the next iteration of our system for delivering Windows OS quality and feature updates. It offers improved delivery technologies in response to IT admin requests for more seamless updates, more control over installation time, more battery life, and lighter download size. After five productive years, UUP is becoming even better through seamless integration with Configuration Manager and WSUS. UUP on premises is stepping up to the growing demand for Windows 11 security and productivity standard across leading enterprises. In fact, starting in early 2023, all new releases of Windows will be serviced with UUP updates. Here's the timeline that has led to the currently available public preview of UUP on premises, as the last stage in preparation for UUP servicing. Estimated timeline for the preview and general availability of UUP on premises Let's look at the key benefits, version requirements, and the process to sign up for the public preview of UUP on premises today. Simplifying the upgrade from Windows 10 to Windows 11 The UUP makes OS upgrades easier for you to manage. You no longer need to create your own custom images or complicated task sequences to retain installed optional features or language packs. New capabilities include: Simplified content management via servicing, instead of media-based task sequences Upgrading the OS to the latest security compliance level with one reboot Installed optional features on demand (FODs) and language packs (LPs) are retained during upgrades If desired, the ability to implement well known task sequences for other custom actions needed in your environment If your organization has already moved to the Software Updates model for feature updates, you'll automatically get UUP updates. You'll want to remove any feature update steps you are performing today to work around previous gaps. For example, remove Setup custom actions to migrate FODs since the UUP feature update will now do this automatically. If you are using a Task Sequence using OS media to perform feature updates, this is a great opportunity for you to consider switching to the Software Updates model. You can continue to use a Task Sequence but integrated with the Software Update instead of needing to build a custom OS image. Note: When UUP launches early next year, customers will get UUP updates automatically. Quality and feature updates delivered for Windows 11, version 22H2 and later releases will be UUP updates. To upgrade to Windows 11 from Windows 10, the minimum required version of Windows 10 is 21H1 or later. Quality updates for Windows 11 Quality updates with the UUP continue to be cumulative and include all released Windows quality and security fixes. New capabilities are: Ability for end users to acquire FODs and LPs in WSUS or Configuration Manager environments. Automatic corruption repair Minimized quality update client download sizes Note: To receive quality updates on Windows 11, we recommend that the latest security updates be installed on your devices. Minimally, devices should be updated through April 2022. Participate in the UUP on premises public preview Aside from the Windows version and updated requirements listed above, make sure you are managing your PCs with a supported platform then follow the simple process outlined below to sign up for the public preview. Supported platforms To take advantage of UUP on premises, you must be using a supported platform: Configuration Manager, version 2203 or later All supported versions of Windows Server Update Services (WSUS) How do I sign up for the public preview? To sign up for UUP on premises public preview, complete this short form, which gives us the information necessary to provide access to UUP updates in your environment: Microsoft Forms. After we've received your information, we'll let you know when you can expect to be added to the preview. Find complete onboarding instructions at Onboarding guide: Preview of Unified Update Platform (UUP) on premises update management, which include the following steps. Once you've been added to the preview, enable UUP and sync updates: Synchronize software updates to allow the new products to populate. In the Configuration Manager console, navigate to Administration\Site Configuration\Sites. Select your top-level site (CAS or standalone primary). Open Configure Site Components\Software Update Point. On the Products tab, a new product should appear once your WSUS server is added to the preview. This product will contain the UUP preview content. Select "Windows 11 UUP Preview" in order to see Windows workstation UUP updates. On the Classifications tab, ensure you have selected: Security Updates in order to see the UUP cumulative updates. Upgrades in order to see the UUP feature updates. [*]Synchronize software updates to see the new UUP updates. Finally, find the synced UUP updates in WSUS or Configuration Manager and test them! You can find more information about what and how to test at Onboarding guide: Preview of Unified Update Platform (UUP) on premises update management. Looking ahead We love learning from our preview participants and helping you get ready for upcoming improvements. Be a part of this journey and apply today at Microsoft Forms! During preview, all Windows 11 quality updates and feature updates, starting with the July 2022 security update, will be available as UUP updates. Stay tuned for upcoming blog posts and Demo Bytes on the Windows IT Pro YouTube channel (subscribe here!) to learn about the behind-the-scenes magic that is improving your update experience on the latest versions of Windows. For more information, refer to the following resources: Get started with Windows Update Migrating and acquiring Windows optional content Preview Unified Update Platform for on-premises update management Introducing the Unified Update Platform (UUP) Continue the conversation. Find best practices. Visit the Windows Tech Community. Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter. Continue reading...

Take advantage of expedited quality updates in Intune and Windows Update for Business to address zero-day security vulnerabilities and fast-tracking installation of security updates. It works seamlessly if you are managing a mix of Windows 10 and 11 devices, ensuring quick deployment even in complex environments. This feature is available to those enrolled in Windows Update for Business deployment service. Working closely with Intune users, we have invested in improving the experience by adding new and more intuitive alerts and notifications. To help you get the very best out of the expedite capability, this blog explores: Prerequisites for expedited updates Monitoring and reporting Common alerts and resolutions Best practices Prerequisites for expediting updates To expedite quality updates, make sure you meet the following requirements for eligibility, joining your devices to Azure Active Directory (Azure AD), connecting them to Windows Update services, and equipping your devices with necessary tools. See the Common alerts and resolution section for how to make sure you meet these prerequisites! Prerequisite category Description Licensing Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)Windows 10/11 Virtual Desktop Access (VDA) per userMicrosoft 365 Business Premium Azure Active Directory (Azure AD) JoinedHybrid joined Note: Workplace joined devices are not supported for expedited updates. For details, see What is an Azure AD joined device? Windows Update services Devices must be configured to scan the Windows Update service and be receiving updates from it. Update Health Tools Client Update Health Tools KB4023057 must be installed on all relevant devices. Note: If the devices are configured to scan the Windows Update service, then the client should automatically be installed on the device. Recommended: Client/device data processing in Intune Devices are configured to send diagnostic data for better experience. Please refer to the full and current list of prerequisites to qualify for installing expedited quality updates. Most needs in troubleshooting arise from not fully meeting these prerequisites. Thankfully, this post is here to help you! Monitor and report on expedited updates in Intune Have you asked yourself where you can monitor and see any errors triggered for an expedite policy that you’ve created? After an expedite policy has been created, you can monitor the update status and view any errors using intuitive reports available in Intune: the summary report and the Windows expedited update failures report. Access the summary report from Intune’s Reports > Windows updates. View the status of deployment by checking the Update Aggregated State column of the device-by-device portion of the report (see image below). A summary report view of Windows expedited updates in Intune. The bottom portion lists device by device, with its respective identifiers, update aggregate state, and other details. Review some important update states and substates that indicate successful progression of the policy below. For more information on all update states and substates, see the Update states section of Microsoft Intune documentation. Update state Update substate Workflow state Pending Validation Device has been added to the expedited update policy and is being validated. Note: The devices that do not meet the prerequisites will show this state. Resolve this by checking the Common alerts and resolutions tips below. Pending Scheduled Device has passed validation and will be expedited soon. Offering OfferReady The expedite instructions are ready for the device. The next time expedite client on the device scans for updates, these will be offered to the device. Installed UpdateInstalled Device has received the update successfully. Needs Attention Needs Attention Device has encountered an error. Please check the Windows Expedited update failures report in Intune, as shown next. The Windows Expedited update failures report provides a view of all devices within a policy that have encountered an error. Access the Windows Expedited update failures report from Intune (Home > Devices > Monitor) to troubleshoot expedite deployments. Windows expedited update failures in Intune show error devices, along with full details Upon selecting the Alert message, you can view the details of each error and steps needed to remediate the error. The report also gives the capability to filter by a specific error type and see all impacted devices. About 57 alert types are included with detailed explanations and recommended remediation for each issue. Common alerts and resolutions If the devices are active and meet the eligibility criteria for expedited updates, then you shouldn’t encounter any issues while using the service. Devices are considered active when they are connected to the internet and are operational for more than 6 hours a month in total, with continuous activity of at least 1 hour. Let’s review some common error messages you can find in our reporting and how to remediate them. Why do I not see detailed status and alert information for my devices? Alert Description Windows Health Monitoring not enabled Windows Health Monitoring is not enabled for Windows Update scope for this device. Update status from the device will not be available. This issue is often related to the prerequisite of Windows health monitoring and will cause all your devices to only show the OfferReady status. Please make sure you have enabled the required Windows data processing settings in Intune. From Home, go to Devices > Windows 10 and later > Windows health monitoring. Enable Health monitoring for Windows updates (see image below). For detailed guidance on how to do this, refer to Use Update Compliance reports for Windows Updates in Microsoft Intune. Windows health monitoring configuration settings in Intune set Health monitoring to Enable. Scope allows to select items like Windows updates and Endpoint analytics. The other possible reason for the devices to remain in this update substate is if they are not active or are experiencing issues while connecting to Windows Update. How to check if tenant has the appropriate license required to use Windows Update for Business deployment service? Alert Description Missing E3 license (Not eligible to be updated) This device does not meet the licensing requirements and is not able to be updated. The easiest way to check if your tenant has the required license to use the service is to use Microsoft Graph. Go to Microsoft Graph Explorer and log in to your tenant. Run the API https://graph.microsoft.com/v1.0/subscribedSkus?$select=servicePlans Check the response to see if there is “WINDOWSUPDATEFORBUSINESS_DEPLOYMENTSERVICE” as a service plan name. If yes, then your tenant meets the licensing eligibility criteria. Microsoft Graph API shows that your tenant meets the licensing eligibility criteria under Service Plan Name. How can I verify if the Update Health Tools client is installed on my device(s)? Alert Description Expedite client missing The device does not have the expedite client needed to expedite. Another prerequisite is verifying that Update Health Tools are running on the device correctly: Look for the installation files at this location: C:\Program Files\Microsoft Update Health Tools. Check if the Microsoft Update Health service is running on the device (illustrated below). Microsoft Update Health Tools shows a list of services running on the device. Microsoft Update Health Service is highlighted. As an admin, run the following PowerShell script: $Session = New-Object -ComObject Microsoft.Update.Session $Searcher = $Session.CreateUpdateSearcher() $historyCount = $Searcher.GetTotalHistoryCount() $list = $Searcher.QueryHistory(0, $historyCount) | Select-Object -Property “Title” foreach ($update in $list) { if ($update.Title.Contains(“4023057”)) { return 1 } } return 0 Interpret the results as follows: If it returns a 1, the device has UHS client. If it returns a 0, the device does not have UHS client. In this case, you can manually download and install Update Health Tools from the Microsoft Download Center. How can I verify that my devices are configured to connect to Windows Update? Alert Description Not connected to Windows Update This device is not connected to Windows Update and therefore cannot download the update. Windows Update must be configured as the scan source for quality updates. Most common policies, if configured alternatively from the default settings, could lead to devices not scanning Windows Updates correctly. If your devices are receiving regular updates from Windows Update, then your devices have the correct configurations. Learn more at Use Windows Update for Business and Windows Server Update Services (WSUS) together. On Windows 10: Configure scan source for quality updates from Windows Update. Ensure Disable Dual Scan is Not Configured or is configured to Disabled. Note: If you don't have a WSUS URL configured, ALL updates will come by default from Windows Update without you needing to configure scan source. On Windows 11: Configure scan source for quality updates from Windows Update. Note: If no scan source policy is configured, ALL updates will come by default from Windows Update. If using Microsoft Intune co-management, ensure the Windows Update for Business workload slider is set to Intune or Pilot with the desired devices. How do I ensure that devices in my organization are Azure AD joined? Alert Description Device Registration Invalid Azure AD Device ID Device is not able to register or authenticate properly with the Deployment Service due to having an invalid Azure AD Device ID. Leverage another API to help you assess whether the devices are Azure AD joined or not. Go to Microsoft Graph Explorer and log in to your tenant. Run the API https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/?$filter=isof(‘microsoft.graph.windowsUpdates.azureADDevice’). Review all devices that are Azure AD joined in the returned list. Note: If a new device is added to the tenant, then it could take up to 24 hours to reflect in the response list Microsoft Graph API shows a list of three device IDs that are Azure AD joined. Additional alerts to explain why devices are not expedited Alert Description Workplace joined devices not supported Workplace joined devices are not supported. Register your device to be Azure Active Directory joined or hybrid joined to update this device. Alert Description In multiple Expedite profiles A device should only be in one expedite policy at once. When a device is in more than one expedite policy with different settings, it can lead to potential conflicts that the service can’t resolve automatically. As a result, the device will not be expedited. Review the policies that the device is assigned to and remove the device from all but the desired policy. Otherwise, change the policy settings to match. This can be done by reviewing the policies created in Intune via Select Devices > Windows > Quality updates for Windows 10 and later. Alert Description Past end of servicing (Applying latest update) This device is on a Windows 10 or later build that is past the End of Servicing date. As a result, the specified update is not available for this device. This device does not have the latest update available for that build, so the latest update available is being expedited. This is a security measure to ensure that the device is as secure as possible. Update the device to a supported version of Windows to ensure the highest security of the device and your organization. Best practices If you are not yet familiar with the Expedite feature of Windows quality updates in Intune, consider trying it out! Create and configure an Expedite policy in Microsoft Intune admin center. If you select the August 2022 security updates for Windows in the policy, devices without the corresponding August quality update will get an expedited update. If a newer update is available, then that update gets installed on your device with all the added benefits of the intended update. To fully understand the behavior, please review Example of installing an expedited update. To receive the best experience when expediting quality updates, we have these recommendations: If you are using the expedite capability for the first time, then prior to reaching a zero-day vulnerability scenario, identify if your devices are eligible to receive expedited updates or not. If your devices are up to date and active, do a test run and expedite them to an older security update. For example, if your devices have the August security update, then you could test the expedite capability by using target release as June. The Summary and Device reports in Intune will notify you if there are devices that could not be expedited, along with reasons and mitigations. Note: We are exploring a future capability to test the expedite capability without having to create an expedite policy for a quality update. Since the objective of expedited updates is to handle zero-day vulnerabilities, expedite to the latest security release. Unless immediacy is absolutely required, we recommend setting the Days to Reboot to 1 or 2 days (see image below). This setting will avoid immediate forced reboot of devices and minimize disruption in work for the employees in your organization. It gives you 1 or 2 days to choose when to reboot the device, before the reboot requirement is enforced, possibly during working hours. Expedite settings in Microsoft Intune admin center. The options for the number of days to wait before forced reboot include 0, 1, and 2 days. To be continued In summary, most issues that might prevent you from enjoying the expedite capability arise from a set of prerequisites. Thankfully, our reporting tools are here to help! While this feature is focused on security updates, we are additionally working on a future functionality to expedite non-security quality updates and will soon be releasing the capability through both Graph APIs and Intune. Keep an eye on the Windows IT Pro Blog for updates! For example, check out Expediting updates in the real world to learn how the expedite capability is used in general IT services, education, and banking, as well as ways to get informed and engaged. To learn about how to use expedite capability, please review Expedite Windows quality updates and Deploy an expedited security update using the Windows Update for Business deployment service. Continue the conversation. Find best practices. Visit the Windows Tech Community. Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter. Continue reading...

Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 SUs are available in a self-extracting auto-elevating .exe package, as well as the original update packages (.msp files), which can be downloaded from the Microsoft Update Catalog. The October 2022 SUs are available for the following specific versions of Exchange Server: Exchange Server 2013 CU23 Exchange Server 2016 CU22 and CU23 Exchange Server 2019 CU11 and CU12 The SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Our recommendation is to immediately install these updates to protect your environment. These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action other than updating any Exchange servers in their environment. NOTE The October 2022 SUs do not contain fixes for the zero-day vulnerabilities reported publicly on September 29, 2022 (CVE-2022-41040 and CVE-2022-41082). Please see this blog post to apply mitigations for those vulnerabilities. We will release updates for CVE-2022-41040 and CVE-2022-41082 when they are ready. Also note that in this update, we have re-released fixes for some CVEs published in August 2022, to highlight the resolution of known issue. More details about specific CVEs can be found in the Security Update Guide (filter on Exchange Server under Product Family). Enable Windows Extended Protection Starting with the August 2022 SUs, Exchange Server supports the Windows Extended Protection (EP) feature, which can help you protect your environments from authentication relay or "man in the middle" (MitM) attacks. If you have not yet enabled EP in your environment, please install the October SUs which address a known issue in Exchange EP support (see below). Then, review the information in the Manual Enablement of Extended Protection section of our August announcement for more details. Customers who have already installed the August 2022 SUs and have enabled EP do not need to re-run the EP script after installing the October SUs. Update installation The following update paths are available: Inventory your Exchange Servers to determine which updates are needed using the latest release of the Exchange Server Health Checker script. Running this script will tell you if any of your Exchange Servers are behind on updates (CUs, SUs, or manual actions). Install the latest CU. Go to Microsoft 365 Deployment Guides and Setup Wizards | Microsoft 365 Apps and choose your currently running CU and your target CU to get directions. If you encounter errors during or after installation of Exchange Server, see the SetupAssist script. If something does not work properly after updates, see Repair failed installations of Exchange Cumulative and Security updates. Known issues with this release We are not aware of any known issues with this release. Issues resolved by this release In Exchange 2013, Exchange 2016, and Exchange 2019 various Outlook and compliance-related monitoring probes show as Failed once EP is enabled. FAQs My organization is in Hybrid mode with Exchange Online. Do I need to do anything? Exchange Online is already protected, but the October 2022 SUs need to be installed on your Exchange servers, even if they are used only for management purposes. You do not need to re-run the Hybrid Configuration Wizard after installing these updates. Do I need to install the updates on ‘Exchange Management Tools only’ workstations? Servers and workstations running only the Management tools role (no Exchange services) do not need these updates. This post might receive future updates; they will be listed here (if available). The Exchange Server Team Continue reading...

Continuing with our release cadence, we are pleased to announce the release of SQL Server 2022 Release Candidate 1 (RC 1) for Linux. To download the latest RC 1 container images, please use the ‘2022-latest’ tags for both RHEL and Ubuntu based container images. Or you could also use the following tags : For RHEL-based SQL Server containers : "2022-RC1-rhel-8.5" For Ubuntu-based SQL Server containers : "2022-RC1-ubuntu-20.04" Please see SQL Server 2022 public preview blog for detailed instructions on how to get started with the container images. To install the SQL Server 2022 RC 1 packages, follow these steps: For RHEL-based installations see RHEL: RHEL: Install SQL Server on Linux For SLES-based installations refer: SLES: Install SQL Server on Linux For Ubuntu-based installations refer: Ubuntu: Install SQL Server on Linux In addition to the new features added in RC 1, this Linux release includes a preview of SQL Server 2022 packages for SLES 15 distributions. Also, the configuration of PMEM for SQL Server on Linux is supported since SQL Server 2019, you can read Configure persistent memory (PMEM) - Linux - SQL Server for further details. For information on the features supported, see : Editions and supported features of SQL Server 2022 Preview - Linux - SQL Server , and for release notes, see  Release notes for SQL Server 2022 Preview on Linux - SQL Server Continue reading...

Microsoft 365 Defender Monthly news September 2022 [attachment=23497:name] This is our monthly "What's new" blog post, summarizing product updates and various assets we have across our Defender products. Legend: [attachment=23498:name] Product videos [attachment=23499:name] Webcast (recordings) [attachment=23500:name] Docs on Microsoft [attachment=23501:name] Blogs on Microsoft [attachment=23502:name] GitHub [attachment=23503:name] External [attachment=23504:name] Product improvements [attachment=23505:name] Previews / Announcements Microsoft 365 Defender [attachment=23506:name] Discover XDR integrations and services in the New Microsoft 365 Defender Partner Catalog. We’re excited to introduce the new Microsoft 365 Defender Partner Catalog, which enables you to easily discover technology and services partners that work with the Microsoft Defender suite of products, all from a central place. Microsoft Defender for Cloud Apps [attachment=23507:name] If you could not join the Webinar "Manage your SaaS Security Posture with Microsoft", it's available on YouTube for you to watch. [attachment=23508:name] Top Threat Protection Use Cases in Microsoft Defender for Cloud Apps [attachment=23509:name] Egnyte API connector is generally available The Egnyte API connector is generally available, providing you with deeper visibility and control over your organization's usage of the Egnyte app. For more information, see How Defender for Cloud Apps helps protect your Egnyte environment. [attachment=23510:name] Log Collector version update We've released a new log collector version with the latest vulnerabilities fixes. More details here. [attachment=23511:name] Onboarding application to session controls (Preview) The process of onboarding an application to be used for session controls has been improved and should increase the success rate of the onboarding process. More details here. Microsoft Defender for Endpoint [attachment=23512:name] New Device Health Reporting for Microsoft Defender for Endpoint is now generally available. We’ve redesigned the dashboard so that you can view sensor health and antivirus protection status across platforms and easily access detailed Microsoft Defender for Endpoint information. [attachment=23513:name] Attack Surface Reduction (ASR) Rules Report 2.0 in Microsoft 365 Defender. We are excited to bring a new ASR Rules report 2.0 to you. Try out the report and let us know what you think. Email: ASR_Report_Support@microsoft.com [attachment=23514:name] New features available for Mobile Threat Defense on Android & iOS. Privacy Controls, Optional Permissions and Disable Web protection. As of 9/20/22, privacy controls and web protection configuration for Android MAM are now generally available. [attachment=23515:name] Tamper protection will be turned on for all enterprise customers. To further protect our customers, we are announcing that tamper protection will be turned on for all existing customers, unless it has been explicitly turned off in the Microsoft 365 Defender portal. [attachment=23516:name] We are excited to announce that Microsoft Defender for Endpoint is now available on Android Enterprise (AE) company-owned personally enabled (COPE) devices. This release adds to the already existing support for installation on enrolled devices for AE bring your own device (BYOD) and AE fully managed modes, the legacy Device Administrator mode, and the unenrolled mobile application management (MAM) devices. [attachment=23517:name] Improving device discoverability and classification within Defender for Endpoint using Defender for Identity. Leveraging Microsoft Defender for Identity as a data source for Microsoft Defender for Endpoint device discovery can help improve discovery coverage and fine tune the classification accuracy. In this blog post, we show how deploying Microsoft Defender for Identity alongside Microsoft Defender for Endpoint can increase both your discovery of devices by ~11% as well as enrich findings by another 33%. [attachment=23518:name] Device health reporting is now available for US Government customers using Defender for Endpoint. Device health reporting is now available for GCC, GCC High and DoD customers. [attachment=23519:name] Troubleshooting mode is now available for more Windows operating systems, including Windows Server 2012 R2 and above. [attachment=23520:name] Check out the "What's new in Microsoft Defender for Endpoint on Windows" page on docs. Microsoft Defender for Identity [attachment=23521:name] If you could not join the Webinar "Microsoft Defender for Identity | Identity Targeted Attacks - A Researcher's Point of View, it's available on YouTube for you to watch. [attachment=23522:name] More activities to trigger honeytoken alerts New for this version, any LDAP or SAMR query against honeytoken accounts will trigger an alert. In addition, if event 5136 is audited, an alert will be triggered when one of the attributes of the honeytoken was changed or if the group membership of the honeytoken was changed. [attachment=23523:name] New health alert for verifying that the NTLM Auditing is enabled, as described in the health alerts page. [attachment=23524:name] Updated assessment: Unsecure domain configurations The unsecure domain configuration assessment available through Microsoft Secure Score now assesses the domain controller LDAP signing policy configuration and alerts if it finds an unsecure configuration. For more information, see Security assessment: Unsecure domain configurations. Microsoft Defender for IoT [attachment=23525:name] If you missed the Webinar "The Last Piece of the XDR Puzzle - Augmenting IT SecOps with IoT Security", it's now available on YouTube for you to watch. Microsoft Defender for Office 365 [attachment=23526:name] Step-by-step guides v2 has been released! These guides are there to help you with common tasks across the product in a flash, with the minimum information & clicks needed, reducing the time needed by your admins to secure your enterprise. [attachment=23527:name] Introducing the Microsoft Defender for Office 365 Security Operations Guide. When Defender for Office 365 is used, SecOps need to onboard the new tools and tasks into their existing playbooks and workflows. That might come with challenges and questions, such as: “Where do I start? What actions/tasks should I take? How do I integrate with my existing tools and processes?” The Microsoft Defender for Office 365 Security Operations Guide provides useful information to answer these questions. (Security Operations Guide for Defender for Office 365 - Office 365) [attachment=23528:name] Email Protection Basics in Microsoft 365: Spoof and Impersonation. The blog series continue to demystify how Microsoft 365 email protection works. [attachment=23529:name] Automatic redirection from Office 365 Security and Compliance Center to Microsoft 365 Defender portal - for Government environments. Automatic redirection for users accessing the security solutions in Office 365 Security and Compliance center (protection.office.com) to the appropriate solutions in Microsoft 365 Defender portal (security.microsoft.com). This impacts the following Gov environments: GCC, GCC-High and DoD [attachment=23530:name] Defense in Depth guidance has been published. Guidance designed to get the best security value from Microsoft Defender for Office 365 when you have third party email filtering. Microsoft Defender Vulnerability Management [attachment=23531:name] As of 9/26/22, Vulnerability assessment of apps on iOS devices is now in Public Preview. To configure the feature, read the documentation. Continue reading...

These are the best practices and tips to set yourself up for success with Windows Autopilot. Windows Autopilot is a feature within Intune that allows you to send devices directly from hardware providers to end users. New device provisioning is foundational to cloud attach and cloud-based update management. During initial Windows setup, Autopilot enables users to enroll their device through Intune device management, so PCs get to a managed and productive state without reimaging. Principal GPM for Microsoft Windows, Jason Githens, compares the benefits and tradeoffs of Azure AD Join versus Windows Autopilot and shows how to enable Windows Autopilot for easy device enrollment. No pre-prep. Direct delivery to end users. Get automatic policy and app implementation. Configure profile and security baselines that scope to all devices. Set up enrollment to be co-managed when installing dozens of apps for new device provisioning. Watch our video here. QUICK LINKS:  — Introduction  — Options to enroll devices into Intune  — Benefits and tradeoffs of Windows Autopilot  — Admin setup  — Autopilot settings  — Tips for success  — Wrap up Link References: Get started at Windows Autopilot documentation Check out our playlist for Windows cloud-based management at https://aka.ms/ManagementMechanics Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries?sub_confirmation=1 Talk with other IT Pros, join us on the Microsoft Tech Community: Microsoft Mechanics Blog Watch or listen from anywhere, subscribe to our podcast: Microsoft Mechanics Podcast To get the newest tech for IT in your inbox, subscribe to our newsletter: Why, How & When to use New Microsoft Tech. - Revue Keep getting this insider knowledge, join us on social: Follow us on Twitter: Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: Instagram Loosen up with us on TikTok: TikTok Video Transcript: -Coming up, we’ll go inside Windows Autopilot with the mechanics of how the service works, best practices for configuring it, as well as a few tips to set yourself up for success. Continuing on in our series on cloud-based Windows management, where we’ve demonstrated the importance of cloud attach and cloud-based update management, new device provisioning is foundational to the experience. And Windows Autopilot is a feature in Intune that allows you to send new devices directly from your hardware providers to end users. Then, during initial Windows setup, Autopilot enables the user to enroll their device into Intune device management, so that the PC gets to a managed and productive state without needing to reimage it. -Windows Autopilot is actually one of four primary options to enroll Windows device into Intune. I’ll start with the options using a device that has already been set up and is running Windows 10 or Windows 11. Here, users can self-enroll their personally own devices by installing the Company Portal app, then register the device using a Microsoft 365 work or school account. If you have set up auto enrollment in Azure AD and Intune, the user will only need to enter their credentials once. -The second option that you’re probably familiar with is Workplace Join. Enrolling from Windows settings and the access work or school menu, then choosing connect and signing in with your org account. Both of these options are intended for personally owned devices. The option from the Windows settings is called MDM only enrollment and isn’t recommended. That’s because it does not register the device with Azure Active Directory and can prevent access to things like your organization’s email or security capabilities like conditional access. So those are the options for enrolling a running PC, but for a new corporate owned PC, you have a few additional options. -First, you can sign into Windows using the same Microsoft 365 work or school account during Windows setup. This is called Azure Active Directory Join. And again, if auto enrollment is enabled for your Azure AD and Intune environment, the device will get automatically enrolled in one step. Then, Windows Autopilot is another option where the user is offered the option to sign into their work or school account with a streamlined experience for the user during setup. With these two options during Windows setup, devices will be marked as corporate-owned devices in Intune. And using any of these four options after the device is enrolled with Intune, and based on what you’ve set up as required configurations, Intune will install your apps and apply policies required to connect your organization’s data and services. -The advantage of the first user self-enrollment and Azure AD join options are primarily with flexibility, in that any Windows 10 or Windows 11 Pro or Enterprise device can use this approach without any pre-prep or coordination with your hardware providers. And as long as your users are aware of Intune enrollment options and procedures, those devices can also be directly delivered from hardware providers to end users. And after device enrollment, devices will have your required policies and apps applied automatically. This option works well for unregistered devices, also referred to as commercial OOBE. -Windows Autopilot on the other hand is used when you want to register devices to your tenant and establish organizational ownership of devices in advance. Now let’s go deeper on the benefits of Autopilot compared to the other options. To display a few benefits versus Azure AD join, I’ll walk through the screens for Windows 11 setup with and without Autopilot enabled. On the left, we’re using Azure AD join and on the right we’re using Autopilot. As we go through the experience, you’ll see that with Autopilot, the big advantage for the user is in its streamlined setup, removing the keyboard config screens, Microsoft license terms, and after the enrollment status page, the privacy setting screen is also taken care of. Then importantly, Autopilot can also enforce that the user account setting up the device is set up to be a standard user account for security reasons, not a local device administrator. -Another capability worth noting that applies to both Azure AD join and Autopilot methods that you just saw, is the enrollment status page, which is a screen that displays installation progress to the user during setup. And as an admin, you can optionally block device usage until all apps and profiles are installed, ensuring the device is fully business-ready before a user can interact with it. -So now that I’ve shown the options for device enrollment and the Windows Autopilot experience versus Azure AD join, let’s switch gears to the admin options for setting up your Intune environment, so that any Intune enrolled device receives your required apps and policies, then I’ll show you how to set up Windows Autopilot. First, you can use configuration profiles to configure all of your required policy settings, as well as default Wi-Fi settings and more. You’ll see that I have several created here, and many of these are targeted to all devices. To save time, in endpoint security, security baselines, you can easily create policies with Microsoft security recommendations enabled by default, that you can scope to all devices. Here, you can see all of the categories. I’ll expand this one for application management, and you’ll see a few important settings to block unwanted app installation. Finally, if I navigate to my Windows apps, these ones marked all are installed on all enrolled devices, and the ones without the all prefix are optional apps that users can self-install. -Again, regardless of how a device enrolls into Intune management, it will automatically get the settings applied for my configuration profiles and security baseline, as well as the apps I just showed their defaults for all devices. Now with my foundational configuration set, let’s move on to Windows Autopilot settings. I’ve navigated to device enrollment, under Windows Autopilot deployment program, you’ll see the deployment profiles as well as devices. Now to give you an idea of how the devices and deployment profiles apply in this scenario, here’s how the Autopilot workflow works. Windows Autopilot works by using unique hardware IDs that get assigned to your organization. -When a device with a hardware ID that you own connects to the internet and the Autopilot service during setup, it applies a set of policies that you’ll configure using an Autopilot deployment profile that I’ll show in a minute. Then after the user signs in, it’s just the standard Intune device enrollment with the option to display the enrollment status page, or go straight to an active desktop. Let me show you how this works. In my case, my hardware provider registered hardware details for each machine on my behalf. And in the admin center, I can optionally assign a user to a device so that once they connect to the internet, it will automatically show their username for initial sign-in like we saw before. And by the way, you have the option to block unregistered devices, so that only devices you trust can enroll. -Now, the Autopilot service knows that those devices belong to my organization, so I just need to provide the service a few instructions so it can streamline the setup experience. To do that, I’ll create the deployment profile, give it a name, Mechanics, I’ll select the mode, the most common mode is user-driven, in my case, I’ll stick with that. I’ll also keep Azure AD joined, but hybrid Azure AD joined is another option. For the rest, I’ll keep the defaults to skip licensing, privacy, and keyboard configuration screens. And before I move on, this option here for pre-provision deployment allows IT to take initial delivery of the device to set it up with apps and policies, then forward it onto its user. -Next, in assignments, I can add the groups I want to scope for this profile, and now I just need to review and create the profile. To complete the experience, I’ll show you how to set up the enrollment status page. This configuration isn’t in the Autopilot section for device enrollment, because it applies to both Azure AD join and Autopilot as I mentioned earlier. I’ll go ahead and create a new instance, name it Mechanics. This is where you enable it, so I’ll set the show app and profile configuration progress to yes, and here I can define a timeout period and whether to show a custom message. Below that is where I can block device usage if I want until provisioning is complete. And I’ll keep the rest of the defaults. Now I just need to assign, add optional tags, and review, that’s it, and I have everything set up for my hardware partner to start delivering devices to my user. -Next, with everything running, let me give you a few tips that will help ensure success with your Autopilot Azure AD join or self-enroll based deployments. First, if you’re currently using tools like task sequences and Configuration Manager for image based deployment or app sequences, Windows Autopilot should not be thought of as a direct replacement to that. And even if you’re amazing at scripting complex multi-app installs, it won’t be as reliable as a task sequence. If you need to install dozens of apps for a new device provisioning, you’ll probably want to set up Azure AD join or Autopilot device enrollment to be co-managed. Then let Configuration Manager take over once the device is under management, so it can run an app only task sequence. -Another option to look into is just installing a small core set of apps like Office, a VPN client, and a few other must-have apps. If you recall, those are the ones I had marked as all before in my apps list. Then, let the users self-select additional apps they might need using the company portal, like the ones we saw before without the all naming prefix. If users are okay installing apps with Google Play or on Android or the App Store on iOS, there are probably happy to self-select a few apps they need from the company portal and Windows too. -So now, you know how Windows Autopilot works and how it compares with other enrollment and provisioning options using Intune. To learn more, check out aka.ms/WindowsAutopilotDocs. Check out our complete list for Windows cloud-based management at aka.ms/ManagementMechanics. And keep checking back to Microsoft Mechanics for all the latest tech updates. Subscribe if you haven’t already, and thanks for watching. Continue reading...

Apple Business Manager (ABM) is a program with the combination of Automated device enrollment (ADE, formerly called DEP) and Volume purchase program (VPP). This is a web-based application which helps organizations to seamlessly onboard and manage devices starting with initial device setup. We recently implemented Apple Business Manager internally for managing corporate procured devices (before this implementation, these devices used to enroll as BYOD). In this blog, I will be sharing our observations and learning.   As most of us are curious about what benefits/challenges we will have by having this additional service, here are some of the immediate benefits we observed during the implementation. Apple Business Manager service can be used for any Apple device procured by organizations like Mac Devices, iPhone and iPads. Simplifies the device lifecycle, for both IT and end users, from initial deployment to end of life. Devices can be managed and configured with corporate policies from the initial device setup. Automated enrollment increases the security of the device and decreases the time for devices to be ready for productive use. Users will no longer have to configure their device manually, with a few simple operations from the user it will make the device ready to use. IT professionals can control the behavior of the device setup and user experience based on the organization requirements. You can have multiple enrollment profiles based on group/division requirements to control the user experience. Same as benefits, we observed some of the challenges during the implementation of ABM service. If the company portal app is installed manually before Intune deployed (with required intent), then the device registration will not work, and user see the error “Couldn’t add your device”. If your organization has conditional access (CA) enforced, then CA requires the device to be registered in Azure AD. When device is enrolled to Intune using the ABM approach, by default device is not getting registered. To get the device to reregister without any problem the Company portal application requires to deploy from Intune and requires user sign-in to the app (currently there will be a user experience difference between IOS and Mac devices). If the required company portal app (which deployed from Intune) is not the latest or no longer supported, then the users get a notification saying “Version is not supported” during the device registration action. This notification can potentially cause user confusion or delay in the device registration until it updates. This will be a challenge to IT professionals to keep the required application as latest version. It is possible to have multiple ABM instances tied to a single MDM instance but there are some limitations: There will be a challenge in verifying the device assignments for all the devices in one location, you need to toggle between them. Apps and Books tokens (VPP) can’t be shared between two instances. [*]There is a potential issue if users try to migrate data from old device to new device during device setup. You can avoid this by hiding the “Restore” setting in the enrollment profile. If your organization allow users to do the migration, you should allow users to unenroll the device by configuring the Enrollment profile setting “Locked enrollment” settings to “No”. And ensure that users do not perform a backup whilst the device is enrolled. Now you might be wondering about the requirements to implement Apple Business Manager Setting up a new Apple Business Manager Account is required to establish a process to get the device added to the service when organization procured any Apple device. Sign up for Apple Business Manager - Apple Support [*]To control the permissions and provide access to operate the service, it requires managed Apple IDs and these can be created in ABM portal. (These accounts are not end user accounts, they are specific to ABM) [*]Apple MDM push certificate (APNs) is required to manage Apple Devices, and the certificate is valid for one year. Failure to renew the certificate before expiry interrupts the device management and requires re-enrolling all Apple devices. Get an Apple MDM Push certificate for Intune [*]Apple device enrollment program Token is required to establish communication between Intune and Apple Business manager service. With this token, new device details and enrollment profiles settings can sync between both the services (Once the device added to ABM, device show-up in Intune within 12 hours automatically but you can do manual sync once every 15 minutes). This certificate is valid for one year and requires renewing before expiry to avoid any synchronization issues between Intune and ABM. Tutorial - Use Apple Business Manager to enroll iOS/iPadOS devices in Intune - Microsoft Intune [*]Configuring Volume Purchasing Program Token is required to sync the content between services and to purchase apps and manage licenses for organization and deploy them using Intune. Manage Apple volume-purchased apps - Microsoft Intune [*]Once you have completed the enrollment token configuration, now it is time to create enrollment Profiles to apply defined settings and control the behavior on the device. Based on your organization requirements you can configure multiple profiles (limit is 1000 enrollment profiles per token). I hope this blog has helped in understanding the implementation of Apple Business manager service and integrate with Intune. Continue reading...

In the digital era, contacts have become increasingly important. They help users to create new relationships and nurture existing ones, which form building blocks to lasting relationships that enable users to do more. We often hear from our users that their contacts get stale over time, and they would like them to update automatically. Our users also find organizing contacts challenging. They want an easy way of organizing contacts into relevant categories of people from mail, calendar, and People hub. You asked and we delivered We understand and appreciate this need and have some exciting news to share with you! Today, we’re pleased to announce that we’ve introduced a new set of intelligent experiences to help you better access and manage your contacts: Self-updating contacts (for enterprise users only) to always keep contacts up to date. Contact categories to easily organize, find, and connect with contacts. New contact editor to add, update, and manage contacts. Upgraded People hub to view, manage, and collaborate with contacts. Self-updating contacts (for enterprise users only) All the new contacts you add from the people card of a person belonging to your organization will be self-updating contacts. These contacts automatically stay up to date based on the organization directory. Any modifications made to contact details, such as phone number, department designation, etc., will automatically be updated in the contact. We also ensure that users can choose what information to persist in their contacts without losing any data. Users can choose whether they wish to keep their personal edits or override their edits with the suggested update. No more stale contacts! An image of the People card demonstrating the new self-updating contact feature (for enterprise users only) in OWA. Organize contacts using Categories Moving away from the traditional way of organizing contacts, we’re introducing Categories—a new, easy, modern, and flexible way of managing contacts replacing the existing folders. Categories are just like tags; you can apply these tags to contacts to group contacts into desired categories. Categorizing helps selectively view contacts associated with that category for faster retrieval and collaboration. You can add categories to a contact from their people card in mail, calendar, or in the People hub. Your existing folders are migrated to categories, and you'll see them as categories in the left navigation pane. Contacts that were in a particular folder(s) are stamped with categories that share the same name as the folder. These can be accessed by clicking on the category in the left navigation pane. An image of a screenshot demonstrating how contacts are migrated to Categories in the People hub. New contact editor Introducing our new contact editor, which brings a new and better visual experience. The new contact editor allows you to create, update, and categorize contacts, and manage them from the email, calendar, and People hub so you can focus on your core job while simultaneously managing your contacts. An image of a screenshot demonstrating how contacts are migrated to Categories in the People hub. People hub The abovementioned new experiences and the Outlook Web App (OWA) People hub are powered by the new, rich, and intelligent contacts schema. What can you do in People hub? View, manage, and organize your contacts Create and manage personal contact lists Access important contacts by favoriting them Quickly call, message, and email contacts/contact lists All of this and more! How can you access the new contacts features? Sign into OWA and select the People icon  in the left navigation pane that shows a list of apps within Outlook. An image of a screenshot demonstrating how to access the People hub when signed into OWA. We’re listening!  Our goal is to make it easier for you to manage contacts with our latest technology in the People hub. With this latest update, we hope you'll find it easier to access and manage your contacts. Let us know how you feel about these features. If you have any questions, feedback, suggestions, or any issues to report, please post it in the blog's comment section below, or email us at: contactMgmtFeedback@microsoft.com. We'll use this feedback to improve our offerings.  Gargy Shekhar Senior Product Manager  Continue reading...

For our latest MVP Feature Focus, Sharon Sumner takes us step by step through setting up and managing approvals in Teams, and Vesa Nopanen talks through a great way to get real time feedback from your audience with Teams Polls. We hope you enjoy this new show and as always, welcome your feedback at IMT@microsoft.com on what we can continue to do to help make the show a key resource in your deployment, adoption, management, and securing of Microsoft Teams. Approvals in Teams with MVP Sharon Sumner (Sharon Sumner [MVP] | LinkedIn) SharePoint Sharon, as she is affectionately known, has been an Office 365 and SharePoint online advocate since inception. She is a Microsoft Business Application and Microsoft 365 Apps & Services MVP who is passionate about community events and runs the Cambridge Power Platform User group, as well as being a speaker at worldwide community events. Sharon is the CEO of Business Cloud Integration Ltd, who are a Microsoft Gold ISV partner, as well as a Charter Partner of Microsoft's SharePoint Business Applications Program and Associate Partners in the Content Services Program. Microsoft Teams is setting the standard in cloud service development, and the team is delivering new or improved features as fast as the adoption curve is growing. One of the areas of Teams that is continuing to evolve is the use of approvals, so I picked approvals as the “what’s new” topic to discuss with Stephen Rose on his “Inside Microsoft Teams” show. Approvals – what are they? As a Business applications MVP, I’ve been playing with approvals since they first appeared in Microsoft 365. The principle is simple: something needs approval – that something can be a document, like in the old days with SharePoint workflows, or a list item or now, anything you can describe in a form. Behind every approval is a flow, running the rules of who to ask for approval and how. This is something that you can leave as simple or customize to be as complex as you like. Figure 1 - Approvals in Teams pinned to the left rail. The process advanced to then allow you to display adaptive cards (actionable approve / reject within a Teams channel) and then to summarizes all your approvals in one view inside Teams, and while it feels like we’ve had the functionality forever, this is literally just over a year old. The Approvals app has been created by Microsoft so most organization allow the app to be installed and, if you use it as often as me, you’ll pin it to the left rail for speedy access. As you can see from the image, Adobe Sign and DocuSign integration are also now available. Stephen did a great video on this already in the series for Adobe Sign – you simply login and all your approvals are in one place. Genius! So, what’s new? Well, the part that is new is the ability to export your approvals…but before we get to the good stuff, a little more functionality needs to be explored to show you why I like it. :smiling_face_with_smiling_eyes: Custom approvals The ability to create an approval in SharePoint is pretty old now; you can create a simple or super complex flow off the back of a SharePoint list directly or via a Power App etc. They can do cool stuff, like in the image below where we are clicking a button to start an approval process that adds a watermark to your document (created using the document name and version number) and then waits for approval before either sending out to the customer or back to the requestor with the feedback for improvement. Figure 2 - Approvals in Power Automate In true Microsoft style though, they have worked on the most common use case of a simple approval and made it so that there is now a way to make your own approval, your way with NO CODE. As the functionality is in Teams, it’s also able target a specific team or org wide. This means you can now create your own custom approvals just for your own small or large group who to approve, well, anything! Figure 3 - Approvals templates in Teams In the interview with Stephen, I showed the Microsoft templates again, covering the most common use cases and the scenarios that will likely be close to what you need, or you can start from scratch and use the wizard to create your form and approval process. Each approval flow has a form creation/edit experience just like that of Microsoft Forms, where you can add text, choice, or date fields to your form. As an advocate of getting to business value faster, I think that this is something that needs to be added to any organization’s standard Teams training agenda. The days of hooking up a form to some back-end functionality and/or writing coded solutions for simple, everyday business requirements is simply gone. And the new bit…. Well, hopefully you saw in the recording the part that I think adds to the whole value for the process is the ability to export your approvals. You can decide to export a data range of either the approval requests sent to you or those that you have sent for approval. Why do I like this: well, I see this as a great way to evaluate the effectiveness of the process because the data has the date it was requested and approved and by whom. This means we can take the Excel output, which is conveniently saved to your OneDrive, and point Power BI directly at it. Any business process that has the built-in ability to review and create insight is something that can improve and affect performance. The outputs of the export process are split into one file for the standard approvals and another one for each custom approval process – again, this is a bit more thought from Microsoft on how we are likely to use the data. We can now combine into a single report a single targeted process for audit/compliance/confidential processes easily, and more importantly, this is directly in the hands of the teams that need to create and report on that data. I do love a tool that gives the business control of creation all the way though to reporting, and the approvals app in Teams now has this end-to-end feature set delivered directly to the users. I hope you found this summary useful, please let us know if you’d like more content like this by using the thumbs up or comments below. :smiling_face_with_smiling_eyes: Here are some reference materials for those that want to go and play. Create an approval from a chat or channel - Power Automate | Microsoft Docs Create an approval from the approval’s app - Power Automate | Microsoft Docs Get started with Power Automate approvals - Power Automate | Microsoft Docs Manage your approvals in Microsoft Teams - Power Automate | Microsoft Docs Using Polls in Teams with MVP Vesa Nopanen Vesa Nopanen is a Principal Consultant and Microsoft MVP (Microsoft 365 Apps & Services), working on Metaverse and Future Work on Microsoft Cloud. As a trusted advisor, he helps organizations in future technology, collaboration, and productivity. Metaverse enables businesses to innovate new models and processes with the help of AI, while enabling new ways to meet, work, collaborate, and share experiences together. He is guiding organizations on the road into the Metaverse. Vesa is extremely passionate about Metaverse and how it – with Microsoft Teams – can change how people work together now and in the future. Vesa has 25+ years of experience in IT in various industries, domains, and roles. He is also a futurist, active speaker, blogger, evangelist, and technology community member. Thank you, Stephen Rose, for inviting me to make a guest appearance on this excellent show that highlights recently added new features and capabilities for Microsoft Teams. There are several new features that have been added to Microsoft Teams Polls recently that everyone should be aware of. Rating and Ranking Polls make it easy to get feedback from your audience, Suggestions gives you ideas on what to poll from your attendees, and finally you have the option to Re-use Polls you have used in meetings earlier. Before going to these new features, I have found out that many people are not aware that you can add applications to Teams meetings. Polls is one of those applications you can add to meetings. So, I want to start by telling how you can do that. Adding Polls application to your meeting When you have created your meeting in Teams Calendar, go to edit it by opening the meeting. On the top tabs, you can see Chat, Files, Details and so on. The last one is a plus (+) sign. When you click it, you can add a new application to the meeting. After clicking + you can either select Polls directly or search for it and select it. It is good to note that applications you have recently added are displayed first – so in many cases you don’t have to even search for Polls. When you click on Polls the adding process begins. The next step is to confirm to add it. You do this by clicking on Save. And that’s it: you have just added an application to your meeting! You can see the application with options to add new polls and using recent ones or suggested polls. As best practice, create polls before the meeting begins. This means you have been thinking about the meeting, the audience, and the results and goals you want from the meeting. You can even activate polls to attendees before the meeting if you want to collect feedback or ideas in advance to make the actual meeting better and more efficient. You don’t have to use Suggestions or reuse recent polls – you can always go ahead and create a new one from scratch. Quiz is an excellent poll type that can be used to test knowledge or keep your audience on their toes, knowing you will be testing if they have been listening to you. Word Cloud lets you get feedback from attendees you didn’t think ahead – getting open text responses helps with innovation and collecting ideas, or setting goals you want to address in the workshop. Polls are extremely important and flexible way to boost engagement and an easy way to collect feedback. Suggestions The new Suggestions area gives you ideas on what polls you could be using to engage your audience. It can be a warm-up, set the tone of the meeting (what’s the attendees’ knowledge level) or collect audience insights. There are number of use cases on how to use Polls to engage your attendees. In fact, one purpose of polls is to make sure the meeting is more interactive, and people are engaged. Suggestions help this by lowering the threshold to post new polls. Generic and warm-up questions are easily added to the meeting using polls. In the Suggestions pane on the right side, you get a selection of polls to pick from. For example, the image above is suggesting polls that give you insights about the product to collect feedback from attendees easily. What Suggestions also does is gives you an idea of what kind of polls you could create. There are options to use different symbols and graphics for Rating (numbers 1-5 and starts in the image) and different types of polls (Rating and Ranking). When you click on a suggested poll you feel would work for the meeting, it opens. Rating We selected one of the suggested Rating polls. This means we want to collect feedback about something, and people can answer us very simply by clicking the number that resonates the best for them. In the view above, you can edit the shown options. Suggested polls are a kind of automated template – you choose the one that you feel would work and then edit it to suit your needs. Everything is editable in this screen: you can change the title, how many rating levels you want to have, what’s the symbol you want to use, and what the bottom and top levels mean. As the above image shows, there are lots of fun options for Rating symbols. You can also change the option to record names of people who answer to the poll and share aggregated results to everyone in the meeting, and of course, allow your co-presenters to edit your poll before it is launched. Co-presenters are important in workshops, webinars, townhalls, and other events that have more than one presenter. When you click Save as draft, it will appear in the Polls application where you can edit it more or delete. Ranking The second suggested poll is a Ranking type. As before, you are able to edit all options in this view. Ranking lets people select the order of answers from preferred (on top) to least preferred (bottom). This way you can rank different ideas, prioritize tasks, vote on options, or even find the most preferred restaurant or swag. We have three options in this example, but it is easy to add more by clicking + Add option. What I especially like is the Shuffle options switch. This means that all attendees will get a shuffled list, instead of options being displayed in the order you chose, which might affect their own opinions. After saving the poll as a draft, it will appear in the Polls application. Using Polls in meetings When you have Teams meeting open you can see Polls in the top of meeting screen. When you click on Polls, the application opens to the right pane and lets you use pre-created polls easily. You can open the poll to attendees by choosing Launch. The audience can then select their answer and submit their responses. In the right pane, we can see the aggregated results of how attendees are answering. In the right pane, you can also use the dropdown menu to access other options for the poll. On the right pane you can also use the dropdown menu to access other options for the poll. You can close the poll, no more answers, view detailed responses, export results to CSV file and delete the poll. Response details is a very good way to see individual responses. When you close the poll, attendees can no longer answer to that. But you can re-open the poll in case you come up with the situation, or close poll by accident, where you need more feedback. When you launch a rating poll into the meeting attendees have a similar dialogue. They get choices shuffled, because we switched that on during creation of poll. Attendees can then drag and drop options to their liking – the best one on the top. They can also use arrows on the right to move options upwards or downwards. This is how easy it is to use Polls in meetings, especially when you have created polls in advance. But we don’t always remember to do that. Adding Polls application ad hoc to meeting Sometimes we have meetings we didn’t think we would need or use polls there. And when you have suddenly the need you think “How I can add polls to this meeting”. Don’t worry – it easy! First you open application adding dialogue to the meeting by clicking the big + (Apps) icon. After submitting results we can see results on Polls application on the right pane. In that dialogue you can search for Polls – or like we have in this case – select it by clicking when you see it and confirm the adding to the meeting. After you have added the Polls just click on Polls on top meeting bar and you can add a + New poll, reuse poll you have used before or use suggested polls. New poll lets you create a new one from the scratch. Reuse and suggested polls can save you time in a meeting – especially if you keep using similar polls like How are feeling and so on during meetings often. After you close the meeting you can see all polls and results in the polls application / tab. On each poll you can use the dropdown to Reopen polls, export results to CSV file or deleting the poll. You can also create new polls even when the meeting is closed. Perhaps you want to use polls to collect feedback from your attendees also after the meeting. For example to vote on decisions. Why schedule a meeting again, when you can use polls to collect feedback? You can also use Polls in channels or chats. In there it is under name Forms and it has only the option for multiple choice questions available. As a small detail, Polls are part of Forms application in Microsoft 365. When a person creates a new poll, that poll ends up in that person's Forms forms. To access these you need to go to Forms application in Office 365 (or directly to Forms.Office.Com) and select All Forms on top right bottom in this picture. Then you can access all your Polls you have used in Teams. However all Polls are read-only in Forms application, so the purpose to use Forms application to manage them would be most often finding an old poll and re-exporting the result or removing old ones. What about if you don’t have Polls application available? This is something you need to contact your IT Administrators about. They need to enable Polls application in Microsoft Teams meetings – and also make sure that Forms is available to users. They need to make sure that the application is allowed in Teams Admin Center. Admins can also allow / restrict access to applications (such as Polls) with Permission policies – controlling the use of app for groups of people. For example Polls would be available to Product Development, but would be disabled for everyone else. The IT Admins can also control Microsoft Forms application in licensing to people. In case Forms has not been licensed to the person, they can not use Polls either. You can also refer to Microsoft Support article how to add and use Polls in meetings. Continue reading...

Today, Microsoft Viva unveiled a new service designed to help people find solutions and save time. Answers in Microsoft Viva connects employees to the answers they need by crowdsourcing knowledge from across the organization. Answers is a conversational experience for asking questions and connecting to experts for answers. Natural language processing helps match those questions with any existing answers, and the experience rewards experts who contribute back to the knowledge base. Answers works across the suite to connect employees based on their subject matter expertise captured in Viva Topics, to get their questions answered, connect with new experts, and increase their learning. Initially it will come to Viva Engage and then to Topic Pages in early 2023. Answers within Viva Engage A new Answers tab in Viva Engage will serve as a hub for employees to ask questions, find solutions, discover knowledge, and help coworkers. The Answers tab will be available within Engage to Viva Suite customers. Answers in Viva brings knowledge to you across Viva Engage web, client, and mobile experiences. Answers helps organize questions and solutions by connecting to existing knowledge and experts. A look at the Answers hub in Viva Engage Users can ask questions, see recommendations, and contribute their own answers to open questions. Add a Topic to see recommended similar questions Users can also follow individual topics and get notifications when new questions are available. Targeted feeds and rewards help encourage experts to share their knowledge and help coworkers. Get rewarded for participating and answering questions And analytics provide a view into both individual contributions to the organizational knowledge base and the value of the overall solution to the organization. Watch this Microsoft Mechanics video for a demo on how Answers shows up in Viva Engage. Answers within Viva Topics How many times have you faced a question but were unsure who to ask? Viva Topics can help. Since Viva Topics already lists suggested experts for a given subject, it's a natural place to connect questions with experts who can answer them. In time, Answers will come to Topic Pages. More resources In case you missed it, watch the Empowering Your Workforce in Economic Uncertainty event and hear from Satya Nadella, Chairman and CEO of Microsoft, Ryan Roslansky, CEO of LinkedIn, and Jared Spataro, Microsoft's CVP of Modern Work, for urgent insights every leader needs to know in a rapidly changing economic environment. To learn more about other Microsoft Viva innovations announced today, read the Microsoft 365 blog by Seth Patton, check out the Microsoft Viva website, and explore the Viva Innovation Brochure. Stay tuned as we’ll have more to share about Microsoft Viva soon! Continue reading...

Browsers are becoming a place for people to get a lot of focused work done. And we all know that when you multitask there is a high chance of losing focus and context. For instance, you might be reading an interesting article on the browser and suddenly receive an email notification and your browser tab is left open and never attended to again. Additionally, many a time you toggle between different tabs, to refer some web content while composing an email. The teams at Microsoft Edge and Outlook want to help people achieve more without losing their flow and focus. Microsoft Outlook is now integrated with Microsoft Edge sidebar and helps you access your emails/calendar/contacts/tasks side by side within the browser even when you navigate between tabs. Let’s say, you want to sign into a website and its asking for your email address to send you a verification code for validation. You can easily open Outlook in the sidebar to find the mail and copy/paste the code onto the prompt without switching tabs. It’s that simple! You can also open Outlook in full screen using the expand button on the top right, if you feel the side pane is too small for composing mails or reading a long mail thread. The sidebar is available for users in English markets with the latest version of Microsoft Edge only for personal accounts. Check out the other features you can access in the sidebar here. What's Next? This is just the beginning; we are continually updating Outlook and will be adding more capabilities in future. You will be able to access your work/school accounts very soon. Additionally, we are working to make the Outlook experience more interactive, with notifications. Support for multiple accounts and dark mode is also in the future plan. Continue reading...

Newsworthy Highlights Microsoft To Do app for iOS and Android launching in GCC We are excited to announce that the iOS and Android apps for Microsoft To Do (a tool for managing and sharing tasks and lists) is rolling out to GCC (Government Community Cloud) users. The rollout begins in late August, with plans to be completed by mid-September. This launch will add the mobile apps to the web and Outlook functionality that GCC accounts already have today. Basic Authentication Deprecation in Exchange Online – September 2022 Update Starting October 1st, we will start to randomly select tenants and disable basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. We will post a message to the Message Center 7 days prior, and we will post Service Health Dashboard notifications to each tenant on the day of the change. Today we are announcing an update to our plan to offer customers who are unaware or are not ready for this change. GCC customers check your tenant Message Center for further details. Microsoft To Do app in GCC - what are the possibilities? Since Microsoft To Do app is launching in GCC , what kinds of tasks are you planning to use it for in the GCC space? What would you like to see? Microsoft 365 Government Adoption Resources Empowering US public sector organizations to transition to Microsoft 365 Release News Exchange Online August 2022 Exchange Server Security Updates and support for Windows Extended Protection feature SharePoint / OneDrive for Business The automated fix suggestion that help users rename the problematic files on Windows and thus resolve the sync issue around them is expanding to Mac OS A new feature was implemented that changes the format that is used to create user photo names from a UPN based format to ObjectId based format The Enterprise websites Microsoft Graph connector allows your organization to index articles and content from its internal-facing websites Teams Q&A in Teams lets organizers create and moderate Q&A for their Teams meetings Users will be able to capture a short video and playback in-line in Teams desktop and mobile Pre-assign channel members to breakout rooms User requests for apps in Teams store Microsoft Purview Temporary rollback of Adaptive policy scopes for retention & label policies in GCC-High and DoD eDiscovery API for Microsoft Graph now generally available Security/Identity Co-authoring on Microsoft Information Protection encrypted documents on mobile devices Microsoft 365 Microsoft 365 Apps implications when Windows 7 and Windows Server 2008 R2 Extended Security Updates (ESU) ends support on January 10, 2023 Microsoft Forms: Utilize Office Apps Administrator Role for Forms Administration Microsoft 365 Management Activity API Fix Redesigned Dictate toolbar and an additional 25 languages available to Microsoft 365 Apps Dictation and OneNote References and Information Resources Microsoft 365 Public Roadmap This link is filtered to show GCC, GCC High and DOD specific items. For more general information uncheck these boxes under “Cloud Instance”. Stay on top of Microsoft 365 changes Here are a few ways that you can stay on top of the Office 365 updates in your organization. Microsoft Tech Community for Public Sector Your community for discussion surrounding the public sector, local and state governments. Microsoft 365 for US Government Service Descriptions · Office 365 Platform (GCC, GCCH, DoD) · Office 365 U.S. Government GCC High endpoints · Office 365 U.S. Government DoD endpoints · Microsoft Purview (GCC, GCCH, DoD) · Enterprise Mobility & Security (GCC, GCCH, DoD) · Microsoft Defender for Endpoint (GCC, GCCH, DoD) · Microsoft Defender for Cloud Apps Security (GCC, GCCH, DoD) · Microsoft Defender for Identity Security (GCC, GCCH, DoD) · Azure Information Protection Premium · Exchange Online (GCC, GCCH, DoD) · SharePoint (GCC, GCCH, DoD) · OneDrive (GCC, GCCH, DoD) · Teams (GCC, GCCH, DoD) · Office 365 Government (GCC, GCCH, DoD) · Power Apps (GCC, GCCH, DoD) · Power Automate US Government (GCC, GCCH, DoD) · Power BI (GCC, GCCH, DoD) · Planner (GCC, GCCH, DoD) · Outlook Mobile (GCC, GCCH, DoD) · Viva Insights (GCC) · Dynamics 365 US Government Be a Learn-it-All Public Sector Center of Expertise We bring together thought leadership and research relating to digital transformation and innovation in the public sector. We highlight the stories of public servants around the globe, while fostering a community of decision makers. Join us as we discover and share the learnings and achievements of public sector communities. [attachment=22681:name] Microsoft Teams for US Government Adoption Guide [attachment=22682:name] Message Center Posts and Updates for Microsoft Teams in GCC Looking for what’s on the map for Microsoft Teams and only Teams in GCC? Go right to the GCC Teams Feature Communications Guide Message Center Highlights SharePoint Online / OneDrive for Business MC422162 — SharePoint: Update to Create Sites From the SharePoint App Bar We are releasing an update to a Sharepoint feature that has already rolled out. With this change, sites created from the SharePoint app bar won't be automatically associated with a hub. When this will happen: Targeted Release: We will begin rolling out late August and expect to complete by early September. Standard Release: We will begin rolling out early September and expect to complete by late September. How this will affect your organization: New sites created from the SharePoint app bar will not be associated to a hub site. This will not impact any existing sites. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC419387 — Upcoming changes as we prepare for transition from Stream (classic) to Stream (on SharePoint) We want to make you aware of upcoming changes as we prepare for the transition from Stream (classic) to Stream (on SharePoint). 1. Provisioning of Stream classic by default to stop for new customers · For new customers with requisite Stream license, if a user accessed Stream (classic) for the first time via URL or tile in Microsoft 365 app launcher, it provisioned classic Stream for them. · Coming soon, this is going to stop. Stream (classic) will no longer be provisioned by default for such customers. 2. Stream tile in Microsoft365 app launcher to go to the new Stream app on Office.com · Stream (Classic) is transitioning to Stream (on SharePoint). Until Stream (Classic) fully retires, you can decide which Stream experience is most appropriate for your users when they click on the Stream tile from the Microsoft 365 application launcher via a new setting that was added to the SharePoint admin center in July 2022. [MC381948] · This setting is the “Stream App launcher tile” and currently has a default option of “Automatically switch to Stream (on SharePoint) when recommended” which will send users to Stream (Classic) when they click the Stream tile. · Coming soon, we will automatically change the “Stream app launcher tile” setting’s default option to send users to Stream (on SharePoint) instead. In addition, if your organization has never used Stream (Classic) in the past, we will no longer let you use that experience and instead you will use Stream (on SharePoint). When this will happen: · Standard: Rollout will begin mid-October and complete by mid-November. · GCC: Rollout will begin mid-October and complete by mid-November. How this will affect your organization: 1. If you are already using Stream (classic), there is no change for your organization. · If no user from your tenant has accessed Stream (classic) before 17th October, it will not be provisioned for your organization 2. If you’ve not already changed the “Stream app launcher tile” setting and have kept the default, then your users will be taken to the new Stream (on SharePoint) experience when this change is rolled out. What you need to do to prepare: 1. No action is needed with regards to provisioning of Stream classic. 2. If you do not want your users automatically directed to the new experience, you’ll need to take action to change the setting for your organization. To set the Stream tile destination in the Microsoft 365 app launcher: · Go to the Settings page of SharePoint admin center and sign in with an account that has admin permissions · Select Stream App launcher tile · Select Stream (Classic) if you want your users to remain navigating to Stream (Classic) from the Stream tile. · Select Save. It takes about 5 minutes for this change to take effect. Learn more: · Direct the Stream app tile launcher to Stream (on SharePoint) MC415902 — SharePoint: Configure Navigation Links to Open in a New Tab Microsoft 365 Roadmap ID 93318 With this update, users will be able to manage the experience for each navigation item to open in a new tab. When this will happen: Targeted Release: We will begin rolling out in early September and expect to complete rollout out by late September. Standard Release: We will begin rolling out in late September and expect to complete rollout by mid-October. How this will affect your organization: This new feature will allow you to configure how you would like your navigation links to open. You will have the option to be able to choose to open in the same tab or in a new tab for your site, hub, and global navigation items. The new Open in a new tab option gives you greater flexibility in how your users can interact with your sites and allows you to better control how they navigate. Note: The new open in new tab experience will not work on the footer control when initially available. This will become available at a later date. What you need to do to prepare: You do not need to do anything to prepare. Your navigation links will continue to open as they do normally today, until you make a change to their behavior using the new control. Learn More: · Customize the navigation on your SharePoint site MC412836 — (Updated) Classic Global term store retirement – update Updated August 23, 2022: We have updated the rollout timeline below. Thank you for your patience. In mid-November 2021 (MC289683), we announced the rollout of the modern experience of the global term store for Syntex & SharePoint admin center. Aligning with our modernization efforts, we will start retiring the classic experience of the term store and recommend all our users to use the modern term store When this will happen: Targeted release: This is expected to start in late October (previously early September) and continue till mid-November (previously mid-September). Production Release: This is expected to start in mid-November (previously mid-September) and continue till late December (previously early October). How this will affect your organization: You can learn more about where you can find all the features on the classic term store in the corresponding modern term store of the SharePoint admin center: Open the Term Store Management Tool. Since there are no changes to our backend, this update will only enhance the user interface of managing and curating terms on the term store. All the enterprise taxonomy created by your organization will continue to exist and will be visible from the modern term store. Admins will start to see a banner on the classic Term store page. The banner will display the date when the page will be retired and a link to documentation describing where to find all the features in the new admin center. Sample below: After the retirement date, the classic Term store page will be replaced with a redirect page to the new SharePoint admin center so that any bookmarks continue working. Sample below: What you need to do to prepare: You may want to update any internal documentation or user training and share this with users with relevant permission and who are familiar with managing terms in your organization if not already done. Ensure you also revisit any bookmarked links of the classic term store to update with the modern term store link. MC412380 — Configure the existing Stream tile in M365 app launcher to go to the new Stream app on Office.com Stream (Classic) is transitioning to Stream (on SharePoint). Until Stream (Classic) fully retires, you can decide which Stream experience is most appropriate for your users on Office.com. Do this by configuring the target destination of the existing Stream tile in the Microsoft 365 app launcher from the SharePoint Admin Center. When this will happen: The Stream app launcher tile setting is rolled out and available in SharePoint Admin Center How this will affect your organization: SharePoint tenant admins will have the ability to set the target destination of the existing Stream tile in the Microsoft 365 app launcher from the SharePoint Admin Center. You will be able to set the target destination to either Stream (Classic) or Stream (on SharePoint) depending on your organization's needs. Target destination options: · Automatically switch to the new Stream (on SharePoint) when recommended: This is the default option. At this time, this option directs the Stream tile to Stream (Classic). However, in the future as we update and add to Stream (on SharePoint) we plan to point the Stream tile to Stream (on SharePoint) instead. Before making the change, we'll give notice in the message center, giving you time to choose a different option if you want. · If you don't want Microsoft to change what happens when your users select the Stream tile, select one of these options: · Stream (on SharePoint): The Stream tile in the app launcher will always direct users to Stream (on SharePoint). · Stream (Classic): The Stream tile in the app launcher will direct users to Stream (Classic) until Classic is retired. What you need to do to prepare: To set the Stream tile destination in the Microsoft 365 app launcher: · Go to the Settings page of SharePoint admin center and sign in with an account that has admin permissions. · Select App launcher tile. · Select the option you want to set as the default destination for the Stream tile in the Microsoft 365 app launcher. · Select Save. It takes about 5 minutes for this change to take effect. Learn more: · Direct the Stream app tile launcher to Stream (on SharePoint) MC409422 — SharePoint: New Site Templates for Team Sites Microsoft 365 Roadmap ID 93423 We are introducing three new SharePoint team site templates dedicated to helping you create sites for your IT helpdesk, crisis communication team, and new employee onboarding team. These site templates will help you expand what’s possible with content, pages, and web parts while helping you quickly get started building your own site. Each template contains pre-populated content and web parts that are fully customizable to meet the needs of your organization. When this will happen: Targeted Release: rollout will begin in early August and is expected to be completed in late August. Standard Release: rollout will begin in early September and is expected be completed in late September. How this will affect your organization: Users will be able to benefit from the ability to browse, preview, and apply site templates to a new or existing SharePoint site. Users can select a site template that meets organizational business objectives and best fits the site goal while ensuring a higher level of consistency throughout their organization. They can then review pre-populated content and customize the site to address their needs. Note: This feature will be on by default with no admin control. New Team site templates will include: · Crisis communication team – Centralize crisis communication, resources, and best practices · IT help desk – Resolve technical requests, track devices, and share training materials · New employee onboarding team – Guide new employees through your team’s onboarding process To apply a template to an existing site: users can choose to browse site templates and can apply a template to an existing site at any time by accessing the template gallery from Site Settings and then select Apply a site template. To apply a template to a new site: If a site owner is visiting their new site for the first time, they may see a message asking if they want to use a template that will then take them to the template gallery. Choose desired template. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. Share this template guide with end-users: Learn how to apply and customize SharePoint site templates. MC408994 — (Updated) Private drafts for SharePoint pages and news Microsoft 365 Roadmap ID 85629 Updated August 4, 2022: We have updated the linked resources to provide additional information. We’re adding the ability to create private drafts for pages and news posts. A private draft is visible only to the page author, the people the author chooses to share it with, and site admins. It's great for creating and editing content that’s not ready for others to see except the people you want to collaborate with. When this will happen: This update will roll out to Targeted Release customers starting early August and to all customers by mid-September. How this will affect your organization: Authors of SharePoint pages and news will be able to create private drafts. When a private draft is created, only the creator and site admins can see the page (including from within the Pages library). The creator can then share the private draft with other people to allow them to access and edit the page. They will also have access to the assets associated with the page which are stored in the site’s assets library. Like all pages and news posts, only one person at a time can edit the draft. When the draft is published, its permissions are reset and everyone in your organization who has access to the site will be able to view it. What you need to do to prepare: You do not need to do anything to prepare for this update, but you may want to let your users know about these improvements. More information available here: Create a private SharePoint page or news post MC408694 — (Updated) New 'Activity' Column in OneDrive 'My Files' list view Microsoft 365 Roadmap ID 88913 Updated August 30, 2022: We have updated the rollout timeline below. Thank you for your patience. We are introducing a new Activity column in OneDrive My Files list view. The goal of this feature is to help users stay up-to-date on the files that they are working on with others by surfacing relevant activity information. We will show file activity related to actions, such as, user comments, edits, share, and @mentions. When this will happen: We will begin rolling out this feature in mid-September (previously late August) and expect to complete rollout by late September (previously mid-September). How this will affect your organization: There is no impact to your organization. This feature will be delivered as a user interface update in the form of an additional column in My Files list view with activity information related to files (e.g., file shared, user comment, @mentions). What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC403644 — (Updated) OneDrive: Sharing Experience - Share Menu Dropdown Microsoft 365 Roadmap ID 83727 Updated August 30, 2022: We have updated the rollout timeline below. Thank you for your patience. We’re updating the Share button in Microsoft OneDrive to provide easy access to additional sharing options. When you select Share in OneDrive for Business on Web, you'll see a contextual menu with all choices available to you for sharing files or folders with your teammates. When this will happen: Targeted release: We will begin rolling this out in mid-September (previously late August) and expect to complete rollout by late September (previously early September). Standard release: We will begin rolling this out in late September (previously early September) and expect to complete rollout by mid-October (previously mid-September). How this will affect your organization: Users who interact with the OneDrive/SharePoint share control will be able to see this new Menu. · Share link, Email link or Send link: Email the file link directly to a one or more recipients. o Note: users may see one of three different notations until finalized. · Copy link: Copy a link to share with recipients directly. · Manage Access: View and manage who has access to your files or documents. Note: Some users may see this feature before others in your organization. What you need to do to prepare: There is no action needed from you at this time. You may want to notify your users about this new capability and update your training and documentation as appropriate. MC402119 — (Updated) OneDrive/SharePoint: Review mode for Word documents Microsoft 365 Roadmap ID 93400 Updated August 10, 2022: We have updated the rollout timeline below. Thank you for your patience. What is Review mode? When you open a document that was shared with you for review, you are automatically placed in Review mode. In Review mode, you won’t have full edit control but instead are allowed to add suggestions to the document in the form of comments or tracked changes. Document owners or other collaborators who have full edit permissions will then need to approve the incorporation of any suggested changes to the document. What's new? We have changed the UI for Review Mode in the Share Dialog to include this mode as a permission called 'Can Review' inside of the sharing permission dropdown. From OneDrive, SharePoint or Word for the web, share a document for review by clicking the Share button, and then clicking the Share command in the menu. Once you have the share dialog open, select the people that you want to share with review permissions, and then choose the 'Can review' option from the permissions dropdown. You can find this option available as well from the Link settings page. When this will happen: Targeted release (entire org): Will begin rolling this out in mid-July and expect to complete rollout by late July. - Complete Standard release: Will begin rolling this out in late-July and expect to complete by late August (previously early August). How this will affect your organization: Users who wish to share Word documents on Web through OneDrive, SharePoint or directly from Word online will be able to see this change. What you need to do to prepare: You might want to notify your users about this new capability and update your training and documentation as appropriate. MC397430 — (Updated) Stream on SharePoint: Video Collections Page Microsoft 365 Roadmap ID 93352 Updated August 2, 2022: We have updated the rollout timeline below. Thank you for your patience. SharePoint video collections pages make it easy to gather and display all videos from a SharePoint site collection in one place. This feature is particularly helpful for schools, universities and other organizations that tend to share videos in Teams channels. When this will happen: We will begin rolling out by mid-July and expect to complete by mid-August (previously late July). How this affects your org: With this feature you will be able to create a tab in your Teams channel that links directly to a specific collection of videos. Note: You may see an empty state video collections page in the case your document library is empty. Whenever user creates a new site, an auto generated static layouts page for video collections gets created. This is a collection of all videos from the site's document library shown in Highlighted content webpart. In order to access this static page, please append /_Layouts/15/Video_Collections.aspx to the site url. Once this page is edited and published, it will start appearing in the site pages as well. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC394844 — (Updated) Stream on SharePoint: Inline playback of videos in Hero web part Microsoft 365 Roadmap ID 93351 Updated August 23, 2022: We have updated the rollout timeline below. Thank you for your patience. When users click to play a video in the Hero web part section of a SharePoint site, the video will play inline. This feature allows users to watch a video without being taken off the SharePoint page and allows users to browse or scroll through the other contents of the page while the video plays. When this will happen: We will begin rolling out by mid-July and expect to complete by early September 2022 (previously mid-August 2022). Note: Some users may see this feature before other users within your organization. How this affects your organization: Video consumers on Hero webpart will now be able to consume video on the same site page where they encountered the video. That allows them to browse through other site content while watching/listening to the video, thus saving their browsing time. What you can do to prepare: You may consider updating your training and documentation as appropriate. MC357317 — (Updated) OneDrive iOS: New information architecture Microsoft 365 Roadmap ID 85571 Updated August 22, 2022: We have updated the rollout timeline below. Thank you for your patience. This feature has started rolling out and we ask you to pardon that we did not provide adequate advance notice as is our customer commitment to you. This release adds a new bottom sheet menu to OneDrive for iOS to make options like share, annotations, delete, and bookmark easier to find. When this will happen: Standard (select users and entire org): We began rolling this out in early March and expect to complete rollout in late August (previously early August). How this will affect your organization: To use the new bottom sheet menu: 1. Open any file of your choice in OneDrive for iOS. 2. Tap the horizontal bar or drag the bottom menu upwards to expand the new menu. The menu will show relevant actions for the specific type of file you've opened. To help you navigate, we've compiled a list of available actions: What you need to do to prepare: You might want to notify your users about this new capability and update your training and documentation as appropriate. Microsoft Teams MC423128 — Dynamic caller ID in Voice-enabled channels for government clouds: GCCH, DOD Last year we enabled the capability where agents can use Dynamic Caller ID to call on behalf of a Call Queue or Auto Attendant from within Voice Enabled Channels. We are now bringing this capability to government clouds including GCCH and DOD. We apologize for not meeting our commitment of providing notification prior to implementation and for any inconvenience. When this will happen: This has begun rolling out and will be complete by end of September. How this affects your organization: You can assign outbound caller ID numbers for the agents by specifying one or more resource accounts with a phone number. Agents can select which outbound caller ID number to use with each outbound call they make. What you can do to prepare: Review the Additional Information and consider updating your training and documentation as appropriate. MC420060 — Microsoft Teams: Leave a Meeting From All of Your Devices Microsoft 365 Roadmap ID 97397 We will be rolling out a new feature in Microsoft Teams that will allow multi-device users to leave all of their devices at once when leaving a meeting. When this will happen: Rollout began out in early August and is expected to be completed by early September. How this will affect your organization: When a Teams user attempts to leave a meeting or call from multiple personal devices, there have been challenges to fully disconnect from the meeting or call on all devices. With this new feature, there will now be an option displayed to multi-device users in a call that will prompt the user to leave the meeting or call from all devices when selected. This feature will be enabled for desktop, iOS, and Android clients. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC420059 — Custom Download Location for Files in Teams Microsoft 365 Roadmap ID 94719 Currently all file downloads from Microsoft Teams go to the Downloads folder. We are releasing a new feature that enables users to be able to choose their preferred download location for downloading files from Teams or specify a download location for each download. When this will happen: We will begin rollout in early September and expect rollout to be completed by late October. How this will affect your organization: To enable this feature, there is a new setting introduced under Files settings, which allows users to change the default download location to their preferred download location. Additionally, there is a toggle, which if enabled, will prompt the user to select the location for each download. Note: These settings will only apply to the files downloaded after the setting is enabled and will not impact any files downloaded in the past. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC420049 — Live Translated Captions in Meetings and Calls Microsoft 365 Roadmap ID 94843 Users will now be able to choose the Live Captions in the language they prefer, with the help of Microsoft Cognitive Service Speech Translation Capabilities. This will help users fully participate in meetings where the spoken language may not be their most comfortable language to use. When this will happen: We will begin rolling out to worldwide and GCC at mid-September and expect to be completed by early-October. GCC-H and DoD will be started to roll out at mid-October and expect to be completed by early-November. How this will affect your organization: Today, users can select just the spoken language, and the Live Captions will be in the same language as they selected. Please find the documentation here. When this feature is released, users who turn on Live Captions will be able to see the menu options for Live Translated Captions in the “Subtitles” menu. By selecting any translation language, users will see the Translated Captions in the language they selected. The spoken language is selected for everyone in the meeting, while the translation language for the Live translated Captions is selected only for the individual user. List of supported spoken languages: English (US), English (Canada), English (India), English (UK), English (Australia), English (New Zealand), Arabic (Arab Emirates), Arabic (Saudi Arabia), Chinese (Simplified China), Chinese (Traditional, Hong Kong SAR), Chinese (Traditional, Taiwan), Czech (Czechia), Danish (Denmark), Dutch (Belgium), Dutch (Netherlands), French (Canada), French (France), Finnish (Finland), German (Germany), Greek (Greece), Hebrew (Israel), Hindi (India), Hungarian (Hungary), Italian (Italy), Japanese (Japan), Korean (Korea), Norwegian (Norway), Polish (Poland), Portuguese (Brazil), Portuguese (Portugal), Romanian (Romania), Russian (Russia), Slovak (Slovakia), Spanish (Mexico), Spanish (Spain), Swedish (Sweden), Thai (Thailand), Turkish (Turkey), Ukrainian (Ukraine), Vietnamese (Vietnam) List of supported translation languages: Arabic, Chinese Simplified, Chinese Traditional, Czech, Danish, Dutch, English, Finnish, French, French (Canada), German, Greek, Hebrew, Hindi, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Slovak, Spanish, Swedish, Thai, Turkish, Ukrainian, Vietnamese Please note that some of the languages above will be in preview state when launching. What you need to do to prepare: Live Translated Captions and Live Captions are gated behind the same set of policies, to turn it on or off, here is the documentation for Meetings, and here is the documentation for Calls. You may consider notifying your users about this change and updating your training and documentation as appropriate. MC414474 — Microsoft Teams Meeting Auto-Transcription Microsoft 365 Roadmap ID 97842 In Microsoft Teams, we will be releasing a feature that allows meeting organizers to transcribe meetings automatically if the meeting has been set to be recorded. This will make the recording playback experience accessible. When this will happen: GA: We will begin rollout in late August and expect rollout to be completed by mid-September. Government Clouds: We will begin rollout in mid-September and expect rollout to be completed by mid-October. How this will affect your organization: Live transcription can make your meetings (and calls) more productive and inclusive for participants who are deaf or hard-of-hearing or have different levels of language proficiency. When the meeting organizer sets the Record automatically meeting option to On for a meeting, Transcription will now also be turned on with Recording when the meeting begins, if Transcription is allowed by admins. What you need to do to prepare: If transcription is on in your tenant, this feature will be automatically enabled, to review and change the transcription policy, please follow admin documentation for meetings. Notify your users about this change and update your training and documentation as appropriate. MC411679 — My Activity retirement in Teams mobile Activity We will be retiring the support for 'My activity' in Teams mobile Activity App. This will be retired from other clients in the future. Activity will now support only activities directed to you (the option to view activities initiated by you will be retired). When this will happen: We will begin rolling this out early September and expect to complete by mid-September. How this affects your organization: Once this change is implemented Teams mobile users will no longer see the "My activity" dropdown. Note: there is no additional impact and all activities across the app can be accessed from the respective apps (like chat app for chat send, calls made from calls app etc.) What you need to do to prepare: You may consider updating your training and documentation as appropriate. MC408687 — Pre-assign Channel members to Breakout Rooms Microsoft 365 Roadmap ID 96350 This Breakout Rooms for Channel Meetings feature enables meeting organizers to efficiently pre-assign channel members to Breakout Rooms (both auto and manual) ahead of a channel meeting start. Please note, that Meetings with Breakout Rooms are limited to 300 participants. If the channel contains more than 300 members, pre-assignment will not be available. Meeting organizers will have the ability to assign participants to Breakout Rooms during the meeting. When this will happen: Preview: We will begin rolling out early August and expect to complete by mid August Standard Release: We will begin rolling out mid-August and expect to complete by late August. How this will affect your organization: Meeting organizers are now able to pre-assign channel members to Breakout Rooms of Channels Meetings by accessing the Breakout rooms tab in the Channel Meeting's meeting details. What you need to do to prepare: There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate MC408433 — (Updated) Live Transcript for Teams Meetings Microsoft 365 Roadmap ID 82230 Updated August 4, 2022: We have updated the content below for clarity. Thank you for your patience. Microsoft Teams now has a new Live transcription feature that will allow a real-time transcript during meetings (and calls), as well as post-meetings (and calls). This will help users in real-time recall what has been spoken during the meeting (and calls) as well as review after the meeting (and calls). When this will happen: We will begin rolling out in late August and expect rollout to be completed by early September. How this will affect your organization: Live transcription can make your meetings (and calls) more productive and inclusive for participants who are deaf or hard-of-hearing or have different levels of language proficiency. What you need to do to prepare: You may want to review this feature and decide if you want to turn it on and follow the admin documentation for meetings and admin documentation for calls to modify it as needed. Notify your users about this change and update your training and documentation as appropriate. MC399073 — (Updated) Microsoft Teams: Automatically end stale Teams meetings Microsoft 365 Roadmap ID 96710 Updated August 25, 2022: We have updated the rollout timeline below. Thank you for your patience. Microsoft Teams is enabled with a new feature that will allow meetings to automatically end if they're identified as stale. If a user is the sole participant in a meeting 10 minutes after the scheduled meeting end time has passed, then a dialog will appear in the call prompting them to end the call or dismiss the notification. If no action is taken on the dialog within 3 minutes, the meeting will automatically end. If there is more than 1 user on the call and/or the scheduled meeting end time has not passed yet, then the feature will not trigger. If the user dismisses the notification, they will not see it again for the same meeting, and it will not be at risk to automatically end anymore. When this will happen: We will begin rolling out to Production in early December (previously mid-September 2022) and expect to complete by mid-December (previously late October). We will begin rolling out to GCC, GCC-H, and DoD in mid-January (previously late October) and expect to complete by mid-March (previously late November). How this will affect your organization: Users may see this feature in meetings and be removed from meetings that automatically end. MC397435 — (Updated) Microsoft Teams: Start a Teams Chat with Distribution Groups, Mail-Enabled Security Groups, and O365 Groups Microsoft 365 Roadmap ID 62354 Updated August 25, 2022: We have updated the rollout timeline below. Thank you for your patience. You will now be able to start a Teams Chat with Distribution Groups, Mail-enabled Security Groups, and O365 Groups. This feature will respect the limits on members in a group chat, currently set to 250 members. Organizations rely on Distribution Lists (DLs) as a tool to create groups of users that mirror organizational knowledge and workflows. Bringing this awareness to target audiences for specific content will enhance the core Teams experience. Allowing our customers to leverage DLs can increase workflow efficiency and bridge the gap between legacy knowledge of organization structure and a new Teams structure. When this will happen: We will begin rollout in late September (previously mid-August) and expect to complete rollout by late October (previously late August). How this will affect your organization: With this update, users will now be able to select Distribution Lists as an audience to begin a chat within Teams. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC394785 — (Updated) Speaker Coach in Microsoft Teams Meetings Microsoft 365 Roadmap ID 88253 Updated August 12, 2022: We have updated the rollout timeline below. Thank you for your patience. Speaker Coach provides private, personalized feedback on your speaking and presentation skills in both real-time as well as post-meeting in a summary. When this will happen: We will begin rolling out in mid-August (previously early July) and expect to complete rollout by mid-September (previously late August). How this will affect your organization: This setting is enabled by default. To turn it off, set AllowMeetingCoach to False. Tenant admins can manage the feature through the policy for speaker coach. What you need to do to prepare: You may want to notify your users about this new capability and update your training and documentation as appropriate. Learn More: · PowerPoint’s Presenter Coach Expands to Microsoft Teams and Takes on the New Name Speaker Coach · Meeting policy settings - Speaker Coach MC387640 — (Updated) Dynamic Caller ID in Calls app for Call Queue Agents Microsoft 365 Roadmap ID 86992 Updated August 2, 2022: We have updated the rollout timeline below. Thank you for your patience. Call queue agents can now place calls from the Calls app using a call queue phone number, defined in resource account, as their caller ID. This ensures the call is properly identified by the recipient and that the call back number is the call queue number rather than the agent's personal line. When this will happen: We will begin rolling out in early June and complete rollout by late August (previously mid-July). How this will affect your organization: You can assign outbound caller ID numbers for agents by specifying one or more resource accounts with a phone number. Agents can select which outbound caller ID number to use with each outbound call they make. What you need to do to prepare: The resource account used for calling ID purposes must have a Microsoft Teams Phone System Virtual User license and one of the following assigned: · A Calling Plan license and a phone number assigned · An Operator Connect phone number assigned · An online voice routing policy (phone number assignment is optional when using Direct Routing) Learn More: · Create a Call Queue MC383876 — (Updated) Collaborative Annotations on Presenter Shared Screen Microsoft 365 Roadmap ID 86732 Updated August 5, 2022: We have updated the rollout timeline below. Thank you for your patience. Collaborative Annotation helps you collaborate with others while screen sharing in Teams meetings. For example, if you want to ask for feedback on a design or if you’re working with a group on a project, Collaborative Annotation helps you get work done faster and with more voices included. When this will happen: · Standard: begin rollout in mid-June and expect to complete rollout by late June. - Complete · GCC: begin rollout in early August (previously late July) and expect to complete rollout in late August (previously early August). · GCC-High: begin rollout in late September (previously late August) and expect to complete rollout by early October (previously early September). · DoD: begin rollout in late October (previously late September) and expect to complete rollout in early November (previously early October). How this will affect your organization: During screenshare, meeting attendees with Presenter roles will see the Annotation button in meeting controls at the top-center of their screen. To turn on Collaborative Annotation while you're sharing your screen in a meeting, select the pen icon to Start annotation in meeting controls at the top-center of your screen, as shown below: Note: You must be a Presenter role in a meeting to turn on Collaborative Annotation. The red outline around the screenshare will turn blue, indicating Collaborative Annotation mode is on. All participants will see the Microsoft Whiteboard toolset at the top of the shared screen, as shown below. Everyone in the meeting can begin annotating right away in real-time. Collaborative Cursors show the name of every attendee as they annotate and are turned on by default. Collaborative Cursors can be turned off by anyone attending the meeting from the Settings menu in the Collaborative Annotation toolbar. To control who can annotate, the main Presenter can select Only I can annotate and unselect Everyone can annotate from the Settings menu in the Collaborative Annotation toolbar, as shown below: To begin annotating, select one of the tools in the Whiteboard toolset, such as text, Sticky notes, Reaction tags, or digital ink, and begin typing or drawing on the screen. To end the annotation session for everyone, select Stop annotation in meeting controls at the top-center area of your screen. Collaborative Annotation is only available for full-screen sharing, not individual window sharing at this time. Web and mobile users cannot start Collaborative Annotation while sharing content. However, if a desktop user shares the screen and starts Collaborative Annotation mode, web and mobile users are able to participate in annotating as well. Exporting annotations is not supported at this time, but you can take screenshots during the meeting to save annotated content for later if necessary. Meeting rooms using Android-based devices are not supported. What you need to do to prepare: This feature is enabled by default so there is no action needed. Note: Annotation is powered by Microsoft Whiteboard. If Microsoft Whiteboard is disabled, it will also disable Annotations. Learn More: · Enable Microsoft Whiteboard for your Organization MC379024 — Suggested Replies in Teams Desktop Microsoft 365 Roadmap ID 92674 Updated August 5, 2022: We have updated the rollout timeline below. Thank you for your patience. Suggested Replies present users with an option of three responses to choose from for selected messages and is now available to your users in Teams Desktop. We apologize for not informing you about this change prior to it being released. We continue to work to ensure we are being proactive in our communications. Thank you for your patience. When this will happen: · Standard: Complete · GCC: mid-May through early June - Complete · GCC-High: late July (previously early June) through late August (previously late June) · DoD: late July (previously early July) through early September (previously late August) How this will affect your organization: Once available, users will be able to quickly reply to a given message by tapping on a suggested reply. What you need to do to prepare: This feature ships default on; review Manage messaging policies in Teams. If you wish to disable this feature in your tenant, please disable the Suggested Replies setting that is found in Messaging Policies. Users also have a setting within the app so they can disable the feature. MC375739 — (Updated) Attendance Dashboard for GCC-High and DOD Microsoft 365 Roadmap ID 94856 Updated August 18, 2022: We have updated the rollout timeline below. Thank you for your patience. This reporting dashboard will appear as a tab in the meeting detail providing: · Attendance information for Teams regular meetings in meeting chat tab "attendance" When this will happen: · GCCH: This will be rolled out in late August (previously early August). · DoD: This will be rolled out in early September (previously late July). How this will affect your organization: Once available, this will allow meeting organizers to view the attendance information in the dashboard without having to download the reports. Note: This feature will be rolling out with the default ON. IT admins can disable the attendance dashboard and turn off the AllowEngagementReport policy in the Teams Admin Center. Go to Meetings > Meeting policies, and set the policy to Disabled. In PowerShell: CODEFONTSet-CsTeamsMeetingPolicy -Identity YOUR_USER_GROUP -AllowEngagementReport "Disabled". What you need to do to prepare: Determine if you would like to enable the Teams attendance report and you may consider updating your training and documentation as appropriate. Learn More: View and Download Meeting Reports in Teams MC320460 — (Updated) Connected Templates with Microsoft Teams and SharePoint Microsoft 365 Roadmap ID 84724 Updated August 17, 2022: We have updated the rollout timeline below. Thank you for your patience. We determined that this notification did not go to the entire intended audience. We apologize for any inconvenience this delayed notification may have caused. We are announcing the upcoming release of Connected Templates with Microsoft Teams and SharePoint. The connected templates will offer a new way of combining Microsoft Teams templates with SharePoint templates. Prior to this integration, clients needed to deploy Microsoft Teams or SharePoint-specific templates. · Microsoft Team Templates allow administrators to easily deploy consistent teams across their organization using predefined or customized team templates across their organization. · SharePoint templates offer a straightforward way for admins to build sites with pre-populated pages, page templates, news post templates, and web parts that can be customized to fit the needs of their organization. Through this integration, Teams administrators can create templates that include SharePoint components, bringing together the capabilities of the Teams and SharePoint templates. When this will happen: We will begin rolling this out in mid-January and expect to complete rollout mid-October (previously mid-August). How this will affect your organization: Today, when you create a team through "create a team from templates' you get an automatically created SharePoint site that supports that template. We are adding SharePoint assets to the team you have just created with this new integration. In essence, all SharePoint applications that are associated with the new template will be automatically added, pinned, and displayed in this new team template. · When you create a new team using a default template - for example, the “Manage a Project” template, the project management channels and apps, and the connected SharePoint template will get applied automatically. Now, the pages, lists, and Power Platform integrations from SharePoint will be automatically pinned as tabs in Teams and you can edit these pages and lists directly in Teams. What you need to do to prepare: You might want to notify your users about this change and update your training and documentation as appropriate. MC320163 — (Updated) Updating default tenant-level tag management settings Microsoft 365 Roadmap ID 88318 Updated August 26, 2022: Based on learnings from our early rings, we have made the decision to make additional changes before we proceed with the rollout. We will deliver a new Message center post once we re-start the rollout. Thank you for your patience. We’re updating the default tag management settings based on customer feedback. The new defaults eliminate the need for team members to ask owners to create or edit tags on their behalf. Key points: · Timing: We will communicate via Message center when we are ready to proceed. · Roll-out: tenant level · Control type: Team owner and team member control · Action: review and assess for appropriate experience How this will affect your organization: The Teams admin center default for who can manage tags will be updated from "Team owners" to "Team owners and members." Tenant admins still can override the default and limit Tag Create/Edit to Team Owners only. If you have already made any changes to any option in the Tagging settings in the Teams admin center, your settings will not be updated, and this change will not affect your tenant. This tenant-level setting will be inherited by existing Teams, unless the Tags Settings in Manage Team has been updated. For example, if the “Tags are managed” by setting at the team level value has been changed, this change will not affect that team. These changes simplify the Tags permissions model and makes it consistent with other Teams concepts like Channels. For new teams created after this change is implemented, all team members will be able to create and manage tags by default, similar to the defaults for create and edit channels. The team owner will still have the option to override this management setting if "Let team owners override who can manage tags" is set to "On" in your Tagging settings in the Teams admin center. What you need to do to prepare: No specific action is required but you will want to review your settings and update your documentation as necessary. MC318662 — (Updated) Communication Access Real-Time Translation Captions in Microsoft Teams for GCC-H and DoD Microsoft 365 Roadmap ID 83614 Updated August 23, 2022: We have updated the rollout timeline below. Thank you for your patience. This coming new feature will enable users to view real-time captions coming from a Communication Access Real-Time Translation (CART) provider within the Microsoft Teams meeting window. Meeting organizers and participants will be able to ask their CART captioning providers to stream captions to Microsoft Teams. When this will happen: GCC-High: will begin rolling out in early June (previously mid-May) and expect to complete rollout mid-June (previously late May). - Complete DoD: will begin rolling out in late July (previously mid-July) and expect to complete rollout late September (previously mid-August). How this will affect your organization: Tenant admins should ensure the policy for CART captions is enabled in order for their users to be able to schedule meetings with CART captions. What you need to do to prepare: You might want to notify your users about this new capability and update your training and documentation as appropriate. MC318662 — (Updated) Communication Access Real-Time Translation Captions in Microsoft Teams for GCC-H and DoD Microsoft 365 Roadmap ID 83614 Updated August 23, 2022: We have updated the rollout timeline below. Thank you for your patience. This coming new feature will enable users to view real-time captions coming from a Communication Access Real-Time Translation (CART) provider within the Microsoft Teams meeting window. Meeting organizers and participants will be able to ask their CART captioning providers to stream captions to Microsoft Teams. When this will happen: GCC-High: will begin rolling out in early June (previously mid-May) and expect to complete rollout mid-June (previously late May). - Complete DoD: will begin rolling out in late July (previously mid-July) and expect to complete rollout late September (previously mid-August). How this will affect your organization: Tenant admins should ensure the policy for CART captions is enabled in order for their users to be able to schedule meetings with CART captions. What you need to do to prepare: You might want to notify your users about this new capability and update your training and documentation as appropriate. MC279469 — (Updated) 1:1 VOIP and PSTN call recording and transcription in Calls App V2 Microsoft 365 Roadmap ID 83497 Updated August 16, 2022: We have updated the rollout timeline below. Thank you for your patience. Microsoft Teams will now release ability to record and transcribe 1:1 VOIP and PSTN calls and show the recording and transcription in Call history in the calls details panel. This is a critical feature specifically for our Public Switched Telephone Network (PSTN) customers. In absence of chat, PSTN callees do not have a way to view call recordings and transcriptions. When this will happen: · We expect to begin this roll out to Standard and GCC tenants in mid-December (previously late September) and expect the rollout to be completed by late February (previously late January). - Complete · We expect to begin this roll out to GCC-High and DoD tenants in mid-March (previously mid-February) and expect the rollout to be completed by late September (previously early August). How this will affect your organization: · Call Transcription for 1:1 PSTN and VOIP calls will show in call history in call details panel. · Call Recording for 1:1 PSTN and VOIP calls will show in call history in call details panel. · Users can delete recording from chat and the recording will not show in call history in call details panel. · If there are multiple recordings in a call, they will show in a list form in call history in call details panel. What you need to do to prepare: Teams admins will need to make sure that AllowCloudRecordingForCalls and AllowTranscriptionForCalling is turned on to enable recording and transcription of 1:1 VOIP and PSTN calls. Exchange Online and Outlook MC424190 — Basic Authentication Deprecation in Exchange Online – September 2022 Update Message Summary One month from today, we’re going to start to turn off basic authentication for specific protocols in Exchange Online. Timeline and Scope As we communicated last year in blog posts and earlier this year in MC375736, we will start to turn off basic authentication in our worldwide multi-tenant service on October 1, 2022. We will randomly select tenants, send 7-day warning Message Center posts, post Service Health Dashboard notices, and turn off basic auth in the tenant. We’re turning off basic auth for the following protocols: MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS) and Remote PowerShell. We are not changing any settings or turning off SMTP AUTH. What If You Are Not Ready for This Change? We recognize many tenants may still be unprepared for this change. Today we announced an update to our plan to offer customers who are unaware or otherwise not ready for this change. You can read this announcement here. Addendum to Public Message for Specific Government Community Cloud Customers This specific Message Center post is being sent only to customers in our GCC environment. Customers with tenants in the GCC cloud are unable to use the self-service diagnostic referred to in the blog for either opt out or re-enablement. To avoid any protocol being disabled during October, please complete the form here, making sure your tenant ID is correct and the protocols you need to continue to use basic auth for are all selected. When complete please submit the form, and we will ensure those protocols are not disabled until soon after Dec 31st 2022. If you miss a protocol and need it re-enabled after October 1st, you will need to open a service request, you won’t be able to do it online or by filling out the form again. Change can be hard and it takes more time in large and complex environments, but the risks of attack are usually higher too, so we urge you to remove any dependency on basic auth from your tenant as soon as possible. There will be no further extensions or exceptions. Basic auth for any enabled protocols will be disabled during the first few days of January 2023. What should I do to prepare for this change? Any client (user app, script, integration, etc.) using basic auth for an affected protocols will be unable to connect. The app will receive an HTTP 401 error: bad username or password. Any app using modern auth for these protocols will be unaffected. If you are unsure if you have clients or apps that will be affected by this change, you can check the Azure AD Sign-In logs, or just check Message Center for any messages titled, ‘Basic Authentication – Monthly Usage Report’. We will send the usage report for August in the next few days. If you cannot see any of these messages, we have not detected basic authentication on the affected protocols in your tenant. To read more on what can be done to switch apps from basic to modern auth please view our main documentation page and our latest blog. Additional Information MC422158 — Feature Update: Service health admin notifications in Outlook We’re improving Service health admin notifications in the Microsoft Outlook client experience. This feature is available to Global administrators and Office Apps administrators, who are signed into the Outlook desktop client (for Windows). We’ve heard your feedback and have implemented some improvements, including: · Notifications are now separated by “Latest notification” and “Previous notifications”, to more easily distinguish new information. · New icons have been added to easily identify active versus resolved issues. · Admins now can provide feedback on specific notifications, versus a generic bucket. · Ability to fully manage (enable or disable) admin notifications within the notification pane. When this will happen: These enhancements will begin rolling out at the beginning of September 2022 and be made available to all customers by the end of the same month. Admin notifications are accessible to Global administrators and Office Apps administrators who have the feature enabled in the Outlook desktop client experience. How this will affect your organization: Global admins and Office Apps admin who already have admin notifications enabled in Outlook desktop client, will observe the above enhancements once the roll-out is complete. What you need to do to prepare: If you are a Global administrator or an Office Apps administrator and would like to receive Service health notification in the Outlook desktop client, use the following steps to ensure the feature is enabled: · Before deployment: Navigate to File -> Options -> Advanced, and enable admin notifications. · After deployment: Navigate to Help -> Admin notifications, and toggle “Show Admin Notifications”. MC422154 — Microsoft Purview Data Lifecycle Management: Migration of 'Archive’ page to new Exchange Admin Center To simplify the customer experience for managing Exchange account settings and avoiding duplication, we are removing the ‘Archive’ tab of the Data Lifecycle Management solution in the Microsoft Purview compliance portal. You will continue to be able to perform this operation from the Exchange Admin Center. When this will happen: The ‘Archive’ page will be retired and no longer be available on Microsoft Purview compliance portal from October 2022. How this will affect your organization: Currently, enabling or disabling mailbox archives is an available setting in both the Exchange Admin Center and the Microsoft Purview compliance portal. Once this migration is complete, your organization will no longer be able to access this setting through Data Lifecycle Management. However, the ability to enable and disable archive for each mailbox is already supported in the new Exchange Admin Center under the “Others” tab when managing a mailbox: What you need to do to prepare: No action is needed to enable this change. Learn about archive mailboxes. MC419386 — Retirement of Trello & Yelp add-ins for Outlook The following Outlook add-ins are being retired: · Trello - allows the user to create, edit, and comment on Trello boards without leaving the inbox. · Yelp - allows the user to find and share great business around quickly through mail. Note: If your users do not utilize either of these add-ins, you can safely disregard this message. When this will happen: December 15, 2022 How this will affect your organization: If users are utilizing the Trello or Yelp add-ins, they will no longer be available in the store or function, after this change. For users of the Trello add-in, this will not impact data in Trello only the integration with Outlook. What you can do to prepare: Communicate this change with users as appropriate. MC415186 — Microsoft Defender for Office 365: Enforce Authentication to Pass on AntiSpam Allowed Domains We are strengthening Spoofing protection within Exchange online protection and Microsoft Defender for Office 365 Anti-Spam security policy. It will provide a way to secure your organization against spoofing attacks that may otherwise occur by allowing certain domains and senders. Applies to: · Exchange Online Protection · Microsoft Defender for Office 365 plan 1 and plan 2 · Microsoft 365 Defender Microsoft 365 Roadmap ID 93436 When this will happen: Standard: Rollout will begin in late September and will be completed by late November. GCC/GCC-H/DoD: Rollout will begin in late November and be completed by late December. How this will affect your organization: Security Admins and SecOps teams today can specify allowed domains and allowed senders within the Anti-Spam policy. We recommend never adding your own accepted domains or commonly trusted domains to the allowed domains list. Moving forward, when you specify internal tenant owned/accepted domains and senders to this list, DMARC authentication check will be enforced on these domains or senders and they will be allowed by the system only if authentication passes on these domains/senders. Otherwise, despite being specified, allowing messaging from these domains will not be honored. In this way, our system will work to protect your organization against Spoofing attacks. In case you want to allow legitimate 'Spoofing' from these domains and senders, you will be able to continue adding them to Tenant allow block list - Spoofing (as you can do so today). Note: This will impact any messages that are received from outside your organization, where the sender's domain is part of your organization accepted domain list and fails authentication. What you need to do to prepare: To prepare for this change it is recommended that you review the spoof intelligence report and ensure that any intra-org messages where the sender/sending domain is part of your accepted domain pass authentication as expected. Note you do not need to update items where authentication fails and that failure is expected. Review your existing Anti-Spam policies within threat policies and consider updating the list of Allowed domains / Allowed senders to allow whom you trust. We recommend updating your necessary training documents accordingly. Learn More: · Configure your anti-spam filter policies · Create allowed spoofed sender entries using Tenant allow block list - Spoofing · Spoof intelligence insight · Spoof detections report MC411680 — Outlook Mobile Now Supports Multiple S/MIME Certificates Outlook mobile (iOS and Android) will allow users to manually select their S/MIME signing /encryption certificates if there is more than one valid certificate available, and set them as active for signing and encryption. When this will happen: GA: Rollout will begin in late July and is expected to be completed by end of August. Government Clouds: Rollout will begin in late August and is expected to be completed by mid-September. How this will affect your organization: If your company does not support S/MIME or does not need multiple S/MIME certificates, this will have no impact on you. If your company wants to use this feature, you will need to go on Intune and disable your SMTP address check for SMIME. Users will then be able to view multiple SMIME certificates and select them for signing and encryption. What you need to do to prepare: There is no action needed from you at this time if you do not need to use this feature. If this feature is needed, you can follow additional instructions in this link for setup. MC411675 — Microsoft Defender for Office 365: Updates to the common attachment filter in the anti-malware policy Microsoft 365 Roadmap ID 93431 In anti-malware policies, you can select specific file types to identify as malware using the common attachment filter. Any email message with attachments of these specific file types will be handled per the policy settings. You can configure this specific list of file types by selecting them from the pre-defined list in the policy properties in the Microsoft 365 Defender portal or by manually adding your own (custom) file types using the power shell Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell. Based on internal research and best practices guidelines from industry and other organizations, we are updating the list of file types that are available for selection. Currently, there are 95+ file types in the list, of which 13 are pre-selected by default in the common attachment filter settings. We are expanding this list to cover over 200 file types, of which over 50 are selected by default. After rollout, this new expanded list along with the default selection will automatically apply to: 1. Any new anti-malware policies that you create 2. The default anti-malware policy: The current list of the selection will be retained and appended with the new file types being added as part of default selection. As a result, the list of file selections in the default policy will be expanded while retaining all of the existing selection. There will be no changes to any of the other settings (like zap, admin notification configuration etc). The only change which will happen to the default policy is the expansion of the selection. The file selections in your existing anti-malware policies (enabled or not) will be retained and will not be updated automatically. You will need to manually update your existing policies with the recommended list of default file types (see below). In anti-malware policies, the common attachment filter allows you to select specific file types to block. Any email messages with these types of file attachment will be handled as per the policy settings. In addition to turning on the common attachment filter, you can customize the list of file types, but only by using the Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell. We’re enhancing the anti-malware policy experience of anti-malware policy by adding the ability to view/add/remove custom file types in the anti-malware policy settings in the Microsoft 365 Defender portal. When this will happen: Starting early September and completion of deployment by early October. How this will affect your organization: Once these changes are rolled out, the list of default file type selections to the newly created policies and the default policy will differ from your existing policies. As the selection in the default policy will be expanded, there could be some messages which could be quarantined due to new file type addition. You will need to review the existing policies and update the list with recommended file types (see below). What you need to do to prepare: Once these changes are rolled out, you can view/add/delete file types (extensions) for the common attachment filter in the anti-malware policy settings in the Microsoft 365 Defender portal. · Configure anti-malware policy · Configure custom file types using power shell command Review existing anti-malware policies and add the recommended file types to the block list. Since the default policy will now cover more file types, it’s likely that the expanded list of files in the default policy will block messages. If you do not want the new list of file types to be active, create a custom anti-malware policy (soon, before this feature deployment) with the file types that meet your needs. Review the following resources below to learn more: · Anti-malware policy · Anti-malware policy protection FAQ · Current list of file types in pre-populated list · Current list of default file type selection The list of file types: 7z, 7zip, a, accdb, accde,ace, action, ade, adp, apk, app, appx, appxbundle, arj, asf, asp, aspx, ani, avi, bat, bin, bundle, bz, bz2, bzip2, cab, caction, cer, chm, cmd, com, command, cpl, crt, csh, css, deb, der, dex, dgz, dll, dmg, doc, docm, docx, dot, dotm, dtox, dylib, elf, exe, font, gz, gzip, hlp, hta, htm, html, img, imp, inf, ins, ipa, iso, isp, its, jar, jnlp, js, jse, kext, ksh, lha, lib, library, lnk, lqy, lzh, macho, mad, maf, mag, mam, maq, mar, mas, mat, mav, maw, mda, mdb, mde, mdt, mdw, mdz, mht, mhtml, msc, mscompress, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msi, msix, msixbundle, msp, mst, o, obj, odp, ods, odt, one, onenote, ops, package, pages, pbix, pdb, pdf, php, pif, pkg, plugin, ppa, ppam, pps, ppsm, ppsx, ppt, pptm, pptx, prf, prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, pub, py, rar, reg, rev, rpm, rtf, scf, scpt, scr, sct, service, sh, shx, shb, shtm, so, sys, tar, tarz, terminal, tgz, tool, uif, url, vb, vbe, vbs, vhd, vsd, vsdm, vsdx, vsmacros, vss, vssx, vst, vstm, vstx, vsw, vxd, workflow, ws, wsc, wsf, wsh, xhtml, xla, xlam, xll, xls, xlsb, xlsm, xlsx, xlt, xltm, xltx, xz, z, zi, zip, zipx, The default selection from the above file type list is: ace, apk, app, appx, ani, arj, bat, cab, cmd,com, deb, dex, dll, docm, elf, exe, hta, img, iso, jar, jnlp, kext, lha, lib, library, lnk, lzh macho, msc, msi, msix, msp, mst pif, ppa, ppam, reg, rev, scf, scr, sct, sys, uif, vb, vbe, vbs, vxd wsc, wsf, wsh xll, xz z MC411674 — Exchange Online Protection: Anti-malware policy notification settings change Microsoft 365 Roadmap ID 93433 The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings. As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter: · True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification. · Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other): o Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications. o Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications. When this will happen: Starting early September and completion of deployment by early October. How this will affect your organization: Once these changes are rolled out, the current email notifications for recipients and senders will be stopped. Instead, any recipient notifications will be based on the selected quarantine policy (dropdown in the anti-malware policy). What you need to do to prepare: Review the 'Quarantine Policy' selection in your current anti-malware policies. With this feature change, for default and all existing policies, · The selection in the 'Quarantine Policy' dropdown will be used for any recipient notifications. · For the new settings in 'Common attachment filter detections', the selection will be set to 'Quarantine the message' option (which is the same as the Quarantine policy dropdown). Review the following resources below to learn more: · Create anti-malware policy · Quarantine policy · Quarantine policies in anti-malware policies · Use quarantine notifications to release and report quarantined MC411432 — We've changed the minimum iOS system requirements for Outlook for iOS and watchOS Outlook for iOS is supported on the two most recent versions of iOS. When a new version of iOS is released, Outlook’s Operating System requirement becomes the two most recent versions: the current version of iOS and watchOS and the previous version. With iOS 16 currently in beta, Outlook for iOS is preparing to drop support for iOS 14. In addition, once iOS 16 is released to GA, the system requirements for Outlook for iOS will be updated to reflect support for iOS 16. Microsoft will update the minimum system requirements for Outlook for iOS app from iOS 14 to iOS 15. Microsoft will retire support for watchOS 7. watchOS 8 and 9 will be the only supported versions for Apple Watch. How does this affect me?: After iOS 16 is released, Outlook devices running iOS 14, or lower will no longer receive Office app updates. At that time, customers will be able to continue to use the older version of Outlook for iOS. Once they update their device to iOS 15 or above, they will receive the newest version of Outlook. Over time, Outlook for iOS on iOS 14 devices will eventually stop synchronizing email and calendar data, unless they have a supported version of iOS. This change does not affect anyone using Outlook for iOS apps on iOS 15 or above. What do I need to do to prepare for this change?: We recommend that you communicate this change to your users to ensure they update their device operating system. Please click Additional Information to refer to the current minimum system requirements for Office 365. MC411428 — Microsoft Exchange Online: Change to soft-deleted period for inactive mailboxes When all holds and retention policies are removed from an inactive mailbox, it becomes soft-deleted and remains in Exchange for a period of time to allow for recovery before permanent deletion. Based on customer feedback, and to maintain consistency with other solutions, we will be changing this period to 30 days (from current 183 days). Following this change, after 30 days, any inactive mailboxes which are in a soft-deleted state are permanently deleted and are no longer recoverable. When this will happen: Rollout will begin in late August and is expected to be complete by end of September 2022. How this will affect your organization: When this change takes place, inactive mailboxes in the soft-deleted state which have been in this state for more than 30 days will be permanently deleted and no longer recoverable. What you need to do to prepare: No action is needed to enable this change. Learn more: Delete an inactive mailbox MC406647 — (Updated) General availability of Advanced Message Encryption - Office 365 Message Encryption portal access logs Microsoft 365 Roadmap ID 93372 Updated August 25, 2022: We have updated the rollout timeline below. Thank you for your patience. With this update, admins will be able to enable logging of external user activities accessing the Office 365 Message Encryption Portal to retrieve encrypted mail. When this will happen: Rollout will begin in mid-September (previously mid-August) and is expected to be complete by end of October (previously end of September). How this will affect your organization: This feature will enable logging of external user activities accessing the Office 365 Message Encryption Portal to retrieve encrypted mail. These logs can be retrieved using the Audit Logs functionality in the Microsoft Purview compliance portal. You can also access these audit logs through the management API. What you need to do to prepare: This feature is not available by default unless you have enabled auditing. To enable the feature, go to Microsoft Purview compliance portal > Audit log search page and select Turn on auditing. · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments You can enable the portal logs using Exchange PowerShell: · Set-IrmConfiguration -EnablePortalTrackingLogs $true Learn more: · Search the audit log in the Microsoft Purview compliance portal · Advanced Message Encryption MC405568 — (Updated) Addition of Shared Mailboxes to the Mailbox Usage Report Microsoft 365 Roadmap ID 93398 Updated August 9, 2022: We have updated the rollout timeline below. Thank you for your patience. In the coming weeks, the mailbox usage report will be expanded to include additional mailbox insights. When this will happen: Standard Release: We will begin rolling out late July and expect to complete by late August (previously early August). How this will affect your organization: Upon querying for the mailbox usage report, you'll have the ability to view shared mailboxes which previously were not included. You'll need to refine your query to include a recipient type column which will show both user and shared mailboxes, but recipient type will not be an option until the change rolls out. Once live, click here for additional information to explain changes you can make to your mailbox usage report to view shared mailboxes as well as user mailboxes. What you need to do to prepare: There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate. MC397458 — (Updated) Outlook Mac now supports retention Policy Microsoft 365 Roadmap ID 88849 Updated August 1, 2022: We have updated the rollout timeline below. Thank you for your patience. Use retention policies in Outlook for Mac to apply a policy to your messages in your mailbox. Retention policies define how long your messages will be saved. This update will only work in the new Outlook for Mac. Note: If your organization is not using Mac OS, you can safely disregard this message. When this will happen: We will begin rolling out June 2022 and expect to complete by end of August 2022 (previously end of July 2022). How this will affect your organization: If you already defined the retention policy on your tenant and use that in Outlook Windows and Outlook on the web, now you could see them available in New Outlook for Mac on the message list view context menu and message item context menu. What you need to do to prepare: You do not need do anything to prepare this. MC385450 — (Updated) Advanced Room Finder Coming to U.S. Government Clouds Microsoft 365 Roadmap ID 93293 Updated August 31, 2022: We have updated the rollout timeline below. Thank you for your patience. Room Finder is a web-based feature that you can set up for your users to find available meeting rooms and workspaces that are suitable for their use. Every meeting room and workspace must be set up in Exchange Online and added to a room list for it to display properly in Room Finder. The Advanced Room Finder enables users to browse or search for Buildings/Room Lists by city and then filter by room type, capacity, floor and features. When this will happen: The Advanced Room Finder is currently available in WWMT. It will begin rolling out to U.S. Government Clouds in early June and be completely rolled out by early September (previously mid-August). How this will affect your organization: Users will be able to browse and search for Buildings/Room Lists and then filter for rooms in a Building/Room List by type, capacity, floor and features. What you need to do to prepare: Admins should ensure Room and Workspaces Mailbox properties are set to ensure users can browse and filter, especially location and feature related properties. The Advanced Room Finder currently uses: City, Capacity, Floor, AudioDeviceName, VideoDeviceName, DisplayDeviceName, IsWheelChairAccessible, and Tags. Learn More: · How to Configure the New Room Finder in Outlook · Use the Scheduling Assistant and Room Finder for Meetings in Outlook · Configure rooms and workspaces for Room Finder in Outlook MC383875 — (Updated) Microsoft Defender for Office 365: updates to quarantine folder storage Microsoft 365 Roadmap ID 93302 Updated August 2, 2022: We have updated the content below for clarity. Thank you for your feedback. Microsoft Defender for Office 365 is making some changes to quarantine folder storage. The experience for users will remain the same and users can leverage the delete action to maintain the storage folder for their quarantined messages. When this will happen: Standard: will begin rolling out in mid-June and be completed by early September (previously late June). Government: will begin rolling out in mid-September (previously early July) and be completed by late September (previously late July). How this will affect your organization: In the case that a user’s quarantine storage is full, new incoming messages routed to quarantine will be rejected and an NDR will be generated for those messages. In the case of Zero hour Auto Purge, where malicious items need to be zapped from inbox to quarantine but there is no space, these messages will be instead, added to the junk mail folder. Note: When there is a False positive Zero hour Auto Purge, messages wrongly moved to the Junk mail folder can be added back to their original location. Previously, when messages were deleted by users from quarantine, those deleted messages could still be retrievable within a 30-day period after deletion was made. To help users better manage their storage, we will be introducing a hard delete experience whereby once the messages are hard deleted, they can’t be recovered. Note: End users will only be able to delete quarantine messages that their Administrators has given them access to through the quarantine policy. What you need to do to prepare: The goal for this communication is mostly for informational awareness. You may consider updating your training and documentation as appropriate. MC373889 — (Updated) Upcoming behavior change to the "DoNotRewrite" List Updated August 5, 2022: We have updated the rollout timeline below. Thank you for your patience. With the deployment of the Tenant Allow/Block List, as being the single source of truth for Tenant Allows, other mechanisms for Tenant Allows are being removed. This will give SecOps teams one place to manage all Tenant Allows. Today, “DoNotRewrite” list is used to Skip · wrapping URLs · Detonation(SONAR) · Verdicts. The intended purpose of "DoNotRewrite" is to give tenants the ability to skip the wrapping of URLs. With the deployment of the Tenant Allow Block List, it is expected that all tenant allows (ex Detonation(SONAR) and Verdicts) shall be managed there. When this will happen: We will begin rolling this out in early June and expect to complete by late September (previously late July). How this will affect your organization: With this change, the Do Not Rewrite List behavior will be changed back to its intended purpose to skip the wrapping of URLs: Learn More What you need to do to prepare: Review your "DoNotRewrite" URLs list(s) and ensure you have not added entries to it for uses other than to skip wrapping of URLs. Microsoft 365 MC394931 — (Updated) Microsoft 365 admin center: Reports in the Admin Center – API available to manage user, group, and site names Microsoft 365 Roadmap ID 93313 Updated August 9, 2022: We have updated the rollout timeline below. Thank you for your patience. Microsoft is releasing an API that helps Global Administrators change how user, group, and site names are displayed in the Microsoft 365 admin center based on their organization’s privacy practices without having to manually change the setting in Org Settings -> Reports. User, group and site names are concealed by default. When this setting is changed, administrative roles and the report reader role will be able to see identifiable user level information. Global reader and Usage Summary Reports Reader roles will not have access to identifiable user information, regardless of the setting chosen. Showing identifiable user information is a logged event in the Microsoft 365 Compliance Center Audit log. When this will happen: We will begin rolling out late June and expect to complete by late September (previously late July). How this will affect your organization: The update admin report setting API can be used with Global Administrator permissions. More information on the API can be found here Working with Microsoft 365 usage reports in Microsoft Graph Graph API names are update admin report settings and get admin report settings. NOTE: This change affects the following products and APIs, and will help companies support their local privacy laws: · Microsoft 365 Reports in the Microsoft 365 admin center · Microsoft 365 usage reports in Microsoft Graph · Microsoft Teams analytics and reporting in the Microsoft Teams admin center · The reportRoot: getSharePointSiteUsageDetail API (1.0 and beta) for SharePoint site detail What you need to do to prepare: There is no specific action required, but you may want to update your documentation as needed. Microsoft Purview MC423139 — Microsoft Purview | eDiscovery Premium - Collections progress, statistics, and workflow enhancements (preview) Microsoft 365 Roadmap IDs 93381 and 93382 Coming soon to public preview, we're rolling out enhancements for eDiscovery (Premium) Collections to simplify workflow and provide additional insights for eDiscovery admins. When this will happen: Rollout will begin in late September and is expected to be complete by late October. How this will affect your organization: With this preview update, eDiscovery admins can better understand the progress of Collections, see statistics on what content contributed to changes between estimated items with hits and actual collected items, and commit the collection directly from the estimate without navigating through the entire collection wizard. What you need to do to prepare: Get started by visiting the eDiscovery (Premium) solution in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: Learn about collections in eDiscovery (Premium) MC415900 — Microsoft Purview | Data Lifecycle Management and Records Management – Microsoft Graph APIs for extensibility (preview) Microsoft 365 Roadmap ID 88276 As a part of our extensibility vision and first release to Microsoft Graph, we are introducing three new APIs for retention labels, events, and event types in the Microsoft Graph beta environment. These APIs will enable you to customize and extend on what we have built in the product so far. These APIs can be used by compliance admins and developers to manage retention labels in Data Lifecycle and Records Management solutions. When this will happen: The APIs began rollout to the Microsoft Graph beta environment in mid-July and are now available in preview. How this will affect your organization: If your organization needs to automate any operation related to retention labels or events, we recommend you achieve this by using the new Graph APIs instead of using PowerShell cmdlets. With Graph, we use REST APIs that support better security, extensibility, and app authentication features. The three APIs are available under the security node and the endpoints to access them are as follows: Entity name Endpoints Solution Labels security/labels/retentionLabels Data Lifecycle Management, Records Management Events security/triggers/retentionEvents Records Management Event types security/triggerTypes/retentionEventTypes Records Management What you need to do to prepare: Permissions Currently, these APIs are supported through delegated permissions only, which are managed through the Graph interface. We are introducing two new permissions which you will need to access these APIs: · recordsmanagement.read.all · recordsmanagement.readwrite.all Licensing: Access to Data Lifecycle Management and Records Management features varies based on your Microsoft 365 license level. See Microsoft 365 guidance for security & compliance - Service Descriptions | Microsoft Docs for licensing requirement details. You can find the Data Lifecycle and Records Management solutions in the Microsoft Purview compliance portal. Learn more: · Learn more about retention labels: Create retention labels for exceptions - Microsoft Purview (compliance) | Microsoft Docs · Learn more about event-based retention: Start retention when an event occurs - Microsoft Purview (compliance) | Microsoft Docs · DLM and RM Graph APIs at Microsoft Build 2022: Automate and customize retention and deletion scenarios (microsoft.com) · Graph explorer platform: Graph Explorer | Try Microsoft Graph APIs - Microsoft Graph MC412837 — Microsoft Purview compliance portal: eDiscovery (Premium) supports Teams reactions (preview) Microsoft 365 Roadmap ID 88922 Coming to public preview, eDiscovery (Premium) will soon support discovery of reactions to Microsoft Teams chat and channel messages. When this will happen: Rollout will begin in mid-August and is expected to be complete by late September. How this will affect your organization: You will soon be able to discover Teams reactions in eDiscovery (Premium), including heart, thumbs up, thumbs down, laugh, surprised, and angry. This detail can provide additional user sentiment context for items captured in an eDiscovery (Premium) collection. What you need to do to prepare: Get started by visiting the eDiscovery (Premium) solution in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: · eDiscovery (Premium) workflow for content in Microsoft Teams · Learn about collections in eDiscovery (Premium) MC412835 — Microsoft Purview | Information protection: Co-authoring encrypted documents on mobile devices (GA) Microsoft 365 Roadmap ID 98089 Currently available in public preview (MC337330), the ability to co-author Microsoft Purview Information Protection encrypted documents on both Android and iOS mobile devices will soon be generally available. When this will happen: Rollout will begin in late August and is expected to be complete by mid-September. How this will affect your organization: With this update, users will be able to collaborate seamlessly on documents encrypted with Microsoft Purview Information Protection from mobile devices (Android and iOS). This allows for greater flexibility and productivity on the go and supports hybrid and remote work scenarios. This expands on existing co-authoring support for Windows and Mac desktops and Office on the web. What you need to do to prepare: To use this feature, install or update Office Mobile, Word, Excel, or PowerPoint to version 16.0.14931 or higher on Android or 2.58.207 or higher on iOS. Note: This feature is gated by the ‘Co-authoring for files with sensitivity labels’ setting for your tenant in the Microsoft Purview compliance portal (Global admin rights required). · If you have already enabled the setting to use co-authoring on Desktop apps, mobile support will be enabled automatically on the supported versions. · If you have not, you can opt-in to the setting to enable Co-authoring for both Desktop and Mobile apps when ready To get started, visit the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for WW commercial and GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: Enable co-authoring for encrypted documents MC412378 — Microsoft Purview compliance portal: Exact Data Match updated UI wizard Microsoft 365 Roadmap ID 88895 We're rolling out a new Exact Data Match (EDM) UI wizard experience to provide a more simplified and automated way to configure EDM sensitive information types (SITs) in the Microsoft Purview compliance portal. When this will happen: Rollout will begin in mid-August and is expected to be complete by late August. How this will affect your organization: The new wizard in the Microsoft Purview compliance portal will enable easier and quicker configuration of EDM SITs and utilizes automation to reduce manual inputs. This new UI includes a guided experience that suggests the most accurate SITs to consider for the EDM configuration, which is based on an analysis of sample data supplied by the admin; the sample data uploaded should be representative of the actual specific sensitive data that is to be protected through the use of EDM. What you need to do to prepare: To explore the updated EDM wizard, visit the Microsoft Purview compliance portal > Data classification > Exact data matches, and use the toggle to switch between the legacy UI and the new EDM experience. · Microsoft Purview compliance portal for Worldwide and GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: Get started with Exact Data Match MC412376 — Microsoft Purview: eDiscovery (Premium and Standard) - Jobs limit update Microsoft 365 Roadmap ID 93365 We will soon be making changes to jobs-related limits enforced in eDiscovery (Premium and Standard) solutions to give your organization’s eDiscovery administrators and managers greater flexibility on how jobs are run and what types of jobs can be run at the same time. When this will happen: Rollout will begin in mid-September and is expected to be complete by end of October. How this will affect your organization: With the introduction of new features to our eDiscovery services over the past few years, various limits have been introduced as a way to ensure resources are properly allocated and service stability can be maintained--this includes a range of jobs-related limits. In an effort to make these limits easier for users to understand and track, we are simplifying jobs-related limits in both eDiscovery Premium and Standard as outlined in the following table. * eDiscovery (Premium) jobs count towards eDiscovery (Standard) limit but not the other way around. I.e. If you have 50 jobs running in Premium, then you won’t have room to start any Standard jobs until 1 or more of these jobs are completed. This set of limits updates it not likely to significantly affect your organization’s eDiscovery workflow; the simplified jobs level limits either maintain the original limit set forth or increase flexibility by removing the specific job type associated with the limit. What you need to do to prepare: Assess whether the changes will change your organization’s eDiscovery workflow. If so, update internal documentation. Provide training to all eDiscovery users in your organization and update relevant documentation if needed. Access the eDiscovery solution in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for WW and GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: Microsoft Purview eDiscovery solutions MC412375 — Microsoft Purview Information Protection: Sensitivity labels now apply to modified documents (WXP on PC and Mac) Microsoft 365 Roadmap ID 93209 Currently available in public preview (MC393822), default labeling policies can be applied to any supported document that a user edits, not just a new document. This update applies to Word, Excel, and PowerPoint documents on PC and Mac platforms. When this will happen: Rollout will begin in late August and is expected to be complete by mid-October. How this will affect your organization: If you’ve configured users for a default sensitivity label policy for Office documents, the label you chose will automatically be applied to Word, Excel, and PowerPoint documents that users create or modify. Previously, this only applied to new documents only. Note: This functionality is now generally available for Word, Excel, and PowerPoint documents on the Web (MC305436), and with this update will extend to Word, Excel, and PowerPoint on PC and Mac. What you need to do to prepare: View sensitivity labels and their policies and settings in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for WW and GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: · Get started with sensitivity labels · Learn about the default labels and policies to protect your data MC412046 — Microsoft Purview | Data Loss Prevention – Customizable DLP policy violation justification (GA) Microsoft 365 Roadmap ID 93376 Now available in Microsoft Purview Data Loss Prevention, we're introducing the ability to customize the justification options that appear when end users request to override blocked actions as defined by DLP policy. When this will happen: This update is now available. How this will affect your organization: With this update, admins can customize and replace out-of-the-box justifications with text specific to the organization's policies and business needs. This enables organizations to better define relevant and appropriate justifications for overriding blocked actions and activities that are detected by DLP policies. What you need to do to prepare: Configure DLP policies and settings from the Data loss prevention solution in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: Send email notifications and show policy tips for DLP policies MC384312 — (Updated) Microsoft Purview | eDiscovery (Premium) - Case limit enhancements Microsoft 365 Roadmap ID 85631 and 88896 Updated August 16, 2022: We have updated the rollout timeline below. Thank you for your patience. We're rolling out a new case format in eDiscovery (Premium), increasing the total amount of content that can be managed in a single eDiscovery (Premium) case. Additionally, when selecting this new case format setting during case creation, eDiscovery admins have the option to collect Teams conversations as a transcript. When this will happen: · GCC: Rollout will begin in mid-June and is expected to be complete by late July. - Complete · GCC-High and DoD: Rollout will begin in mid-June and is expected to be complete by late September (previously late July). How this will affect your organization: The new case format accommodates an increase in case size in response to time-sensitive, high-volume regulatory requests, investigations, and litigation in modern day regulated organizations. With the new case format in eDiscovery (Premium), organizations will be able to: · Create collections with up to 1 TB of data · Commit collections with 1TB of pre-expansion data to a review set · Collect Teams chat conversations as HTML transcripts as opposed to individual items · Export 5 million documents or 500 GB of data (whichever is smaller) in a single export job · Manage large volume cases with more than 40 million items per case New case format support in eDiscovery (Premium) won’t affect your organization’s current eDiscovery workflow in existing cases. When creating a new case, you will have the ability to choose between a classic case (the existing case format) or new case format. With the new case format, you can create up to 1 TB of content per collection and then commit the collection to a single review set. When collecting content using the new case format, cloud attachments and contextual Teams and Yammer content are automatically added to the review set. This functionality helps to provide you with a complete picture of digital communications. With the new case format, you can manage large volume cases in excess of 40 million items per case, and effectively manage large data sets throughout the eDiscovery process. As part of the new case format, eDiscovery admins will be able to collect Teams messages in transcript format. Instead of each message within a thread/conversation being brought into the review set and processed/exported individually, an entire transcript of the thread/conversation would be brought into the review set. What you need to do to prepare: Review and assess if the new case format will affect your organization’s eDiscovery workflow and, if necessary, update your internal documentation accordingly. Learn more: · Use new case format in eDiscovery (Premium) · Teams transcript conversation threading in eDiscovery (Premium) You can access the eDiscovery (Premium) solution here: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments MC375741 — (Updated) Microsoft Purview compliance portal: Announcing data purge capabilities for Microsoft Teams content (preview) Microsoft 365 Roadmap ID 88975 Updated August 18, 2022: We have updated the rollout timeline below. Thank you for your patience. Coming to preview, this new feature extends data purge functionality to Microsoft Teams content to facilitate the purge of sensitive or misplaced data. When this will happen: Rollout to public preview will begin in early September (previously mid-July) and is expected to be complete by late September (previously mid-August). How this will affect your organization: Data spillage occurs when a confidential document is released into an untrusted environment. An eDiscovery case provides an effective way to manage data spillage investigations, so you can quickly assess the size and locations of the spillage, examine user activities around it, and then permanently purge the spilled data from the system. With this update, you will be able to include Teams content in the scope of the data purge. Note: Data purge can't delete items in a review set in eDiscovery (Premium) because the review set contains copies of items in the live service that are stored in an Azure Storage location. To delete items in a review set, you have to delete the eDiscovery (Premium) case that contains the review set. The purge signal will be available via the eDiscovery (Premium) Graph APIs, currently in public preview. For more information, see Close or delete an eDiscovery (Premium) case. What you need to do to prepare: Access the eDiscovery solution in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-H cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: · Search for and delete chat messages in Teams MC321247 — (Updated) Advanced eDiscovery: Enhanced import custodians wizard experience Microsoft 365 Roadmap ID 88814 Updated August 5, 2022: We have updated the rollout timeline below. Thank you for your patience. Coming soon to general availability, the Import custodian's wizard experience in Advanced eDiscovery allows eDiscovery managers to quickly validate and remediate any errors in their CSV file before submitting custodian import jobs. When this will happen: Rollout will begin in late February and is expected to be complete by late September (previously late July). How this will affect your organization: Previously, when you uploaded a CSV file to import multiple custodians into an Advanced eDiscovery case, the system did not perform an initial check to validate the values in the CSV file. We’ve heard from many of you that it’s painful to wait a long time for the import custodian job to complete, only to discover that the job has failed due to uncaught typos in the uploaded CSV file. Now, with the enhanced import custodian's wizard experience, the system performs a set of initial checks to quickly identify errors in the uploaded CSV file before initiating the long running import custodians' job. Download list of errors with information on the specific row, column, and error description to remediate the identified errors prior to your import. Import the CSV file with confidence after remediating all the errors. Note: For best results, consider splitting your CSV file for importing custodians into multiple files to work within the following limits: · 1,000 custodians (1,000 rows) per CSV file · 500 additional data sources per custodian (using the columns Workload 1 Type, Workload 1 location, Workload2 Type, Workload2 Location, and so on). What you need to do to prepare: Your organization must have the appropriate organization subscription for Advanced eDiscovery, and you must be an eDiscovery Administrator in your organization to manage communication templates and issuing officers. Access the Advanced eDiscovery solution in the Microsoft 365 compliance center: · Microsoft 365 compliance center for WW and GCC · Microsoft 365 compliance center for GCC-High · Microsoft 365 compliance center for DoD Learn more: · Import custodians to an Advanced eDiscovery case · Overview of Microsoft 365 Advanced eDiscovery MC321240 — (Updated) Advanced eDiscovery: Updated timing for rollout of hold optimizations for U.S. gov clouds Microsoft 365 Roadmap ID 70586 Updated August 5, 2022: We have updated the rollout timeline below. Thank you for your patience. Timing update: We ask that you pardon our delay of this earlier planned feature release. We are now ready to proceed rolling out to Government environment. As previously announced in (MC256277 - Aug 2021), we're rolling out various service optimizations for Advanced eDiscovery, including service improvements for hold. · Pre rollout (current): users see an error message when placing more than 1,000 mailboxes or 100 sites on hold which is the limit for eDiscovery holds. · Post rollout: when placing more than 1,000 mailboxes or 100 sites on hold, the system will automatically scale the eDiscovery legal hold as needed. Note: This is achieved as the system automatically adds data locations to multiple holds, instead of adding them to a single hold. When this will happen: Rollout will begin in early March and is expected to be complete by late September (previously early July). How this will affect your organization: The system will automatically scale eDiscovery legal holds as needed when you use the following Advanced eDiscovery custodian workflows: · Advanced eDiscovery > Case > Data sources o Add new custodians o Import custodians o Data source > Edit o Data source > Release · Microsoft Graph eDiscovery API (beta) o Custodian resource type § userSources § siteSources § unifiedGroupSources Not all locations associated with a single custodian are guaranteed to be added to the same hold. This release only impacts custodian workflows within an Advanced eDiscovery case. · Creating query-based holds (Advanced eDiscovery > Hold > Create) will not automatically scale and will return same error as before due to hitting the limit. · Adding non-custodial data locations (Advanced eDiscovery > Data sources > Add data locations) will not automatically scale and will return same error as before due to hitting the limit. · This change does not affect holds in Core eDiscovery or the corresponding PowerShell cmdlets and will not impact any existing automation scripts that use PowerShell cmdlets. All existing eDiscovery hold limits remain unchanged. We are also changing naming schema in Advanced eDiscovery for auto-created legal holds: · Existing naming convention for legal holds created by the system is: CustodianHold-{Case id}, for example, CustodianHold-b3d6b416-234f-47f8-b446-930df275be4e · New naming convention for legal holds created by the system is: CustodianHold-{truncated case id}-{policy creation time in ticks}; for example, CustodianHold-b3d6b416234f47f8-0637541049083233486 What you need to do to prepare: You might want to notify your users about this new capability and update your training and documentation as appropriate. Access the Advanced eDiscovery solution in the Microsoft 365 compliance center: · Microsoft 365 compliance center for GCC · Microsoft 365 compliance center for GCC-High · Microsoft 365 compliance center for DoD Learn more: · Advanced eDiscovery hold limits · Importing custodians to an Advanced eDiscovery case · Automate Advanced eDiscovery legal hold workflows that involve large scale cases using Microsoft Graph eDiscovery API MC320945 — (Updated) Advanced eDiscovery: General availability of Communication templates and issuing officer settings Microsoft 365 Roadmap ID 88813 Updated August 5, 2022: We have updated the content with additional links to resources. We're soon rolling out new features to improve the efficiency of your hold notifications. Communication Library in Advanced eDiscovery allows eDiscovery administrators to create communication templates to quickly draft hold notifications. Issuing officer settings allows eDiscovery admins to manage a list of issuing officers for your organization to send hold notifications on behalf of. When this will happen: Rollout will begin in late February and is expected to be complete by late September (previously late July). How this will affect your organization: Communication templates Previously, to send out multiple legal hold notices, eDiscovery managers had to repetitively follow the same multi-step process outlined in documentation (Create a legal hold notice - Microsoft 365 Compliance). With this update, eDiscovery admins can now manage a list of communication templates for their organization. eDiscovery managers can simply select from one of the pre-configured templates, instead of starting from scratch every time. To create, edit, and delete communication templates, navigate to Advanced eDiscovery > Settings > Communication Library. Previously, only eDiscovery case members with an active mailbox could be selected as issuing officers to send the legal hold notice on behalf of. With this update, eDiscovery admins can manage a list of issuing officers for their organization, without adding these issuing officers as “case members”, granting unnecessary access to each eDiscovery case. If an organization has a dedicated attorney “John Doe” to send all their hold notices on behalf of, an eDiscovery admin can simply add John Doe as an issuing officer under Advanced eDiscovery settings, without adding John Doe to all their cases as a case member. To add and delete issuing officers, navigate to Advanced eDiscovery > Settings > Issuing officer. Once the above settings are defined, you can select the issuing officer and the communication template options for your new legal hold notification from Case > Communications > New communication. What you need to do to prepare: Your organization must have the appropriate organization subscription for Advanced eDiscovery, and you must be an eDiscovery Administrator in your organization to manage communication templates and issuing officers. Access the Advanced eDiscovery solution in the Microsoft 365 compliance center: · Microsoft 365 compliance center for WW and GCC · Microsoft 365 compliance center for GCC-High · Microsoft 365 compliance center for DoD Learn more: · Create a legal hold notice · Overview of Microsoft 365 Advanced eDiscovery · Manage custodian communications templates in Advanced eDiscovery · Manage issuing officers in Advanced eDiscovery MC306112 — (Updated) Microsoft 365 compliance center; third party data connectors (Veritas) Microsoft 365 Roadmap ID 82038 Updated August 12, 2022: We have updated the rollout timeline below. Thank you for your patience. Admins can use data connectors to import and archive third-party data from social media platforms, instant messaging platforms, and more to mailboxes in your Microsoft 365 organization. This enables you to extend various Microsoft 365 compliance solutions to the imported content, helping ensure that non-Microsoft data is in compliance with the regulations and standards that affect your organization. As previously announced in (MC267138 - July 2021), we are rolling out a new set of data connectors from Veritas to expand this capability to an additional group of third-party data sources. Note: We are rolling out these connectors first to public preview before making them generally available. When this will happen: Public preview: will begin rolling out in late December 2021 and is expected to be complete by early January 2022. Standard: will begin rolling out in late September (previously late July) and is expected to be complete by mid-October (previously mid-August). How this will affect your organization: The following Veritas Technologies (formerly Globanet) data connectors are being onboarded to the GCC environment: · CellTrust · Cisco Jabber on MS SQL · Cisco Jabber on Oracle · Cisco Jabber on PostgreSQL · EML · FX Connect · Jive · MS SQL Database · Pivot · Redtail Speak · Reuters Dealing · Reuters Eikon · Reuters FX · RingCentral · Salesforce Chatter · ServiceNow · Skype for Business · Slack eDiscovery · Symphony · Text-delimited · Webex Teams · Webpages · Workplace from Facebook · XIP · XSLT/XML · Yieldbroker · YouTube · Zoom Meetings Note: Before you can archive data in Microsoft 365, you have to work with Veritas to set up their archiving service (called Merge1) for your organization. What you need to do to prepare: You can access data connectors within the Microsoft 365 compliance center. Learn more about third-party data connectors and the compliance solutions that support third-party data MC301684 — (Updated) General availability of AIP client and scanner audit logs in Microsoft 365 Audit and Activity explorer This message is associated with Microsoft 365 Roadmap ID 89777 Updated August 8, 2022: We have updated the rollout timeline below. Thank you for your patience. Azure Information Protection (AIP) administrators will soon be able to access data in Microsoft 365 compliance center Audit logs and Activity explorer, in addition to the AIP Analytics (Preview) portal. When this will happen: Rollout will begin in early December and is expected to be complete by late September (previously late July). How this will affect your organization: As part of our unified labeling and analytics experience across the Microsoft Information Protection (MIP) solution, we are expanding your ability to access and review data logged by AIP client, scanner, and MIP SDK beyond the existing AIP Analytics (Preview) portal. · With this update, audit logs reported by the AIP client, the AIP scanner, and MIP SDK flowing today into the Log Analytics workspace will also be available in Microsoft 365 Audit logs. · Additionally, you can use the Activity explorer screen for additional insights into labeling activity and history. What you need to do to prepare: Your data will be available in Activity Explorer, and you will be able to explore your AIP audit logs in Microsoft 365 portal. No action is needed as audit log data will flow into Activity Explorer by default. If you wish to opt-out, please follow the procedure explained here. Administrators will be able to continue exploring AIP Audit logs in the Log analytics workspace in the AIP Analytics (Preview) portal. This is a supplemental access point. You might want to notify your administrators about this new capability and update your training and documentation as appropriate. Get started with Activity explorer in the Microsoft 365 compliance center: · Microsoft 365 compliance center for GCC · Microsoft 365 compliance center for GCC-H · Microsoft 365 compliance center for DoD Microsoft Defender MC408693 — Announcing automatic redirection from Office 365 Security and Compliance Center to Microsoft 365 Defender portal Microsoft 365 Roadmap ID 93418 We will soon begin redirecting users from the legacy Office 365 Security & Compliance Center to Microsoft 365 Defender portal in GCC, GCC-High and DoD environments, for all security workflows including: Alerts, Threat Management and Reports. GCC Environment: · Office 365 Security & Compliance Center old URL: protection.office.com · Microsoft 365 Defender new URL: security.microsoft.com GCC-High Environment: · Office 365 Security & Compliance Center old URL: scc.office365.us · Microsoft 365 Defender new URL: security.microsoft.us DoD Environment: · Office 365 Security & Compliance Center old URL: scc.protection.apps.mil · Microsoft 365 Defender new URL: security.apps.mil Items in the Office 365 Security & Compliance Center scenarios that are not related to security are not redirected to Microsoft 365 Defender. For compliance solutions redirection to Microsoft 365 Compliance Center, see MC244886. This is a continuation of Microsoft 365 Defender delivers unified XDR experience to GCC, GCC High and DoD customers - Microsoft Tech Community, announced in March 2022. When this will happen: Standard Release: We will begin rolling out early September 2022 and expect to complete by late October 2022. How this will affect your organization: Users accessing the security solutions in the Office 365 Security & Compliance Center will be automatically redirected to the appropriate solutions in the Microsoft 365 Defender portal. This change enables users to view and manage additional Microsoft 365 Defender security solutions in one portal. This change impacts all customers who use the Office 365 Security & Compliance Center in GCC, GCC High and DoD environments, including Microsoft Defender for Office (Plan 1 or Plan 2), Microsoft 365 E3 / E5, Office 365 E3/ E5 and Exchange Online Protection. For the full list, see Security & Compliance Center - Service Descriptions | Microsoft Docs. This change impacts all users who logs in to the Office 365 Security & Compliance center portal, including security teams as well as end-users (who access the Email Quarantine experience, at the Microsoft Defender Portal > Review > Quarantine). What you need to do to prepare: Redirection is enabled by default and impacts all users of the Tenant. Global Administrators and Security Administrators can turn on or off redirection in the Microsoft 365 Defender portal by navigating to Settings > Email & collaboration > Portal redirection and switch the redirection toggle. MC387033 — (Updated) Microsoft Purview Data Lifecycle Management: Temporary rollback of Adaptive policy scopes for retention Updated August 23, 2022: We have updated the rollout timeline below. Thank you for your patience. As previously announced in Message Center post (MC306670 - December 2021 and tracked via Microsoft 365 roadmap ID 70578), we rolled out adaptive policy scopes for retention policies and retention label policies to your cloud environment. We recently discovered an issue that impacts creation of adaptive policy scopes in GCC High and DoD environments, caused by an incompatible older version of the service. To ensure compatibility of this service with the adaptive policy scopes feature, we will roll back this feature immediately. How this will affect your organization: You are receiving this message because your Microsoft 365 license grants access to Microsoft Purview Data Lifecycle Management and Records Management solutions, and you are currently unable to use the adaptive policy scopes feature. Until this issue is resolved, you will continue to be unable to create adaptive scopes or use them in retention policies and label policies. What you need to do to prepare: We are working diligently to address this issue and anticipate relaunching adaptive policy scopes feature by the end of October (previously end of August). Status of this feature will be tracked via Microsoft 365 roadmap item 93329. There is nothing you need to do to prepare. Once this issue has been resolved we will notify you via Message Center. Learn more about this feature: Adaptive policy scopes allow data administrators to scope retention policies and retention label policies to a dynamic set of users, SharePoint sites, or Microsoft 365 Groups. They do this by using the properties or attributes associated with these locations. Adaptive policy scopes work with all locations, including Exchange mailboxes, Microsoft 365 Groups, SharePoint sites, OneDrive accounts, Teams chats and channel messages (including private channels), and Yammer user and community messages. · Documentation: Learn about retention policies & labels to automatically retain or delete content · Blog: Adaptive Policy Scopes Microsoft 365 Records Management · Webinar: Deep dive on adaptive solutions MC296611 — (Updated) Microsoft Defender for Office 365: Introducing Built-In-Protection Microsoft 365 Roadmap ID 72208 Updated August 30, 2022: We have updated the rollout timeline below. Thank you for your patience. Note: this has begun being enforced for organizations where it is already available. We are introducing a powerful new default security preset called Built-in-Protection in Defender for Office 365. Built-in-Protection is a third preset security policy (like the Standard and Strict preset policies), and is enabled by default for all new and existing customers. It will implement a version of Safe Links and Safe Attachments resulting in low impact on the end-user. It's low impact as the end user experience will not be changed - URL links will not be wrapped. However, it will implement delivery time file and URL detonation as well as time of click protection. Key points: · Timing: We will begin rolling out in mid-December and complete by early October (previously late August). o Beginning in early November, you will be able to view the Built-in-Protection preset in the Defender for Office 365 portal and configure any exceptions required ahead of the policy enablement rollout that begins in mid-December. · Action: Review and assess impact to users in your organization. Note: Configured exceptions will be honored for the Safe Links and Safe Attachment settings within Built-In-Protection when it is eventually enabled for your tenant. Configured exceptions do not apply to the global Safe Links and Safe Attachment settings within Built-in-Protection. To changes these settings after Built-in-Protection is enabled, admins can modify the global Safe Attachments or global Safe Links policies directly at any time. To learn about the specific settings set by Built-in-Protection, please see: Microsoft recommendations for EOP and Defender for Office 365 security settings - Office 365 | Microsoft Docs How this will affect your organization: Built-In-Protection will not impact users who currently have a Safe Links or Safe Attachments policy in place. Note: For users already covered under the standard or strict preset; or under an explicit custom policy, this new built-in preset will not impact them as this policy has the lowest priority. Policies will be applied in the following order of precedence: 1. Strict 2. Standard 3. Custom 4. Built-In-Protection or default This means that if additional domains are added to your tenant, they will automatically be protected through Built-In-Protection with a base level of Safe Links and Safe Attachment. This will reduce the administrative burden and time involved to protect these users, as they'll get instant protection under the Built-in preset. What you need to do to prepare: No security admin action is required. You will want to review the impact to users who are not already protected under a standard or strict preset or under an explicit Safe Links and Safe Attachment custom policy. · We will release the option to configure exceptions in the Microsoft 365 Defender portal in early November ahead of enabling the Built-In-Protection policy. · Although we do not recommend it, we recognize the need for some organizations to exclude certain users or groups from Built-In-Protection and admins will have the opportunity to configure these exceptions ahead of December rollout. This is rolling out default on. Learn more: · MDO blog announcing Built-In-Protection · Learn how to configure Built-in-Protection · See the specific settings set in Built-In-Protection Microsoft 365 IP and URL Endpoint Updates August 29, 2022 - GCC June 29, 2022 – GCC High August 29, 2022 - DOD Continue reading...

With an increasing number of users choosing to access company resources from mobile devices to improve productivity, organizations are tasked with balancing more employee flexibility with where and how they work while maintaining effective security practices. To do this, organizations are implementing mobile threat defense (MTD) solutions that give IT and security teams greater visibility into the threats directed at their diverse mobile fleet. We are excited to announce that Microsoft Defender for Endpoint is now available on Android Enterprise (AE) company-owned personally enabled (COPE) devices. This release adds to the already existing support for installation on enrolled devices for AE bring your own device (BYOD) and AE fully managed modes, the legacy Device Administrator mode, and the unenrolled mobile application management (MAM) devices. Company-owned personally enabled devices are owned by an organization and issued to their employees. Both the enterprise and the employee can install applications onto the device. Cope architecture uses containerization tools like a work profile to maintain separation between personal and work data, and the applications used for each. This provides admins full management control within the work profile while only limited visibility into the personal profile. This practice helps admins continue to enforce policies while maintaining employee privacy. This release gives Android Enterprise COPE devices all the capabilities our Defender for Endpoint for Android devices offering has available today including phishing and web protection, malware scanning, network protection (preview) and additional breach prevention through integration with Microsoft Endpoint Manager and Conditional Access. We are excited to share this new release with you. For more details, please refer to the documentation here. We look forward to hearing your feedback. Continue reading...

Age mellowed me.

Great. It's another sunny day in Florida.