AWS

Today, Microsoft Viva unveiled a new service designed to help people find solutions and save time. Answers in Microsoft Viva connects employees to the answers they need by crowdsourcing knowledge from across the organization. Answers is a conversational experience for asking questions and connecting to experts for answers. Natural language processing helps match those questions with any existing answers, and the experience rewards experts who contribute back to the knowledge base. Answers works across the suite to connect employees based on their subject matter expertise captured in Viva Topics, to get their questions answered, connect with new experts, and increase their learning. Initially it will come to Viva Engage and then to Topic Pages in early 2023. Answers within Viva Engage A new Answers tab in Viva Engage will serve as a hub for employees to ask questions, find solutions, discover knowledge, and help coworkers. The Answers tab will be available within Engage to Viva Suite customers. Answers in Viva brings knowledge to you across Viva Engage web, client, and mobile experiences. Answers helps organize questions and solutions by connecting to existing knowledge and experts. A look at the Answers hub in Viva Engage Users can ask questions, see recommendations, and contribute their own answers to open questions. Add a Topic to see recommended similar questions Users can also follow individual topics and get notifications when new questions are available. Targeted feeds and rewards help encourage experts to share their knowledge and help coworkers. Get rewarded for participating and answering questions And analytics provide a view into both individual contributions to the organizational knowledge base and the value of the overall solution to the organization. Watch this Microsoft Mechanics video for a demo on how Answers shows up in Viva Engage. Answers within Viva Topics How many times have you faced a question but were unsure who to ask? Viva Topics can help. Since Viva Topics already lists suggested experts for a given subject, it's a natural place to connect questions with experts who can answer them. In time, Answers will come to Topic Pages. More resources In case you missed it, watch the Empowering Your Workforce in Economic Uncertainty event and hear from Satya Nadella, Chairman and CEO of Microsoft, Ryan Roslansky, CEO of LinkedIn, and Jared Spataro, Microsoft's CVP of Modern Work, for urgent insights every leader needs to know in a rapidly changing economic environment. To learn more about other Microsoft Viva innovations announced today, read the Microsoft 365 blog by Seth Patton, check out the Microsoft Viva website, and explore the Viva Innovation Brochure. Stay tuned as we’ll have more to share about Microsoft Viva soon! Continue reading...

Browsers are becoming a place for people to get a lot of focused work done. And we all know that when you multitask there is a high chance of losing focus and context. For instance, you might be reading an interesting article on the browser and suddenly receive an email notification and your browser tab is left open and never attended to again. Additionally, many a time you toggle between different tabs, to refer some web content while composing an email. The teams at Microsoft Edge and Outlook want to help people achieve more without losing their flow and focus. Microsoft Outlook is now integrated with Microsoft Edge sidebar and helps you access your emails/calendar/contacts/tasks side by side within the browser even when you navigate between tabs. Let’s say, you want to sign into a website and its asking for your email address to send you a verification code for validation. You can easily open Outlook in the sidebar to find the mail and copy/paste the code onto the prompt without switching tabs. It’s that simple! You can also open Outlook in full screen using the expand button on the top right, if you feel the side pane is too small for composing mails or reading a long mail thread. The sidebar is available for users in English markets with the latest version of Microsoft Edge only for personal accounts. Check out the other features you can access in the sidebar here. What's Next? This is just the beginning; we are continually updating Outlook and will be adding more capabilities in future. You will be able to access your work/school accounts very soon. Additionally, we are working to make the Outlook experience more interactive, with notifications. Support for multiple accounts and dark mode is also in the future plan. Continue reading...

Newsworthy Highlights Microsoft To Do app for iOS and Android launching in GCC We are excited to announce that the iOS and Android apps for Microsoft To Do (a tool for managing and sharing tasks and lists) is rolling out to GCC (Government Community Cloud) users. The rollout begins in late August, with plans to be completed by mid-September. This launch will add the mobile apps to the web and Outlook functionality that GCC accounts already have today. Basic Authentication Deprecation in Exchange Online – September 2022 Update Starting October 1st, we will start to randomly select tenants and disable basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. We will post a message to the Message Center 7 days prior, and we will post Service Health Dashboard notifications to each tenant on the day of the change. Today we are announcing an update to our plan to offer customers who are unaware or are not ready for this change. GCC customers check your tenant Message Center for further details. Microsoft To Do app in GCC - what are the possibilities? Since Microsoft To Do app is launching in GCC , what kinds of tasks are you planning to use it for in the GCC space? What would you like to see? Microsoft 365 Government Adoption Resources Empowering US public sector organizations to transition to Microsoft 365 Release News Exchange Online August 2022 Exchange Server Security Updates and support for Windows Extended Protection feature SharePoint / OneDrive for Business The automated fix suggestion that help users rename the problematic files on Windows and thus resolve the sync issue around them is expanding to Mac OS A new feature was implemented that changes the format that is used to create user photo names from a UPN based format to ObjectId based format The Enterprise websites Microsoft Graph connector allows your organization to index articles and content from its internal-facing websites Teams Q&A in Teams lets organizers create and moderate Q&A for their Teams meetings Users will be able to capture a short video and playback in-line in Teams desktop and mobile Pre-assign channel members to breakout rooms User requests for apps in Teams store Microsoft Purview Temporary rollback of Adaptive policy scopes for retention & label policies in GCC-High and DoD eDiscovery API for Microsoft Graph now generally available Security/Identity Co-authoring on Microsoft Information Protection encrypted documents on mobile devices Microsoft 365 Microsoft 365 Apps implications when Windows 7 and Windows Server 2008 R2 Extended Security Updates (ESU) ends support on January 10, 2023 Microsoft Forms: Utilize Office Apps Administrator Role for Forms Administration Microsoft 365 Management Activity API Fix Redesigned Dictate toolbar and an additional 25 languages available to Microsoft 365 Apps Dictation and OneNote References and Information Resources Microsoft 365 Public Roadmap This link is filtered to show GCC, GCC High and DOD specific items. For more general information uncheck these boxes under “Cloud Instance”. Stay on top of Microsoft 365 changes Here are a few ways that you can stay on top of the Office 365 updates in your organization. Microsoft Tech Community for Public Sector Your community for discussion surrounding the public sector, local and state governments. Microsoft 365 for US Government Service Descriptions · Office 365 Platform (GCC, GCCH, DoD) · Office 365 U.S. Government GCC High endpoints · Office 365 U.S. Government DoD endpoints · Microsoft Purview (GCC, GCCH, DoD) · Enterprise Mobility & Security (GCC, GCCH, DoD) · Microsoft Defender for Endpoint (GCC, GCCH, DoD) · Microsoft Defender for Cloud Apps Security (GCC, GCCH, DoD) · Microsoft Defender for Identity Security (GCC, GCCH, DoD) · Azure Information Protection Premium · Exchange Online (GCC, GCCH, DoD) · SharePoint (GCC, GCCH, DoD) · OneDrive (GCC, GCCH, DoD) · Teams (GCC, GCCH, DoD) · Office 365 Government (GCC, GCCH, DoD) · Power Apps (GCC, GCCH, DoD) · Power Automate US Government (GCC, GCCH, DoD) · Power BI (GCC, GCCH, DoD) · Planner (GCC, GCCH, DoD) · Outlook Mobile (GCC, GCCH, DoD) · Viva Insights (GCC) · Dynamics 365 US Government Be a Learn-it-All Public Sector Center of Expertise We bring together thought leadership and research relating to digital transformation and innovation in the public sector. We highlight the stories of public servants around the globe, while fostering a community of decision makers. Join us as we discover and share the learnings and achievements of public sector communities. [attachment=22681:name] Microsoft Teams for US Government Adoption Guide [attachment=22682:name] Message Center Posts and Updates for Microsoft Teams in GCC Looking for what’s on the map for Microsoft Teams and only Teams in GCC? Go right to the GCC Teams Feature Communications Guide Message Center Highlights SharePoint Online / OneDrive for Business MC422162 — SharePoint: Update to Create Sites From the SharePoint App Bar We are releasing an update to a Sharepoint feature that has already rolled out. With this change, sites created from the SharePoint app bar won't be automatically associated with a hub. When this will happen: Targeted Release: We will begin rolling out late August and expect to complete by early September. Standard Release: We will begin rolling out early September and expect to complete by late September. How this will affect your organization: New sites created from the SharePoint app bar will not be associated to a hub site. This will not impact any existing sites. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC419387 — Upcoming changes as we prepare for transition from Stream (classic) to Stream (on SharePoint) We want to make you aware of upcoming changes as we prepare for the transition from Stream (classic) to Stream (on SharePoint). 1. Provisioning of Stream classic by default to stop for new customers · For new customers with requisite Stream license, if a user accessed Stream (classic) for the first time via URL or tile in Microsoft 365 app launcher, it provisioned classic Stream for them. · Coming soon, this is going to stop. Stream (classic) will no longer be provisioned by default for such customers. 2. Stream tile in Microsoft365 app launcher to go to the new Stream app on Office.com · Stream (Classic) is transitioning to Stream (on SharePoint). Until Stream (Classic) fully retires, you can decide which Stream experience is most appropriate for your users when they click on the Stream tile from the Microsoft 365 application launcher via a new setting that was added to the SharePoint admin center in July 2022. [MC381948] · This setting is the “Stream App launcher tile” and currently has a default option of “Automatically switch to Stream (on SharePoint) when recommended” which will send users to Stream (Classic) when they click the Stream tile. · Coming soon, we will automatically change the “Stream app launcher tile” setting’s default option to send users to Stream (on SharePoint) instead. In addition, if your organization has never used Stream (Classic) in the past, we will no longer let you use that experience and instead you will use Stream (on SharePoint). When this will happen: · Standard: Rollout will begin mid-October and complete by mid-November. · GCC: Rollout will begin mid-October and complete by mid-November. How this will affect your organization: 1. If you are already using Stream (classic), there is no change for your organization. · If no user from your tenant has accessed Stream (classic) before 17th October, it will not be provisioned for your organization 2. If you’ve not already changed the “Stream app launcher tile” setting and have kept the default, then your users will be taken to the new Stream (on SharePoint) experience when this change is rolled out. What you need to do to prepare: 1. No action is needed with regards to provisioning of Stream classic. 2. If you do not want your users automatically directed to the new experience, you’ll need to take action to change the setting for your organization. To set the Stream tile destination in the Microsoft 365 app launcher: · Go to the Settings page of SharePoint admin center and sign in with an account that has admin permissions · Select Stream App launcher tile · Select Stream (Classic) if you want your users to remain navigating to Stream (Classic) from the Stream tile. · Select Save. It takes about 5 minutes for this change to take effect. Learn more: · Direct the Stream app tile launcher to Stream (on SharePoint) MC415902 — SharePoint: Configure Navigation Links to Open in a New Tab Microsoft 365 Roadmap ID 93318 With this update, users will be able to manage the experience for each navigation item to open in a new tab. When this will happen: Targeted Release: We will begin rolling out in early September and expect to complete rollout out by late September. Standard Release: We will begin rolling out in late September and expect to complete rollout by mid-October. How this will affect your organization: This new feature will allow you to configure how you would like your navigation links to open. You will have the option to be able to choose to open in the same tab or in a new tab for your site, hub, and global navigation items. The new Open in a new tab option gives you greater flexibility in how your users can interact with your sites and allows you to better control how they navigate. Note: The new open in new tab experience will not work on the footer control when initially available. This will become available at a later date. What you need to do to prepare: You do not need to do anything to prepare. Your navigation links will continue to open as they do normally today, until you make a change to their behavior using the new control. Learn More: · Customize the navigation on your SharePoint site MC412836 — (Updated) Classic Global term store retirement – update Updated August 23, 2022: We have updated the rollout timeline below. Thank you for your patience. In mid-November 2021 (MC289683), we announced the rollout of the modern experience of the global term store for Syntex & SharePoint admin center. Aligning with our modernization efforts, we will start retiring the classic experience of the term store and recommend all our users to use the modern term store When this will happen: Targeted release: This is expected to start in late October (previously early September) and continue till mid-November (previously mid-September). Production Release: This is expected to start in mid-November (previously mid-September) and continue till late December (previously early October). How this will affect your organization: You can learn more about where you can find all the features on the classic term store in the corresponding modern term store of the SharePoint admin center: Open the Term Store Management Tool. Since there are no changes to our backend, this update will only enhance the user interface of managing and curating terms on the term store. All the enterprise taxonomy created by your organization will continue to exist and will be visible from the modern term store. Admins will start to see a banner on the classic Term store page. The banner will display the date when the page will be retired and a link to documentation describing where to find all the features in the new admin center. Sample below: After the retirement date, the classic Term store page will be replaced with a redirect page to the new SharePoint admin center so that any bookmarks continue working. Sample below: What you need to do to prepare: You may want to update any internal documentation or user training and share this with users with relevant permission and who are familiar with managing terms in your organization if not already done. Ensure you also revisit any bookmarked links of the classic term store to update with the modern term store link. MC412380 — Configure the existing Stream tile in M365 app launcher to go to the new Stream app on Office.com Stream (Classic) is transitioning to Stream (on SharePoint). Until Stream (Classic) fully retires, you can decide which Stream experience is most appropriate for your users on Office.com. Do this by configuring the target destination of the existing Stream tile in the Microsoft 365 app launcher from the SharePoint Admin Center. When this will happen: The Stream app launcher tile setting is rolled out and available in SharePoint Admin Center How this will affect your organization: SharePoint tenant admins will have the ability to set the target destination of the existing Stream tile in the Microsoft 365 app launcher from the SharePoint Admin Center. You will be able to set the target destination to either Stream (Classic) or Stream (on SharePoint) depending on your organization's needs. Target destination options: · Automatically switch to the new Stream (on SharePoint) when recommended: This is the default option. At this time, this option directs the Stream tile to Stream (Classic). However, in the future as we update and add to Stream (on SharePoint) we plan to point the Stream tile to Stream (on SharePoint) instead. Before making the change, we'll give notice in the message center, giving you time to choose a different option if you want. · If you don't want Microsoft to change what happens when your users select the Stream tile, select one of these options: · Stream (on SharePoint): The Stream tile in the app launcher will always direct users to Stream (on SharePoint). · Stream (Classic): The Stream tile in the app launcher will direct users to Stream (Classic) until Classic is retired. What you need to do to prepare: To set the Stream tile destination in the Microsoft 365 app launcher: · Go to the Settings page of SharePoint admin center and sign in with an account that has admin permissions. · Select App launcher tile. · Select the option you want to set as the default destination for the Stream tile in the Microsoft 365 app launcher. · Select Save. It takes about 5 minutes for this change to take effect. Learn more: · Direct the Stream app tile launcher to Stream (on SharePoint) MC409422 — SharePoint: New Site Templates for Team Sites Microsoft 365 Roadmap ID 93423 We are introducing three new SharePoint team site templates dedicated to helping you create sites for your IT helpdesk, crisis communication team, and new employee onboarding team. These site templates will help you expand what’s possible with content, pages, and web parts while helping you quickly get started building your own site. Each template contains pre-populated content and web parts that are fully customizable to meet the needs of your organization. When this will happen: Targeted Release: rollout will begin in early August and is expected to be completed in late August. Standard Release: rollout will begin in early September and is expected be completed in late September. How this will affect your organization: Users will be able to benefit from the ability to browse, preview, and apply site templates to a new or existing SharePoint site. Users can select a site template that meets organizational business objectives and best fits the site goal while ensuring a higher level of consistency throughout their organization. They can then review pre-populated content and customize the site to address their needs. Note: This feature will be on by default with no admin control. New Team site templates will include: · Crisis communication team – Centralize crisis communication, resources, and best practices · IT help desk – Resolve technical requests, track devices, and share training materials · New employee onboarding team – Guide new employees through your team’s onboarding process To apply a template to an existing site: users can choose to browse site templates and can apply a template to an existing site at any time by accessing the template gallery from Site Settings and then select Apply a site template. To apply a template to a new site: If a site owner is visiting their new site for the first time, they may see a message asking if they want to use a template that will then take them to the template gallery. Choose desired template. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. Share this template guide with end-users: Learn how to apply and customize SharePoint site templates. MC408994 — (Updated) Private drafts for SharePoint pages and news Microsoft 365 Roadmap ID 85629 Updated August 4, 2022: We have updated the linked resources to provide additional information. We’re adding the ability to create private drafts for pages and news posts. A private draft is visible only to the page author, the people the author chooses to share it with, and site admins. It's great for creating and editing content that’s not ready for others to see except the people you want to collaborate with. When this will happen: This update will roll out to Targeted Release customers starting early August and to all customers by mid-September. How this will affect your organization: Authors of SharePoint pages and news will be able to create private drafts. When a private draft is created, only the creator and site admins can see the page (including from within the Pages library). The creator can then share the private draft with other people to allow them to access and edit the page. They will also have access to the assets associated with the page which are stored in the site’s assets library. Like all pages and news posts, only one person at a time can edit the draft. When the draft is published, its permissions are reset and everyone in your organization who has access to the site will be able to view it. What you need to do to prepare: You do not need to do anything to prepare for this update, but you may want to let your users know about these improvements. More information available here: Create a private SharePoint page or news post MC408694 — (Updated) New 'Activity' Column in OneDrive 'My Files' list view Microsoft 365 Roadmap ID 88913 Updated August 30, 2022: We have updated the rollout timeline below. Thank you for your patience. We are introducing a new Activity column in OneDrive My Files list view. The goal of this feature is to help users stay up-to-date on the files that they are working on with others by surfacing relevant activity information. We will show file activity related to actions, such as, user comments, edits, share, and @mentions. When this will happen: We will begin rolling out this feature in mid-September (previously late August) and expect to complete rollout by late September (previously mid-September). How this will affect your organization: There is no impact to your organization. This feature will be delivered as a user interface update in the form of an additional column in My Files list view with activity information related to files (e.g., file shared, user comment, @mentions). What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC403644 — (Updated) OneDrive: Sharing Experience - Share Menu Dropdown Microsoft 365 Roadmap ID 83727 Updated August 30, 2022: We have updated the rollout timeline below. Thank you for your patience. We’re updating the Share button in Microsoft OneDrive to provide easy access to additional sharing options. When you select Share in OneDrive for Business on Web, you'll see a contextual menu with all choices available to you for sharing files or folders with your teammates. When this will happen: Targeted release: We will begin rolling this out in mid-September (previously late August) and expect to complete rollout by late September (previously early September). Standard release: We will begin rolling this out in late September (previously early September) and expect to complete rollout by mid-October (previously mid-September). How this will affect your organization: Users who interact with the OneDrive/SharePoint share control will be able to see this new Menu. · Share link, Email link or Send link: Email the file link directly to a one or more recipients. o Note: users may see one of three different notations until finalized. · Copy link: Copy a link to share with recipients directly. · Manage Access: View and manage who has access to your files or documents. Note: Some users may see this feature before others in your organization. What you need to do to prepare: There is no action needed from you at this time. You may want to notify your users about this new capability and update your training and documentation as appropriate. MC402119 — (Updated) OneDrive/SharePoint: Review mode for Word documents Microsoft 365 Roadmap ID 93400 Updated August 10, 2022: We have updated the rollout timeline below. Thank you for your patience. What is Review mode? When you open a document that was shared with you for review, you are automatically placed in Review mode. In Review mode, you won’t have full edit control but instead are allowed to add suggestions to the document in the form of comments or tracked changes. Document owners or other collaborators who have full edit permissions will then need to approve the incorporation of any suggested changes to the document. What's new? We have changed the UI for Review Mode in the Share Dialog to include this mode as a permission called 'Can Review' inside of the sharing permission dropdown. From OneDrive, SharePoint or Word for the web, share a document for review by clicking the Share button, and then clicking the Share command in the menu. Once you have the share dialog open, select the people that you want to share with review permissions, and then choose the 'Can review' option from the permissions dropdown. You can find this option available as well from the Link settings page. When this will happen: Targeted release (entire org): Will begin rolling this out in mid-July and expect to complete rollout by late July. - Complete Standard release: Will begin rolling this out in late-July and expect to complete by late August (previously early August). How this will affect your organization: Users who wish to share Word documents on Web through OneDrive, SharePoint or directly from Word online will be able to see this change. What you need to do to prepare: You might want to notify your users about this new capability and update your training and documentation as appropriate. MC397430 — (Updated) Stream on SharePoint: Video Collections Page Microsoft 365 Roadmap ID 93352 Updated August 2, 2022: We have updated the rollout timeline below. Thank you for your patience. SharePoint video collections pages make it easy to gather and display all videos from a SharePoint site collection in one place. This feature is particularly helpful for schools, universities and other organizations that tend to share videos in Teams channels. When this will happen: We will begin rolling out by mid-July and expect to complete by mid-August (previously late July). How this affects your org: With this feature you will be able to create a tab in your Teams channel that links directly to a specific collection of videos. Note: You may see an empty state video collections page in the case your document library is empty. Whenever user creates a new site, an auto generated static layouts page for video collections gets created. This is a collection of all videos from the site's document library shown in Highlighted content webpart. In order to access this static page, please append /_Layouts/15/Video_Collections.aspx to the site url. Once this page is edited and published, it will start appearing in the site pages as well. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC394844 — (Updated) Stream on SharePoint: Inline playback of videos in Hero web part Microsoft 365 Roadmap ID 93351 Updated August 23, 2022: We have updated the rollout timeline below. Thank you for your patience. When users click to play a video in the Hero web part section of a SharePoint site, the video will play inline. This feature allows users to watch a video without being taken off the SharePoint page and allows users to browse or scroll through the other contents of the page while the video plays. When this will happen: We will begin rolling out by mid-July and expect to complete by early September 2022 (previously mid-August 2022). Note: Some users may see this feature before other users within your organization. How this affects your organization: Video consumers on Hero webpart will now be able to consume video on the same site page where they encountered the video. That allows them to browse through other site content while watching/listening to the video, thus saving their browsing time. What you can do to prepare: You may consider updating your training and documentation as appropriate. MC357317 — (Updated) OneDrive iOS: New information architecture Microsoft 365 Roadmap ID 85571 Updated August 22, 2022: We have updated the rollout timeline below. Thank you for your patience. This feature has started rolling out and we ask you to pardon that we did not provide adequate advance notice as is our customer commitment to you. This release adds a new bottom sheet menu to OneDrive for iOS to make options like share, annotations, delete, and bookmark easier to find. When this will happen: Standard (select users and entire org): We began rolling this out in early March and expect to complete rollout in late August (previously early August). How this will affect your organization: To use the new bottom sheet menu: 1. Open any file of your choice in OneDrive for iOS. 2. Tap the horizontal bar or drag the bottom menu upwards to expand the new menu. The menu will show relevant actions for the specific type of file you've opened. To help you navigate, we've compiled a list of available actions: What you need to do to prepare: You might want to notify your users about this new capability and update your training and documentation as appropriate. Microsoft Teams MC423128 — Dynamic caller ID in Voice-enabled channels for government clouds: GCCH, DOD Last year we enabled the capability where agents can use Dynamic Caller ID to call on behalf of a Call Queue or Auto Attendant from within Voice Enabled Channels. We are now bringing this capability to government clouds including GCCH and DOD. We apologize for not meeting our commitment of providing notification prior to implementation and for any inconvenience. When this will happen: This has begun rolling out and will be complete by end of September. How this affects your organization: You can assign outbound caller ID numbers for the agents by specifying one or more resource accounts with a phone number. Agents can select which outbound caller ID number to use with each outbound call they make. What you can do to prepare: Review the Additional Information and consider updating your training and documentation as appropriate. MC420060 — Microsoft Teams: Leave a Meeting From All of Your Devices Microsoft 365 Roadmap ID 97397 We will be rolling out a new feature in Microsoft Teams that will allow multi-device users to leave all of their devices at once when leaving a meeting. When this will happen: Rollout began out in early August and is expected to be completed by early September. How this will affect your organization: When a Teams user attempts to leave a meeting or call from multiple personal devices, there have been challenges to fully disconnect from the meeting or call on all devices. With this new feature, there will now be an option displayed to multi-device users in a call that will prompt the user to leave the meeting or call from all devices when selected. This feature will be enabled for desktop, iOS, and Android clients. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC420059 — Custom Download Location for Files in Teams Microsoft 365 Roadmap ID 94719 Currently all file downloads from Microsoft Teams go to the Downloads folder. We are releasing a new feature that enables users to be able to choose their preferred download location for downloading files from Teams or specify a download location for each download. When this will happen: We will begin rollout in early September and expect rollout to be completed by late October. How this will affect your organization: To enable this feature, there is a new setting introduced under Files settings, which allows users to change the default download location to their preferred download location. Additionally, there is a toggle, which if enabled, will prompt the user to select the location for each download. Note: These settings will only apply to the files downloaded after the setting is enabled and will not impact any files downloaded in the past. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC420049 — Live Translated Captions in Meetings and Calls Microsoft 365 Roadmap ID 94843 Users will now be able to choose the Live Captions in the language they prefer, with the help of Microsoft Cognitive Service Speech Translation Capabilities. This will help users fully participate in meetings where the spoken language may not be their most comfortable language to use. When this will happen: We will begin rolling out to worldwide and GCC at mid-September and expect to be completed by early-October. GCC-H and DoD will be started to roll out at mid-October and expect to be completed by early-November. How this will affect your organization: Today, users can select just the spoken language, and the Live Captions will be in the same language as they selected. Please find the documentation here. When this feature is released, users who turn on Live Captions will be able to see the menu options for Live Translated Captions in the “Subtitles” menu. By selecting any translation language, users will see the Translated Captions in the language they selected. The spoken language is selected for everyone in the meeting, while the translation language for the Live translated Captions is selected only for the individual user. List of supported spoken languages: English (US), English (Canada), English (India), English (UK), English (Australia), English (New Zealand), Arabic (Arab Emirates), Arabic (Saudi Arabia), Chinese (Simplified China), Chinese (Traditional, Hong Kong SAR), Chinese (Traditional, Taiwan), Czech (Czechia), Danish (Denmark), Dutch (Belgium), Dutch (Netherlands), French (Canada), French (France), Finnish (Finland), German (Germany), Greek (Greece), Hebrew (Israel), Hindi (India), Hungarian (Hungary), Italian (Italy), Japanese (Japan), Korean (Korea), Norwegian (Norway), Polish (Poland), Portuguese (Brazil), Portuguese (Portugal), Romanian (Romania), Russian (Russia), Slovak (Slovakia), Spanish (Mexico), Spanish (Spain), Swedish (Sweden), Thai (Thailand), Turkish (Turkey), Ukrainian (Ukraine), Vietnamese (Vietnam) List of supported translation languages: Arabic, Chinese Simplified, Chinese Traditional, Czech, Danish, Dutch, English, Finnish, French, French (Canada), German, Greek, Hebrew, Hindi, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Slovak, Spanish, Swedish, Thai, Turkish, Ukrainian, Vietnamese Please note that some of the languages above will be in preview state when launching. What you need to do to prepare: Live Translated Captions and Live Captions are gated behind the same set of policies, to turn it on or off, here is the documentation for Meetings, and here is the documentation for Calls. You may consider notifying your users about this change and updating your training and documentation as appropriate. MC414474 — Microsoft Teams Meeting Auto-Transcription Microsoft 365 Roadmap ID 97842 In Microsoft Teams, we will be releasing a feature that allows meeting organizers to transcribe meetings automatically if the meeting has been set to be recorded. This will make the recording playback experience accessible. When this will happen: GA: We will begin rollout in late August and expect rollout to be completed by mid-September. Government Clouds: We will begin rollout in mid-September and expect rollout to be completed by mid-October. How this will affect your organization: Live transcription can make your meetings (and calls) more productive and inclusive for participants who are deaf or hard-of-hearing or have different levels of language proficiency. When the meeting organizer sets the Record automatically meeting option to On for a meeting, Transcription will now also be turned on with Recording when the meeting begins, if Transcription is allowed by admins. What you need to do to prepare: If transcription is on in your tenant, this feature will be automatically enabled, to review and change the transcription policy, please follow admin documentation for meetings. Notify your users about this change and update your training and documentation as appropriate. MC411679 — My Activity retirement in Teams mobile Activity We will be retiring the support for 'My activity' in Teams mobile Activity App. This will be retired from other clients in the future. Activity will now support only activities directed to you (the option to view activities initiated by you will be retired). When this will happen: We will begin rolling this out early September and expect to complete by mid-September. How this affects your organization: Once this change is implemented Teams mobile users will no longer see the "My activity" dropdown. Note: there is no additional impact and all activities across the app can be accessed from the respective apps (like chat app for chat send, calls made from calls app etc.) What you need to do to prepare: You may consider updating your training and documentation as appropriate. MC408687 — Pre-assign Channel members to Breakout Rooms Microsoft 365 Roadmap ID 96350 This Breakout Rooms for Channel Meetings feature enables meeting organizers to efficiently pre-assign channel members to Breakout Rooms (both auto and manual) ahead of a channel meeting start. Please note, that Meetings with Breakout Rooms are limited to 300 participants. If the channel contains more than 300 members, pre-assignment will not be available. Meeting organizers will have the ability to assign participants to Breakout Rooms during the meeting. When this will happen: Preview: We will begin rolling out early August and expect to complete by mid August Standard Release: We will begin rolling out mid-August and expect to complete by late August. How this will affect your organization: Meeting organizers are now able to pre-assign channel members to Breakout Rooms of Channels Meetings by accessing the Breakout rooms tab in the Channel Meeting's meeting details. What you need to do to prepare: There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate MC408433 — (Updated) Live Transcript for Teams Meetings Microsoft 365 Roadmap ID 82230 Updated August 4, 2022: We have updated the content below for clarity. Thank you for your patience. Microsoft Teams now has a new Live transcription feature that will allow a real-time transcript during meetings (and calls), as well as post-meetings (and calls). This will help users in real-time recall what has been spoken during the meeting (and calls) as well as review after the meeting (and calls). When this will happen: We will begin rolling out in late August and expect rollout to be completed by early September. How this will affect your organization: Live transcription can make your meetings (and calls) more productive and inclusive for participants who are deaf or hard-of-hearing or have different levels of language proficiency. What you need to do to prepare: You may want to review this feature and decide if you want to turn it on and follow the admin documentation for meetings and admin documentation for calls to modify it as needed. Notify your users about this change and update your training and documentation as appropriate. MC399073 — (Updated) Microsoft Teams: Automatically end stale Teams meetings Microsoft 365 Roadmap ID 96710 Updated August 25, 2022: We have updated the rollout timeline below. Thank you for your patience. Microsoft Teams is enabled with a new feature that will allow meetings to automatically end if they're identified as stale. If a user is the sole participant in a meeting 10 minutes after the scheduled meeting end time has passed, then a dialog will appear in the call prompting them to end the call or dismiss the notification. If no action is taken on the dialog within 3 minutes, the meeting will automatically end. If there is more than 1 user on the call and/or the scheduled meeting end time has not passed yet, then the feature will not trigger. If the user dismisses the notification, they will not see it again for the same meeting, and it will not be at risk to automatically end anymore. When this will happen: We will begin rolling out to Production in early December (previously mid-September 2022) and expect to complete by mid-December (previously late October). We will begin rolling out to GCC, GCC-H, and DoD in mid-January (previously late October) and expect to complete by mid-March (previously late November). How this will affect your organization: Users may see this feature in meetings and be removed from meetings that automatically end. MC397435 — (Updated) Microsoft Teams: Start a Teams Chat with Distribution Groups, Mail-Enabled Security Groups, and O365 Groups Microsoft 365 Roadmap ID 62354 Updated August 25, 2022: We have updated the rollout timeline below. Thank you for your patience. You will now be able to start a Teams Chat with Distribution Groups, Mail-enabled Security Groups, and O365 Groups. This feature will respect the limits on members in a group chat, currently set to 250 members. Organizations rely on Distribution Lists (DLs) as a tool to create groups of users that mirror organizational knowledge and workflows. Bringing this awareness to target audiences for specific content will enhance the core Teams experience. Allowing our customers to leverage DLs can increase workflow efficiency and bridge the gap between legacy knowledge of organization structure and a new Teams structure. When this will happen: We will begin rollout in late September (previously mid-August) and expect to complete rollout by late October (previously late August). How this will affect your organization: With this update, users will now be able to select Distribution Lists as an audience to begin a chat within Teams. What you need to do to prepare: There is nothing you need to do to prepare for this change. You may want to notify your users about this change and update your training and documentation as appropriate. MC394785 — (Updated) Speaker Coach in Microsoft Teams Meetings Microsoft 365 Roadmap ID 88253 Updated August 12, 2022: We have updated the rollout timeline below. Thank you for your patience. Speaker Coach provides private, personalized feedback on your speaking and presentation skills in both real-time as well as post-meeting in a summary. When this will happen: We will begin rolling out in mid-August (previously early July) and expect to complete rollout by mid-September (previously late August). How this will affect your organization: This setting is enabled by default. To turn it off, set AllowMeetingCoach to False. Tenant admins can manage the feature through the policy for speaker coach. What you need to do to prepare: You may want to notify your users about this new capability and update your training and documentation as appropriate. Learn More: · PowerPoint’s Presenter Coach Expands to Microsoft Teams and Takes on the New Name Speaker Coach · Meeting policy settings - Speaker Coach MC387640 — (Updated) Dynamic Caller ID in Calls app for Call Queue Agents Microsoft 365 Roadmap ID 86992 Updated August 2, 2022: We have updated the rollout timeline below. Thank you for your patience. Call queue agents can now place calls from the Calls app using a call queue phone number, defined in resource account, as their caller ID. This ensures the call is properly identified by the recipient and that the call back number is the call queue number rather than the agent's personal line. When this will happen: We will begin rolling out in early June and complete rollout by late August (previously mid-July). How this will affect your organization: You can assign outbound caller ID numbers for agents by specifying one or more resource accounts with a phone number. Agents can select which outbound caller ID number to use with each outbound call they make. What you need to do to prepare: The resource account used for calling ID purposes must have a Microsoft Teams Phone System Virtual User license and one of the following assigned: · A Calling Plan license and a phone number assigned · An Operator Connect phone number assigned · An online voice routing policy (phone number assignment is optional when using Direct Routing) Learn More: · Create a Call Queue MC383876 — (Updated) Collaborative Annotations on Presenter Shared Screen Microsoft 365 Roadmap ID 86732 Updated August 5, 2022: We have updated the rollout timeline below. Thank you for your patience. Collaborative Annotation helps you collaborate with others while screen sharing in Teams meetings. For example, if you want to ask for feedback on a design or if you’re working with a group on a project, Collaborative Annotation helps you get work done faster and with more voices included. When this will happen: · Standard: begin rollout in mid-June and expect to complete rollout by late June. - Complete · GCC: begin rollout in early August (previously late July) and expect to complete rollout in late August (previously early August). · GCC-High: begin rollout in late September (previously late August) and expect to complete rollout by early October (previously early September). · DoD: begin rollout in late October (previously late September) and expect to complete rollout in early November (previously early October). How this will affect your organization: During screenshare, meeting attendees with Presenter roles will see the Annotation button in meeting controls at the top-center of their screen. To turn on Collaborative Annotation while you're sharing your screen in a meeting, select the pen icon to Start annotation in meeting controls at the top-center of your screen, as shown below: Note: You must be a Presenter role in a meeting to turn on Collaborative Annotation. The red outline around the screenshare will turn blue, indicating Collaborative Annotation mode is on. All participants will see the Microsoft Whiteboard toolset at the top of the shared screen, as shown below. Everyone in the meeting can begin annotating right away in real-time. Collaborative Cursors show the name of every attendee as they annotate and are turned on by default. Collaborative Cursors can be turned off by anyone attending the meeting from the Settings menu in the Collaborative Annotation toolbar. To control who can annotate, the main Presenter can select Only I can annotate and unselect Everyone can annotate from the Settings menu in the Collaborative Annotation toolbar, as shown below: To begin annotating, select one of the tools in the Whiteboard toolset, such as text, Sticky notes, Reaction tags, or digital ink, and begin typing or drawing on the screen. To end the annotation session for everyone, select Stop annotation in meeting controls at the top-center area of your screen. Collaborative Annotation is only available for full-screen sharing, not individual window sharing at this time. Web and mobile users cannot start Collaborative Annotation while sharing content. However, if a desktop user shares the screen and starts Collaborative Annotation mode, web and mobile users are able to participate in annotating as well. Exporting annotations is not supported at this time, but you can take screenshots during the meeting to save annotated content for later if necessary. Meeting rooms using Android-based devices are not supported. What you need to do to prepare: This feature is enabled by default so there is no action needed. Note: Annotation is powered by Microsoft Whiteboard. If Microsoft Whiteboard is disabled, it will also disable Annotations. Learn More: · Enable Microsoft Whiteboard for your Organization MC379024 — Suggested Replies in Teams Desktop Microsoft 365 Roadmap ID 92674 Updated August 5, 2022: We have updated the rollout timeline below. Thank you for your patience. Suggested Replies present users with an option of three responses to choose from for selected messages and is now available to your users in Teams Desktop. We apologize for not informing you about this change prior to it being released. We continue to work to ensure we are being proactive in our communications. Thank you for your patience. When this will happen: · Standard: Complete · GCC: mid-May through early June - Complete · GCC-High: late July (previously early June) through late August (previously late June) · DoD: late July (previously early July) through early September (previously late August) How this will affect your organization: Once available, users will be able to quickly reply to a given message by tapping on a suggested reply. What you need to do to prepare: This feature ships default on; review Manage messaging policies in Teams. If you wish to disable this feature in your tenant, please disable the Suggested Replies setting that is found in Messaging Policies. Users also have a setting within the app so they can disable the feature. MC375739 — (Updated) Attendance Dashboard for GCC-High and DOD Microsoft 365 Roadmap ID 94856 Updated August 18, 2022: We have updated the rollout timeline below. Thank you for your patience. This reporting dashboard will appear as a tab in the meeting detail providing: · Attendance information for Teams regular meetings in meeting chat tab "attendance" When this will happen: · GCCH: This will be rolled out in late August (previously early August). · DoD: This will be rolled out in early September (previously late July). How this will affect your organization: Once available, this will allow meeting organizers to view the attendance information in the dashboard without having to download the reports. Note: This feature will be rolling out with the default ON. IT admins can disable the attendance dashboard and turn off the AllowEngagementReport policy in the Teams Admin Center. Go to Meetings > Meeting policies, and set the policy to Disabled. In PowerShell: CODEFONTSet-CsTeamsMeetingPolicy -Identity YOUR_USER_GROUP -AllowEngagementReport "Disabled". What you need to do to prepare: Determine if you would like to enable the Teams attendance report and you may consider updating your training and documentation as appropriate. Learn More: View and Download Meeting Reports in Teams MC320460 — (Updated) Connected Templates with Microsoft Teams and SharePoint Microsoft 365 Roadmap ID 84724 Updated August 17, 2022: We have updated the rollout timeline below. Thank you for your patience. We determined that this notification did not go to the entire intended audience. We apologize for any inconvenience this delayed notification may have caused. We are announcing the upcoming release of Connected Templates with Microsoft Teams and SharePoint. The connected templates will offer a new way of combining Microsoft Teams templates with SharePoint templates. Prior to this integration, clients needed to deploy Microsoft Teams or SharePoint-specific templates. · Microsoft Team Templates allow administrators to easily deploy consistent teams across their organization using predefined or customized team templates across their organization. · SharePoint templates offer a straightforward way for admins to build sites with pre-populated pages, page templates, news post templates, and web parts that can be customized to fit the needs of their organization. Through this integration, Teams administrators can create templates that include SharePoint components, bringing together the capabilities of the Teams and SharePoint templates. When this will happen: We will begin rolling this out in mid-January and expect to complete rollout mid-October (previously mid-August). How this will affect your organization: Today, when you create a team through "create a team from templates' you get an automatically created SharePoint site that supports that template. We are adding SharePoint assets to the team you have just created with this new integration. In essence, all SharePoint applications that are associated with the new template will be automatically added, pinned, and displayed in this new team template. · When you create a new team using a default template - for example, the “Manage a Project” template, the project management channels and apps, and the connected SharePoint template will get applied automatically. Now, the pages, lists, and Power Platform integrations from SharePoint will be automatically pinned as tabs in Teams and you can edit these pages and lists directly in Teams. What you need to do to prepare: You might want to notify your users about this change and update your training and documentation as appropriate. MC320163 — (Updated) Updating default tenant-level tag management settings Microsoft 365 Roadmap ID 88318 Updated August 26, 2022: Based on learnings from our early rings, we have made the decision to make additional changes before we proceed with the rollout. We will deliver a new Message center post once we re-start the rollout. Thank you for your patience. We’re updating the default tag management settings based on customer feedback. The new defaults eliminate the need for team members to ask owners to create or edit tags on their behalf. Key points: · Timing: We will communicate via Message center when we are ready to proceed. · Roll-out: tenant level · Control type: Team owner and team member control · Action: review and assess for appropriate experience How this will affect your organization: The Teams admin center default for who can manage tags will be updated from "Team owners" to "Team owners and members." Tenant admins still can override the default and limit Tag Create/Edit to Team Owners only. If you have already made any changes to any option in the Tagging settings in the Teams admin center, your settings will not be updated, and this change will not affect your tenant. This tenant-level setting will be inherited by existing Teams, unless the Tags Settings in Manage Team has been updated. For example, if the “Tags are managed” by setting at the team level value has been changed, this change will not affect that team. These changes simplify the Tags permissions model and makes it consistent with other Teams concepts like Channels. For new teams created after this change is implemented, all team members will be able to create and manage tags by default, similar to the defaults for create and edit channels. The team owner will still have the option to override this management setting if "Let team owners override who can manage tags" is set to "On" in your Tagging settings in the Teams admin center. What you need to do to prepare: No specific action is required but you will want to review your settings and update your documentation as necessary. MC318662 — (Updated) Communication Access Real-Time Translation Captions in Microsoft Teams for GCC-H and DoD Microsoft 365 Roadmap ID 83614 Updated August 23, 2022: We have updated the rollout timeline below. Thank you for your patience. This coming new feature will enable users to view real-time captions coming from a Communication Access Real-Time Translation (CART) provider within the Microsoft Teams meeting window. Meeting organizers and participants will be able to ask their CART captioning providers to stream captions to Microsoft Teams. When this will happen: GCC-High: will begin rolling out in early June (previously mid-May) and expect to complete rollout mid-June (previously late May). - Complete DoD: will begin rolling out in late July (previously mid-July) and expect to complete rollout late September (previously mid-August). How this will affect your organization: Tenant admins should ensure the policy for CART captions is enabled in order for their users to be able to schedule meetings with CART captions. What you need to do to prepare: You might want to notify your users about this new capability and update your training and documentation as appropriate. MC318662 — (Updated) Communication Access Real-Time Translation Captions in Microsoft Teams for GCC-H and DoD Microsoft 365 Roadmap ID 83614 Updated August 23, 2022: We have updated the rollout timeline below. Thank you for your patience. This coming new feature will enable users to view real-time captions coming from a Communication Access Real-Time Translation (CART) provider within the Microsoft Teams meeting window. Meeting organizers and participants will be able to ask their CART captioning providers to stream captions to Microsoft Teams. When this will happen: GCC-High: will begin rolling out in early June (previously mid-May) and expect to complete rollout mid-June (previously late May). - Complete DoD: will begin rolling out in late July (previously mid-July) and expect to complete rollout late September (previously mid-August). How this will affect your organization: Tenant admins should ensure the policy for CART captions is enabled in order for their users to be able to schedule meetings with CART captions. What you need to do to prepare: You might want to notify your users about this new capability and update your training and documentation as appropriate. MC279469 — (Updated) 1:1 VOIP and PSTN call recording and transcription in Calls App V2 Microsoft 365 Roadmap ID 83497 Updated August 16, 2022: We have updated the rollout timeline below. Thank you for your patience. Microsoft Teams will now release ability to record and transcribe 1:1 VOIP and PSTN calls and show the recording and transcription in Call history in the calls details panel. This is a critical feature specifically for our Public Switched Telephone Network (PSTN) customers. In absence of chat, PSTN callees do not have a way to view call recordings and transcriptions. When this will happen: · We expect to begin this roll out to Standard and GCC tenants in mid-December (previously late September) and expect the rollout to be completed by late February (previously late January). - Complete · We expect to begin this roll out to GCC-High and DoD tenants in mid-March (previously mid-February) and expect the rollout to be completed by late September (previously early August). How this will affect your organization: · Call Transcription for 1:1 PSTN and VOIP calls will show in call history in call details panel. · Call Recording for 1:1 PSTN and VOIP calls will show in call history in call details panel. · Users can delete recording from chat and the recording will not show in call history in call details panel. · If there are multiple recordings in a call, they will show in a list form in call history in call details panel. What you need to do to prepare: Teams admins will need to make sure that AllowCloudRecordingForCalls and AllowTranscriptionForCalling is turned on to enable recording and transcription of 1:1 VOIP and PSTN calls. Exchange Online and Outlook MC424190 — Basic Authentication Deprecation in Exchange Online – September 2022 Update Message Summary One month from today, we’re going to start to turn off basic authentication for specific protocols in Exchange Online. Timeline and Scope As we communicated last year in blog posts and earlier this year in MC375736, we will start to turn off basic authentication in our worldwide multi-tenant service on October 1, 2022. We will randomly select tenants, send 7-day warning Message Center posts, post Service Health Dashboard notices, and turn off basic auth in the tenant. We’re turning off basic auth for the following protocols: MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS) and Remote PowerShell. We are not changing any settings or turning off SMTP AUTH. What If You Are Not Ready for This Change? We recognize many tenants may still be unprepared for this change. Today we announced an update to our plan to offer customers who are unaware or otherwise not ready for this change. You can read this announcement here. Addendum to Public Message for Specific Government Community Cloud Customers This specific Message Center post is being sent only to customers in our GCC environment. Customers with tenants in the GCC cloud are unable to use the self-service diagnostic referred to in the blog for either opt out or re-enablement. To avoid any protocol being disabled during October, please complete the form here, making sure your tenant ID is correct and the protocols you need to continue to use basic auth for are all selected. When complete please submit the form, and we will ensure those protocols are not disabled until soon after Dec 31st 2022. If you miss a protocol and need it re-enabled after October 1st, you will need to open a service request, you won’t be able to do it online or by filling out the form again. Change can be hard and it takes more time in large and complex environments, but the risks of attack are usually higher too, so we urge you to remove any dependency on basic auth from your tenant as soon as possible. There will be no further extensions or exceptions. Basic auth for any enabled protocols will be disabled during the first few days of January 2023. What should I do to prepare for this change? Any client (user app, script, integration, etc.) using basic auth for an affected protocols will be unable to connect. The app will receive an HTTP 401 error: bad username or password. Any app using modern auth for these protocols will be unaffected. If you are unsure if you have clients or apps that will be affected by this change, you can check the Azure AD Sign-In logs, or just check Message Center for any messages titled, ‘Basic Authentication – Monthly Usage Report’. We will send the usage report for August in the next few days. If you cannot see any of these messages, we have not detected basic authentication on the affected protocols in your tenant. To read more on what can be done to switch apps from basic to modern auth please view our main documentation page and our latest blog. Additional Information MC422158 — Feature Update: Service health admin notifications in Outlook We’re improving Service health admin notifications in the Microsoft Outlook client experience. This feature is available to Global administrators and Office Apps administrators, who are signed into the Outlook desktop client (for Windows). We’ve heard your feedback and have implemented some improvements, including: · Notifications are now separated by “Latest notification” and “Previous notifications”, to more easily distinguish new information. · New icons have been added to easily identify active versus resolved issues. · Admins now can provide feedback on specific notifications, versus a generic bucket. · Ability to fully manage (enable or disable) admin notifications within the notification pane. When this will happen: These enhancements will begin rolling out at the beginning of September 2022 and be made available to all customers by the end of the same month. Admin notifications are accessible to Global administrators and Office Apps administrators who have the feature enabled in the Outlook desktop client experience. How this will affect your organization: Global admins and Office Apps admin who already have admin notifications enabled in Outlook desktop client, will observe the above enhancements once the roll-out is complete. What you need to do to prepare: If you are a Global administrator or an Office Apps administrator and would like to receive Service health notification in the Outlook desktop client, use the following steps to ensure the feature is enabled: · Before deployment: Navigate to File -> Options -> Advanced, and enable admin notifications. · After deployment: Navigate to Help -> Admin notifications, and toggle “Show Admin Notifications”. MC422154 — Microsoft Purview Data Lifecycle Management: Migration of 'Archive’ page to new Exchange Admin Center To simplify the customer experience for managing Exchange account settings and avoiding duplication, we are removing the ‘Archive’ tab of the Data Lifecycle Management solution in the Microsoft Purview compliance portal. You will continue to be able to perform this operation from the Exchange Admin Center. When this will happen: The ‘Archive’ page will be retired and no longer be available on Microsoft Purview compliance portal from October 2022. How this will affect your organization: Currently, enabling or disabling mailbox archives is an available setting in both the Exchange Admin Center and the Microsoft Purview compliance portal. Once this migration is complete, your organization will no longer be able to access this setting through Data Lifecycle Management. However, the ability to enable and disable archive for each mailbox is already supported in the new Exchange Admin Center under the “Others” tab when managing a mailbox: What you need to do to prepare: No action is needed to enable this change. Learn about archive mailboxes. MC419386 — Retirement of Trello & Yelp add-ins for Outlook The following Outlook add-ins are being retired: · Trello - allows the user to create, edit, and comment on Trello boards without leaving the inbox. · Yelp - allows the user to find and share great business around quickly through mail. Note: If your users do not utilize either of these add-ins, you can safely disregard this message. When this will happen: December 15, 2022 How this will affect your organization: If users are utilizing the Trello or Yelp add-ins, they will no longer be available in the store or function, after this change. For users of the Trello add-in, this will not impact data in Trello only the integration with Outlook. What you can do to prepare: Communicate this change with users as appropriate. MC415186 — Microsoft Defender for Office 365: Enforce Authentication to Pass on AntiSpam Allowed Domains We are strengthening Spoofing protection within Exchange online protection and Microsoft Defender for Office 365 Anti-Spam security policy. It will provide a way to secure your organization against spoofing attacks that may otherwise occur by allowing certain domains and senders. Applies to: · Exchange Online Protection · Microsoft Defender for Office 365 plan 1 and plan 2 · Microsoft 365 Defender Microsoft 365 Roadmap ID 93436 When this will happen: Standard: Rollout will begin in late September and will be completed by late November. GCC/GCC-H/DoD: Rollout will begin in late November and be completed by late December. How this will affect your organization: Security Admins and SecOps teams today can specify allowed domains and allowed senders within the Anti-Spam policy. We recommend never adding your own accepted domains or commonly trusted domains to the allowed domains list. Moving forward, when you specify internal tenant owned/accepted domains and senders to this list, DMARC authentication check will be enforced on these domains or senders and they will be allowed by the system only if authentication passes on these domains/senders. Otherwise, despite being specified, allowing messaging from these domains will not be honored. In this way, our system will work to protect your organization against Spoofing attacks. In case you want to allow legitimate 'Spoofing' from these domains and senders, you will be able to continue adding them to Tenant allow block list - Spoofing (as you can do so today). Note: This will impact any messages that are received from outside your organization, where the sender's domain is part of your organization accepted domain list and fails authentication. What you need to do to prepare: To prepare for this change it is recommended that you review the spoof intelligence report and ensure that any intra-org messages where the sender/sending domain is part of your accepted domain pass authentication as expected. Note you do not need to update items where authentication fails and that failure is expected. Review your existing Anti-Spam policies within threat policies and consider updating the list of Allowed domains / Allowed senders to allow whom you trust. We recommend updating your necessary training documents accordingly. Learn More: · Configure your anti-spam filter policies · Create allowed spoofed sender entries using Tenant allow block list - Spoofing · Spoof intelligence insight · Spoof detections report MC411680 — Outlook Mobile Now Supports Multiple S/MIME Certificates Outlook mobile (iOS and Android) will allow users to manually select their S/MIME signing /encryption certificates if there is more than one valid certificate available, and set them as active for signing and encryption. When this will happen: GA: Rollout will begin in late July and is expected to be completed by end of August. Government Clouds: Rollout will begin in late August and is expected to be completed by mid-September. How this will affect your organization: If your company does not support S/MIME or does not need multiple S/MIME certificates, this will have no impact on you. If your company wants to use this feature, you will need to go on Intune and disable your SMTP address check for SMIME. Users will then be able to view multiple SMIME certificates and select them for signing and encryption. What you need to do to prepare: There is no action needed from you at this time if you do not need to use this feature. If this feature is needed, you can follow additional instructions in this link for setup. MC411675 — Microsoft Defender for Office 365: Updates to the common attachment filter in the anti-malware policy Microsoft 365 Roadmap ID 93431 In anti-malware policies, you can select specific file types to identify as malware using the common attachment filter. Any email message with attachments of these specific file types will be handled per the policy settings. You can configure this specific list of file types by selecting them from the pre-defined list in the policy properties in the Microsoft 365 Defender portal or by manually adding your own (custom) file types using the power shell Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell. Based on internal research and best practices guidelines from industry and other organizations, we are updating the list of file types that are available for selection. Currently, there are 95+ file types in the list, of which 13 are pre-selected by default in the common attachment filter settings. We are expanding this list to cover over 200 file types, of which over 50 are selected by default. After rollout, this new expanded list along with the default selection will automatically apply to: 1. Any new anti-malware policies that you create 2. The default anti-malware policy: The current list of the selection will be retained and appended with the new file types being added as part of default selection. As a result, the list of file selections in the default policy will be expanded while retaining all of the existing selection. There will be no changes to any of the other settings (like zap, admin notification configuration etc). The only change which will happen to the default policy is the expansion of the selection. The file selections in your existing anti-malware policies (enabled or not) will be retained and will not be updated automatically. You will need to manually update your existing policies with the recommended list of default file types (see below). In anti-malware policies, the common attachment filter allows you to select specific file types to block. Any email messages with these types of file attachment will be handled as per the policy settings. In addition to turning on the common attachment filter, you can customize the list of file types, but only by using the Set-MalwareFilterPolicy cmdlet in Exchange Online PowerShell. We’re enhancing the anti-malware policy experience of anti-malware policy by adding the ability to view/add/remove custom file types in the anti-malware policy settings in the Microsoft 365 Defender portal. When this will happen: Starting early September and completion of deployment by early October. How this will affect your organization: Once these changes are rolled out, the list of default file type selections to the newly created policies and the default policy will differ from your existing policies. As the selection in the default policy will be expanded, there could be some messages which could be quarantined due to new file type addition. You will need to review the existing policies and update the list with recommended file types (see below). What you need to do to prepare: Once these changes are rolled out, you can view/add/delete file types (extensions) for the common attachment filter in the anti-malware policy settings in the Microsoft 365 Defender portal. · Configure anti-malware policy · Configure custom file types using power shell command Review existing anti-malware policies and add the recommended file types to the block list. Since the default policy will now cover more file types, it’s likely that the expanded list of files in the default policy will block messages. If you do not want the new list of file types to be active, create a custom anti-malware policy (soon, before this feature deployment) with the file types that meet your needs. Review the following resources below to learn more: · Anti-malware policy · Anti-malware policy protection FAQ · Current list of file types in pre-populated list · Current list of default file type selection The list of file types: 7z, 7zip, a, accdb, accde,ace, action, ade, adp, apk, app, appx, appxbundle, arj, asf, asp, aspx, ani, avi, bat, bin, bundle, bz, bz2, bzip2, cab, caction, cer, chm, cmd, com, command, cpl, crt, csh, css, deb, der, dex, dgz, dll, dmg, doc, docm, docx, dot, dotm, dtox, dylib, elf, exe, font, gz, gzip, hlp, hta, htm, html, img, imp, inf, ins, ipa, iso, isp, its, jar, jnlp, js, jse, kext, ksh, lha, lib, library, lnk, lqy, lzh, macho, mad, maf, mag, mam, maq, mar, mas, mat, mav, maw, mda, mdb, mde, mdt, mdw, mdz, mht, mhtml, msc, mscompress, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msi, msix, msixbundle, msp, mst, o, obj, odp, ods, odt, one, onenote, ops, package, pages, pbix, pdb, pdf, php, pif, pkg, plugin, ppa, ppam, pps, ppsm, ppsx, ppt, pptm, pptx, prf, prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, pub, py, rar, reg, rev, rpm, rtf, scf, scpt, scr, sct, service, sh, shx, shb, shtm, so, sys, tar, tarz, terminal, tgz, tool, uif, url, vb, vbe, vbs, vhd, vsd, vsdm, vsdx, vsmacros, vss, vssx, vst, vstm, vstx, vsw, vxd, workflow, ws, wsc, wsf, wsh, xhtml, xla, xlam, xll, xls, xlsb, xlsm, xlsx, xlt, xltm, xltx, xz, z, zi, zip, zipx, The default selection from the above file type list is: ace, apk, app, appx, ani, arj, bat, cab, cmd,com, deb, dex, dll, docm, elf, exe, hta, img, iso, jar, jnlp, kext, lha, lib, library, lnk, lzh macho, msc, msi, msix, msp, mst pif, ppa, ppam, reg, rev, scf, scr, sct, sys, uif, vb, vbe, vbs, vxd wsc, wsf, wsh xll, xz z MC411674 — Exchange Online Protection: Anti-malware policy notification settings change Microsoft 365 Roadmap ID 93433 The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings. As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter: · True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification. · Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other): o Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications. o Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications. When this will happen: Starting early September and completion of deployment by early October. How this will affect your organization: Once these changes are rolled out, the current email notifications for recipients and senders will be stopped. Instead, any recipient notifications will be based on the selected quarantine policy (dropdown in the anti-malware policy). What you need to do to prepare: Review the 'Quarantine Policy' selection in your current anti-malware policies. With this feature change, for default and all existing policies, · The selection in the 'Quarantine Policy' dropdown will be used for any recipient notifications. · For the new settings in 'Common attachment filter detections', the selection will be set to 'Quarantine the message' option (which is the same as the Quarantine policy dropdown). Review the following resources below to learn more: · Create anti-malware policy · Quarantine policy · Quarantine policies in anti-malware policies · Use quarantine notifications to release and report quarantined MC411432 — We've changed the minimum iOS system requirements for Outlook for iOS and watchOS Outlook for iOS is supported on the two most recent versions of iOS. When a new version of iOS is released, Outlook’s Operating System requirement becomes the two most recent versions: the current version of iOS and watchOS and the previous version. With iOS 16 currently in beta, Outlook for iOS is preparing to drop support for iOS 14. In addition, once iOS 16 is released to GA, the system requirements for Outlook for iOS will be updated to reflect support for iOS 16. Microsoft will update the minimum system requirements for Outlook for iOS app from iOS 14 to iOS 15. Microsoft will retire support for watchOS 7. watchOS 8 and 9 will be the only supported versions for Apple Watch. How does this affect me?: After iOS 16 is released, Outlook devices running iOS 14, or lower will no longer receive Office app updates. At that time, customers will be able to continue to use the older version of Outlook for iOS. Once they update their device to iOS 15 or above, they will receive the newest version of Outlook. Over time, Outlook for iOS on iOS 14 devices will eventually stop synchronizing email and calendar data, unless they have a supported version of iOS. This change does not affect anyone using Outlook for iOS apps on iOS 15 or above. What do I need to do to prepare for this change?: We recommend that you communicate this change to your users to ensure they update their device operating system. Please click Additional Information to refer to the current minimum system requirements for Office 365. MC411428 — Microsoft Exchange Online: Change to soft-deleted period for inactive mailboxes When all holds and retention policies are removed from an inactive mailbox, it becomes soft-deleted and remains in Exchange for a period of time to allow for recovery before permanent deletion. Based on customer feedback, and to maintain consistency with other solutions, we will be changing this period to 30 days (from current 183 days). Following this change, after 30 days, any inactive mailboxes which are in a soft-deleted state are permanently deleted and are no longer recoverable. When this will happen: Rollout will begin in late August and is expected to be complete by end of September 2022. How this will affect your organization: When this change takes place, inactive mailboxes in the soft-deleted state which have been in this state for more than 30 days will be permanently deleted and no longer recoverable. What you need to do to prepare: No action is needed to enable this change. Learn more: Delete an inactive mailbox MC406647 — (Updated) General availability of Advanced Message Encryption - Office 365 Message Encryption portal access logs Microsoft 365 Roadmap ID 93372 Updated August 25, 2022: We have updated the rollout timeline below. Thank you for your patience. With this update, admins will be able to enable logging of external user activities accessing the Office 365 Message Encryption Portal to retrieve encrypted mail. When this will happen: Rollout will begin in mid-September (previously mid-August) and is expected to be complete by end of October (previously end of September). How this will affect your organization: This feature will enable logging of external user activities accessing the Office 365 Message Encryption Portal to retrieve encrypted mail. These logs can be retrieved using the Audit Logs functionality in the Microsoft Purview compliance portal. You can also access these audit logs through the management API. What you need to do to prepare: This feature is not available by default unless you have enabled auditing. To enable the feature, go to Microsoft Purview compliance portal > Audit log search page and select Turn on auditing. · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments You can enable the portal logs using Exchange PowerShell: · Set-IrmConfiguration -EnablePortalTrackingLogs $true Learn more: · Search the audit log in the Microsoft Purview compliance portal · Advanced Message Encryption MC405568 — (Updated) Addition of Shared Mailboxes to the Mailbox Usage Report Microsoft 365 Roadmap ID 93398 Updated August 9, 2022: We have updated the rollout timeline below. Thank you for your patience. In the coming weeks, the mailbox usage report will be expanded to include additional mailbox insights. When this will happen: Standard Release: We will begin rolling out late July and expect to complete by late August (previously early August). How this will affect your organization: Upon querying for the mailbox usage report, you'll have the ability to view shared mailboxes which previously were not included. You'll need to refine your query to include a recipient type column which will show both user and shared mailboxes, but recipient type will not be an option until the change rolls out. Once live, click here for additional information to explain changes you can make to your mailbox usage report to view shared mailboxes as well as user mailboxes. What you need to do to prepare: There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate. MC397458 — (Updated) Outlook Mac now supports retention Policy Microsoft 365 Roadmap ID 88849 Updated August 1, 2022: We have updated the rollout timeline below. Thank you for your patience. Use retention policies in Outlook for Mac to apply a policy to your messages in your mailbox. Retention policies define how long your messages will be saved. This update will only work in the new Outlook for Mac. Note: If your organization is not using Mac OS, you can safely disregard this message. When this will happen: We will begin rolling out June 2022 and expect to complete by end of August 2022 (previously end of July 2022). How this will affect your organization: If you already defined the retention policy on your tenant and use that in Outlook Windows and Outlook on the web, now you could see them available in New Outlook for Mac on the message list view context menu and message item context menu. What you need to do to prepare: You do not need do anything to prepare this. MC385450 — (Updated) Advanced Room Finder Coming to U.S. Government Clouds Microsoft 365 Roadmap ID 93293 Updated August 31, 2022: We have updated the rollout timeline below. Thank you for your patience. Room Finder is a web-based feature that you can set up for your users to find available meeting rooms and workspaces that are suitable for their use. Every meeting room and workspace must be set up in Exchange Online and added to a room list for it to display properly in Room Finder. The Advanced Room Finder enables users to browse or search for Buildings/Room Lists by city and then filter by room type, capacity, floor and features. When this will happen: The Advanced Room Finder is currently available in WWMT. It will begin rolling out to U.S. Government Clouds in early June and be completely rolled out by early September (previously mid-August). How this will affect your organization: Users will be able to browse and search for Buildings/Room Lists and then filter for rooms in a Building/Room List by type, capacity, floor and features. What you need to do to prepare: Admins should ensure Room and Workspaces Mailbox properties are set to ensure users can browse and filter, especially location and feature related properties. The Advanced Room Finder currently uses: City, Capacity, Floor, AudioDeviceName, VideoDeviceName, DisplayDeviceName, IsWheelChairAccessible, and Tags. Learn More: · How to Configure the New Room Finder in Outlook · Use the Scheduling Assistant and Room Finder for Meetings in Outlook · Configure rooms and workspaces for Room Finder in Outlook MC383875 — (Updated) Microsoft Defender for Office 365: updates to quarantine folder storage Microsoft 365 Roadmap ID 93302 Updated August 2, 2022: We have updated the content below for clarity. Thank you for your feedback. Microsoft Defender for Office 365 is making some changes to quarantine folder storage. The experience for users will remain the same and users can leverage the delete action to maintain the storage folder for their quarantined messages. When this will happen: Standard: will begin rolling out in mid-June and be completed by early September (previously late June). Government: will begin rolling out in mid-September (previously early July) and be completed by late September (previously late July). How this will affect your organization: In the case that a user’s quarantine storage is full, new incoming messages routed to quarantine will be rejected and an NDR will be generated for those messages. In the case of Zero hour Auto Purge, where malicious items need to be zapped from inbox to quarantine but there is no space, these messages will be instead, added to the junk mail folder. Note: When there is a False positive Zero hour Auto Purge, messages wrongly moved to the Junk mail folder can be added back to their original location. Previously, when messages were deleted by users from quarantine, those deleted messages could still be retrievable within a 30-day period after deletion was made. To help users better manage their storage, we will be introducing a hard delete experience whereby once the messages are hard deleted, they can’t be recovered. Note: End users will only be able to delete quarantine messages that their Administrators has given them access to through the quarantine policy. What you need to do to prepare: The goal for this communication is mostly for informational awareness. You may consider updating your training and documentation as appropriate. MC373889 — (Updated) Upcoming behavior change to the "DoNotRewrite" List Updated August 5, 2022: We have updated the rollout timeline below. Thank you for your patience. With the deployment of the Tenant Allow/Block List, as being the single source of truth for Tenant Allows, other mechanisms for Tenant Allows are being removed. This will give SecOps teams one place to manage all Tenant Allows. Today, “DoNotRewrite” list is used to Skip · wrapping URLs · Detonation(SONAR) · Verdicts. The intended purpose of "DoNotRewrite" is to give tenants the ability to skip the wrapping of URLs. With the deployment of the Tenant Allow Block List, it is expected that all tenant allows (ex Detonation(SONAR) and Verdicts) shall be managed there. When this will happen: We will begin rolling this out in early June and expect to complete by late September (previously late July). How this will affect your organization: With this change, the Do Not Rewrite List behavior will be changed back to its intended purpose to skip the wrapping of URLs: Learn More What you need to do to prepare: Review your "DoNotRewrite" URLs list(s) and ensure you have not added entries to it for uses other than to skip wrapping of URLs. Microsoft 365 MC394931 — (Updated) Microsoft 365 admin center: Reports in the Admin Center – API available to manage user, group, and site names Microsoft 365 Roadmap ID 93313 Updated August 9, 2022: We have updated the rollout timeline below. Thank you for your patience. Microsoft is releasing an API that helps Global Administrators change how user, group, and site names are displayed in the Microsoft 365 admin center based on their organization’s privacy practices without having to manually change the setting in Org Settings -> Reports. User, group and site names are concealed by default. When this setting is changed, administrative roles and the report reader role will be able to see identifiable user level information. Global reader and Usage Summary Reports Reader roles will not have access to identifiable user information, regardless of the setting chosen. Showing identifiable user information is a logged event in the Microsoft 365 Compliance Center Audit log. When this will happen: We will begin rolling out late June and expect to complete by late September (previously late July). How this will affect your organization: The update admin report setting API can be used with Global Administrator permissions. More information on the API can be found here Working with Microsoft 365 usage reports in Microsoft Graph Graph API names are update admin report settings and get admin report settings. NOTE: This change affects the following products and APIs, and will help companies support their local privacy laws: · Microsoft 365 Reports in the Microsoft 365 admin center · Microsoft 365 usage reports in Microsoft Graph · Microsoft Teams analytics and reporting in the Microsoft Teams admin center · The reportRoot: getSharePointSiteUsageDetail API (1.0 and beta) for SharePoint site detail What you need to do to prepare: There is no specific action required, but you may want to update your documentation as needed. Microsoft Purview MC423139 — Microsoft Purview | eDiscovery Premium - Collections progress, statistics, and workflow enhancements (preview) Microsoft 365 Roadmap IDs 93381 and 93382 Coming soon to public preview, we're rolling out enhancements for eDiscovery (Premium) Collections to simplify workflow and provide additional insights for eDiscovery admins. When this will happen: Rollout will begin in late September and is expected to be complete by late October. How this will affect your organization: With this preview update, eDiscovery admins can better understand the progress of Collections, see statistics on what content contributed to changes between estimated items with hits and actual collected items, and commit the collection directly from the estimate without navigating through the entire collection wizard. What you need to do to prepare: Get started by visiting the eDiscovery (Premium) solution in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: Learn about collections in eDiscovery (Premium) MC415900 — Microsoft Purview | Data Lifecycle Management and Records Management – Microsoft Graph APIs for extensibility (preview) Microsoft 365 Roadmap ID 88276 As a part of our extensibility vision and first release to Microsoft Graph, we are introducing three new APIs for retention labels, events, and event types in the Microsoft Graph beta environment. These APIs will enable you to customize and extend on what we have built in the product so far. These APIs can be used by compliance admins and developers to manage retention labels in Data Lifecycle and Records Management solutions. When this will happen: The APIs began rollout to the Microsoft Graph beta environment in mid-July and are now available in preview. How this will affect your organization: If your organization needs to automate any operation related to retention labels or events, we recommend you achieve this by using the new Graph APIs instead of using PowerShell cmdlets. With Graph, we use REST APIs that support better security, extensibility, and app authentication features. The three APIs are available under the security node and the endpoints to access them are as follows: Entity name Endpoints Solution Labels security/labels/retentionLabels Data Lifecycle Management, Records Management Events security/triggers/retentionEvents Records Management Event types security/triggerTypes/retentionEventTypes Records Management What you need to do to prepare: Permissions Currently, these APIs are supported through delegated permissions only, which are managed through the Graph interface. We are introducing two new permissions which you will need to access these APIs: · recordsmanagement.read.all · recordsmanagement.readwrite.all Licensing: Access to Data Lifecycle Management and Records Management features varies based on your Microsoft 365 license level. See Microsoft 365 guidance for security & compliance - Service Descriptions | Microsoft Docs for licensing requirement details. You can find the Data Lifecycle and Records Management solutions in the Microsoft Purview compliance portal. Learn more: · Learn more about retention labels: Create retention labels for exceptions - Microsoft Purview (compliance) | Microsoft Docs · Learn more about event-based retention: Start retention when an event occurs - Microsoft Purview (compliance) | Microsoft Docs · DLM and RM Graph APIs at Microsoft Build 2022: Automate and customize retention and deletion scenarios (microsoft.com) · Graph explorer platform: Graph Explorer | Try Microsoft Graph APIs - Microsoft Graph MC412837 — Microsoft Purview compliance portal: eDiscovery (Premium) supports Teams reactions (preview) Microsoft 365 Roadmap ID 88922 Coming to public preview, eDiscovery (Premium) will soon support discovery of reactions to Microsoft Teams chat and channel messages. When this will happen: Rollout will begin in mid-August and is expected to be complete by late September. How this will affect your organization: You will soon be able to discover Teams reactions in eDiscovery (Premium), including heart, thumbs up, thumbs down, laugh, surprised, and angry. This detail can provide additional user sentiment context for items captured in an eDiscovery (Premium) collection. What you need to do to prepare: Get started by visiting the eDiscovery (Premium) solution in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: · eDiscovery (Premium) workflow for content in Microsoft Teams · Learn about collections in eDiscovery (Premium) MC412835 — Microsoft Purview | Information protection: Co-authoring encrypted documents on mobile devices (GA) Microsoft 365 Roadmap ID 98089 Currently available in public preview (MC337330), the ability to co-author Microsoft Purview Information Protection encrypted documents on both Android and iOS mobile devices will soon be generally available. When this will happen: Rollout will begin in late August and is expected to be complete by mid-September. How this will affect your organization: With this update, users will be able to collaborate seamlessly on documents encrypted with Microsoft Purview Information Protection from mobile devices (Android and iOS). This allows for greater flexibility and productivity on the go and supports hybrid and remote work scenarios. This expands on existing co-authoring support for Windows and Mac desktops and Office on the web. What you need to do to prepare: To use this feature, install or update Office Mobile, Word, Excel, or PowerPoint to version 16.0.14931 or higher on Android or 2.58.207 or higher on iOS. Note: This feature is gated by the ‘Co-authoring for files with sensitivity labels’ setting for your tenant in the Microsoft Purview compliance portal (Global admin rights required). · If you have already enabled the setting to use co-authoring on Desktop apps, mobile support will be enabled automatically on the supported versions. · If you have not, you can opt-in to the setting to enable Co-authoring for both Desktop and Mobile apps when ready To get started, visit the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for WW commercial and GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: Enable co-authoring for encrypted documents MC412378 — Microsoft Purview compliance portal: Exact Data Match updated UI wizard Microsoft 365 Roadmap ID 88895 We're rolling out a new Exact Data Match (EDM) UI wizard experience to provide a more simplified and automated way to configure EDM sensitive information types (SITs) in the Microsoft Purview compliance portal. When this will happen: Rollout will begin in mid-August and is expected to be complete by late August. How this will affect your organization: The new wizard in the Microsoft Purview compliance portal will enable easier and quicker configuration of EDM SITs and utilizes automation to reduce manual inputs. This new UI includes a guided experience that suggests the most accurate SITs to consider for the EDM configuration, which is based on an analysis of sample data supplied by the admin; the sample data uploaded should be representative of the actual specific sensitive data that is to be protected through the use of EDM. What you need to do to prepare: To explore the updated EDM wizard, visit the Microsoft Purview compliance portal > Data classification > Exact data matches, and use the toggle to switch between the legacy UI and the new EDM experience. · Microsoft Purview compliance portal for Worldwide and GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: Get started with Exact Data Match MC412376 — Microsoft Purview: eDiscovery (Premium and Standard) - Jobs limit update Microsoft 365 Roadmap ID 93365 We will soon be making changes to jobs-related limits enforced in eDiscovery (Premium and Standard) solutions to give your organization’s eDiscovery administrators and managers greater flexibility on how jobs are run and what types of jobs can be run at the same time. When this will happen: Rollout will begin in mid-September and is expected to be complete by end of October. How this will affect your organization: With the introduction of new features to our eDiscovery services over the past few years, various limits have been introduced as a way to ensure resources are properly allocated and service stability can be maintained--this includes a range of jobs-related limits. In an effort to make these limits easier for users to understand and track, we are simplifying jobs-related limits in both eDiscovery Premium and Standard as outlined in the following table. * eDiscovery (Premium) jobs count towards eDiscovery (Standard) limit but not the other way around. I.e. If you have 50 jobs running in Premium, then you won’t have room to start any Standard jobs until 1 or more of these jobs are completed. This set of limits updates it not likely to significantly affect your organization’s eDiscovery workflow; the simplified jobs level limits either maintain the original limit set forth or increase flexibility by removing the specific job type associated with the limit. What you need to do to prepare: Assess whether the changes will change your organization’s eDiscovery workflow. If so, update internal documentation. Provide training to all eDiscovery users in your organization and update relevant documentation if needed. Access the eDiscovery solution in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for WW and GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: Microsoft Purview eDiscovery solutions MC412375 — Microsoft Purview Information Protection: Sensitivity labels now apply to modified documents (WXP on PC and Mac) Microsoft 365 Roadmap ID 93209 Currently available in public preview (MC393822), default labeling policies can be applied to any supported document that a user edits, not just a new document. This update applies to Word, Excel, and PowerPoint documents on PC and Mac platforms. When this will happen: Rollout will begin in late August and is expected to be complete by mid-October. How this will affect your organization: If you’ve configured users for a default sensitivity label policy for Office documents, the label you chose will automatically be applied to Word, Excel, and PowerPoint documents that users create or modify. Previously, this only applied to new documents only. Note: This functionality is now generally available for Word, Excel, and PowerPoint documents on the Web (MC305436), and with this update will extend to Word, Excel, and PowerPoint on PC and Mac. What you need to do to prepare: View sensitivity labels and their policies and settings in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for WW and GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: · Get started with sensitivity labels · Learn about the default labels and policies to protect your data MC412046 — Microsoft Purview | Data Loss Prevention – Customizable DLP policy violation justification (GA) Microsoft 365 Roadmap ID 93376 Now available in Microsoft Purview Data Loss Prevention, we're introducing the ability to customize the justification options that appear when end users request to override blocked actions as defined by DLP policy. When this will happen: This update is now available. How this will affect your organization: With this update, admins can customize and replace out-of-the-box justifications with text specific to the organization's policies and business needs. This enables organizations to better define relevant and appropriate justifications for overriding blocked actions and activities that are detected by DLP policies. What you need to do to prepare: Configure DLP policies and settings from the Data loss prevention solution in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: Send email notifications and show policy tips for DLP policies MC384312 — (Updated) Microsoft Purview | eDiscovery (Premium) - Case limit enhancements Microsoft 365 Roadmap ID 85631 and 88896 Updated August 16, 2022: We have updated the rollout timeline below. Thank you for your patience. We're rolling out a new case format in eDiscovery (Premium), increasing the total amount of content that can be managed in a single eDiscovery (Premium) case. Additionally, when selecting this new case format setting during case creation, eDiscovery admins have the option to collect Teams conversations as a transcript. When this will happen: · GCC: Rollout will begin in mid-June and is expected to be complete by late July. - Complete · GCC-High and DoD: Rollout will begin in mid-June and is expected to be complete by late September (previously late July). How this will affect your organization: The new case format accommodates an increase in case size in response to time-sensitive, high-volume regulatory requests, investigations, and litigation in modern day regulated organizations. With the new case format in eDiscovery (Premium), organizations will be able to: · Create collections with up to 1 TB of data · Commit collections with 1TB of pre-expansion data to a review set · Collect Teams chat conversations as HTML transcripts as opposed to individual items · Export 5 million documents or 500 GB of data (whichever is smaller) in a single export job · Manage large volume cases with more than 40 million items per case New case format support in eDiscovery (Premium) won’t affect your organization’s current eDiscovery workflow in existing cases. When creating a new case, you will have the ability to choose between a classic case (the existing case format) or new case format. With the new case format, you can create up to 1 TB of content per collection and then commit the collection to a single review set. When collecting content using the new case format, cloud attachments and contextual Teams and Yammer content are automatically added to the review set. This functionality helps to provide you with a complete picture of digital communications. With the new case format, you can manage large volume cases in excess of 40 million items per case, and effectively manage large data sets throughout the eDiscovery process. As part of the new case format, eDiscovery admins will be able to collect Teams messages in transcript format. Instead of each message within a thread/conversation being brought into the review set and processed/exported individually, an entire transcript of the thread/conversation would be brought into the review set. What you need to do to prepare: Review and assess if the new case format will affect your organization’s eDiscovery workflow and, if necessary, update your internal documentation accordingly. Learn more: · Use new case format in eDiscovery (Premium) · Teams transcript conversation threading in eDiscovery (Premium) You can access the eDiscovery (Premium) solution here: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-High cloud environments · Microsoft Purview compliance portal for DoD cloud environments MC375741 — (Updated) Microsoft Purview compliance portal: Announcing data purge capabilities for Microsoft Teams content (preview) Microsoft 365 Roadmap ID 88975 Updated August 18, 2022: We have updated the rollout timeline below. Thank you for your patience. Coming to preview, this new feature extends data purge functionality to Microsoft Teams content to facilitate the purge of sensitive or misplaced data. When this will happen: Rollout to public preview will begin in early September (previously mid-July) and is expected to be complete by late September (previously mid-August). How this will affect your organization: Data spillage occurs when a confidential document is released into an untrusted environment. An eDiscovery case provides an effective way to manage data spillage investigations, so you can quickly assess the size and locations of the spillage, examine user activities around it, and then permanently purge the spilled data from the system. With this update, you will be able to include Teams content in the scope of the data purge. Note: Data purge can't delete items in a review set in eDiscovery (Premium) because the review set contains copies of items in the live service that are stored in an Azure Storage location. To delete items in a review set, you have to delete the eDiscovery (Premium) case that contains the review set. The purge signal will be available via the eDiscovery (Premium) Graph APIs, currently in public preview. For more information, see Close or delete an eDiscovery (Premium) case. What you need to do to prepare: Access the eDiscovery solution in the Microsoft Purview compliance portal: · Microsoft Purview compliance portal for GCC cloud environments · Microsoft Purview compliance portal for GCC-H cloud environments · Microsoft Purview compliance portal for DoD cloud environments Learn more: · Search for and delete chat messages in Teams MC321247 — (Updated) Advanced eDiscovery: Enhanced import custodians wizard experience Microsoft 365 Roadmap ID 88814 Updated August 5, 2022: We have updated the rollout timeline below. Thank you for your patience. Coming soon to general availability, the Import custodian's wizard experience in Advanced eDiscovery allows eDiscovery managers to quickly validate and remediate any errors in their CSV file before submitting custodian import jobs. When this will happen: Rollout will begin in late February and is expected to be complete by late September (previously late July). How this will affect your organization: Previously, when you uploaded a CSV file to import multiple custodians into an Advanced eDiscovery case, the system did not perform an initial check to validate the values in the CSV file. We’ve heard from many of you that it’s painful to wait a long time for the import custodian job to complete, only to discover that the job has failed due to uncaught typos in the uploaded CSV file. Now, with the enhanced import custodian's wizard experience, the system performs a set of initial checks to quickly identify errors in the uploaded CSV file before initiating the long running import custodians' job. Download list of errors with information on the specific row, column, and error description to remediate the identified errors prior to your import. Import the CSV file with confidence after remediating all the errors. Note: For best results, consider splitting your CSV file for importing custodians into multiple files to work within the following limits: · 1,000 custodians (1,000 rows) per CSV file · 500 additional data sources per custodian (using the columns Workload 1 Type, Workload 1 location, Workload2 Type, Workload2 Location, and so on). What you need to do to prepare: Your organization must have the appropriate organization subscription for Advanced eDiscovery, and you must be an eDiscovery Administrator in your organization to manage communication templates and issuing officers. Access the Advanced eDiscovery solution in the Microsoft 365 compliance center: · Microsoft 365 compliance center for WW and GCC · Microsoft 365 compliance center for GCC-High · Microsoft 365 compliance center for DoD Learn more: · Import custodians to an Advanced eDiscovery case · Overview of Microsoft 365 Advanced eDiscovery MC321240 — (Updated) Advanced eDiscovery: Updated timing for rollout of hold optimizations for U.S. gov clouds Microsoft 365 Roadmap ID 70586 Updated August 5, 2022: We have updated the rollout timeline below. Thank you for your patience. Timing update: We ask that you pardon our delay of this earlier planned feature release. We are now ready to proceed rolling out to Government environment. As previously announced in (MC256277 - Aug 2021), we're rolling out various service optimizations for Advanced eDiscovery, including service improvements for hold. · Pre rollout (current): users see an error message when placing more than 1,000 mailboxes or 100 sites on hold which is the limit for eDiscovery holds. · Post rollout: when placing more than 1,000 mailboxes or 100 sites on hold, the system will automatically scale the eDiscovery legal hold as needed. Note: This is achieved as the system automatically adds data locations to multiple holds, instead of adding them to a single hold. When this will happen: Rollout will begin in early March and is expected to be complete by late September (previously early July). How this will affect your organization: The system will automatically scale eDiscovery legal holds as needed when you use the following Advanced eDiscovery custodian workflows: · Advanced eDiscovery > Case > Data sources o Add new custodians o Import custodians o Data source > Edit o Data source > Release · Microsoft Graph eDiscovery API (beta) o Custodian resource type § userSources § siteSources § unifiedGroupSources Not all locations associated with a single custodian are guaranteed to be added to the same hold. This release only impacts custodian workflows within an Advanced eDiscovery case. · Creating query-based holds (Advanced eDiscovery > Hold > Create) will not automatically scale and will return same error as before due to hitting the limit. · Adding non-custodial data locations (Advanced eDiscovery > Data sources > Add data locations) will not automatically scale and will return same error as before due to hitting the limit. · This change does not affect holds in Core eDiscovery or the corresponding PowerShell cmdlets and will not impact any existing automation scripts that use PowerShell cmdlets. All existing eDiscovery hold limits remain unchanged. We are also changing naming schema in Advanced eDiscovery for auto-created legal holds: · Existing naming convention for legal holds created by the system is: CustodianHold-{Case id}, for example, CustodianHold-b3d6b416-234f-47f8-b446-930df275be4e · New naming convention for legal holds created by the system is: CustodianHold-{truncated case id}-{policy creation time in ticks}; for example, CustodianHold-b3d6b416234f47f8-0637541049083233486 What you need to do to prepare: You might want to notify your users about this new capability and update your training and documentation as appropriate. Access the Advanced eDiscovery solution in the Microsoft 365 compliance center: · Microsoft 365 compliance center for GCC · Microsoft 365 compliance center for GCC-High · Microsoft 365 compliance center for DoD Learn more: · Advanced eDiscovery hold limits · Importing custodians to an Advanced eDiscovery case · Automate Advanced eDiscovery legal hold workflows that involve large scale cases using Microsoft Graph eDiscovery API MC320945 — (Updated) Advanced eDiscovery: General availability of Communication templates and issuing officer settings Microsoft 365 Roadmap ID 88813 Updated August 5, 2022: We have updated the content with additional links to resources. We're soon rolling out new features to improve the efficiency of your hold notifications. Communication Library in Advanced eDiscovery allows eDiscovery administrators to create communication templates to quickly draft hold notifications. Issuing officer settings allows eDiscovery admins to manage a list of issuing officers for your organization to send hold notifications on behalf of. When this will happen: Rollout will begin in late February and is expected to be complete by late September (previously late July). How this will affect your organization: Communication templates Previously, to send out multiple legal hold notices, eDiscovery managers had to repetitively follow the same multi-step process outlined in documentation (Create a legal hold notice - Microsoft 365 Compliance). With this update, eDiscovery admins can now manage a list of communication templates for their organization. eDiscovery managers can simply select from one of the pre-configured templates, instead of starting from scratch every time. To create, edit, and delete communication templates, navigate to Advanced eDiscovery > Settings > Communication Library. Previously, only eDiscovery case members with an active mailbox could be selected as issuing officers to send the legal hold notice on behalf of. With this update, eDiscovery admins can manage a list of issuing officers for their organization, without adding these issuing officers as “case members”, granting unnecessary access to each eDiscovery case. If an organization has a dedicated attorney “John Doe” to send all their hold notices on behalf of, an eDiscovery admin can simply add John Doe as an issuing officer under Advanced eDiscovery settings, without adding John Doe to all their cases as a case member. To add and delete issuing officers, navigate to Advanced eDiscovery > Settings > Issuing officer. Once the above settings are defined, you can select the issuing officer and the communication template options for your new legal hold notification from Case > Communications > New communication. What you need to do to prepare: Your organization must have the appropriate organization subscription for Advanced eDiscovery, and you must be an eDiscovery Administrator in your organization to manage communication templates and issuing officers. Access the Advanced eDiscovery solution in the Microsoft 365 compliance center: · Microsoft 365 compliance center for WW and GCC · Microsoft 365 compliance center for GCC-High · Microsoft 365 compliance center for DoD Learn more: · Create a legal hold notice · Overview of Microsoft 365 Advanced eDiscovery · Manage custodian communications templates in Advanced eDiscovery · Manage issuing officers in Advanced eDiscovery MC306112 — (Updated) Microsoft 365 compliance center; third party data connectors (Veritas) Microsoft 365 Roadmap ID 82038 Updated August 12, 2022: We have updated the rollout timeline below. Thank you for your patience. Admins can use data connectors to import and archive third-party data from social media platforms, instant messaging platforms, and more to mailboxes in your Microsoft 365 organization. This enables you to extend various Microsoft 365 compliance solutions to the imported content, helping ensure that non-Microsoft data is in compliance with the regulations and standards that affect your organization. As previously announced in (MC267138 - July 2021), we are rolling out a new set of data connectors from Veritas to expand this capability to an additional group of third-party data sources. Note: We are rolling out these connectors first to public preview before making them generally available. When this will happen: Public preview: will begin rolling out in late December 2021 and is expected to be complete by early January 2022. Standard: will begin rolling out in late September (previously late July) and is expected to be complete by mid-October (previously mid-August). How this will affect your organization: The following Veritas Technologies (formerly Globanet) data connectors are being onboarded to the GCC environment: · CellTrust · Cisco Jabber on MS SQL · Cisco Jabber on Oracle · Cisco Jabber on PostgreSQL · EML · FX Connect · Jive · MS SQL Database · Pivot · Redtail Speak · Reuters Dealing · Reuters Eikon · Reuters FX · RingCentral · Salesforce Chatter · ServiceNow · Skype for Business · Slack eDiscovery · Symphony · Text-delimited · Webex Teams · Webpages · Workplace from Facebook · XIP · XSLT/XML · Yieldbroker · YouTube · Zoom Meetings Note: Before you can archive data in Microsoft 365, you have to work with Veritas to set up their archiving service (called Merge1) for your organization. What you need to do to prepare: You can access data connectors within the Microsoft 365 compliance center. Learn more about third-party data connectors and the compliance solutions that support third-party data MC301684 — (Updated) General availability of AIP client and scanner audit logs in Microsoft 365 Audit and Activity explorer This message is associated with Microsoft 365 Roadmap ID 89777 Updated August 8, 2022: We have updated the rollout timeline below. Thank you for your patience. Azure Information Protection (AIP) administrators will soon be able to access data in Microsoft 365 compliance center Audit logs and Activity explorer, in addition to the AIP Analytics (Preview) portal. When this will happen: Rollout will begin in early December and is expected to be complete by late September (previously late July). How this will affect your organization: As part of our unified labeling and analytics experience across the Microsoft Information Protection (MIP) solution, we are expanding your ability to access and review data logged by AIP client, scanner, and MIP SDK beyond the existing AIP Analytics (Preview) portal. · With this update, audit logs reported by the AIP client, the AIP scanner, and MIP SDK flowing today into the Log Analytics workspace will also be available in Microsoft 365 Audit logs. · Additionally, you can use the Activity explorer screen for additional insights into labeling activity and history. What you need to do to prepare: Your data will be available in Activity Explorer, and you will be able to explore your AIP audit logs in Microsoft 365 portal. No action is needed as audit log data will flow into Activity Explorer by default. If you wish to opt-out, please follow the procedure explained here. Administrators will be able to continue exploring AIP Audit logs in the Log analytics workspace in the AIP Analytics (Preview) portal. This is a supplemental access point. You might want to notify your administrators about this new capability and update your training and documentation as appropriate. Get started with Activity explorer in the Microsoft 365 compliance center: · Microsoft 365 compliance center for GCC · Microsoft 365 compliance center for GCC-H · Microsoft 365 compliance center for DoD Microsoft Defender MC408693 — Announcing automatic redirection from Office 365 Security and Compliance Center to Microsoft 365 Defender portal Microsoft 365 Roadmap ID 93418 We will soon begin redirecting users from the legacy Office 365 Security & Compliance Center to Microsoft 365 Defender portal in GCC, GCC-High and DoD environments, for all security workflows including: Alerts, Threat Management and Reports. GCC Environment: · Office 365 Security & Compliance Center old URL: protection.office.com · Microsoft 365 Defender new URL: security.microsoft.com GCC-High Environment: · Office 365 Security & Compliance Center old URL: scc.office365.us · Microsoft 365 Defender new URL: security.microsoft.us DoD Environment: · Office 365 Security & Compliance Center old URL: scc.protection.apps.mil · Microsoft 365 Defender new URL: security.apps.mil Items in the Office 365 Security & Compliance Center scenarios that are not related to security are not redirected to Microsoft 365 Defender. For compliance solutions redirection to Microsoft 365 Compliance Center, see MC244886. This is a continuation of Microsoft 365 Defender delivers unified XDR experience to GCC, GCC High and DoD customers - Microsoft Tech Community, announced in March 2022. When this will happen: Standard Release: We will begin rolling out early September 2022 and expect to complete by late October 2022. How this will affect your organization: Users accessing the security solutions in the Office 365 Security & Compliance Center will be automatically redirected to the appropriate solutions in the Microsoft 365 Defender portal. This change enables users to view and manage additional Microsoft 365 Defender security solutions in one portal. This change impacts all customers who use the Office 365 Security & Compliance Center in GCC, GCC High and DoD environments, including Microsoft Defender for Office (Plan 1 or Plan 2), Microsoft 365 E3 / E5, Office 365 E3/ E5 and Exchange Online Protection. For the full list, see Security & Compliance Center - Service Descriptions | Microsoft Docs. This change impacts all users who logs in to the Office 365 Security & Compliance center portal, including security teams as well as end-users (who access the Email Quarantine experience, at the Microsoft Defender Portal > Review > Quarantine). What you need to do to prepare: Redirection is enabled by default and impacts all users of the Tenant. Global Administrators and Security Administrators can turn on or off redirection in the Microsoft 365 Defender portal by navigating to Settings > Email & collaboration > Portal redirection and switch the redirection toggle. MC387033 — (Updated) Microsoft Purview Data Lifecycle Management: Temporary rollback of Adaptive policy scopes for retention Updated August 23, 2022: We have updated the rollout timeline below. Thank you for your patience. As previously announced in Message Center post (MC306670 - December 2021 and tracked via Microsoft 365 roadmap ID 70578), we rolled out adaptive policy scopes for retention policies and retention label policies to your cloud environment. We recently discovered an issue that impacts creation of adaptive policy scopes in GCC High and DoD environments, caused by an incompatible older version of the service. To ensure compatibility of this service with the adaptive policy scopes feature, we will roll back this feature immediately. How this will affect your organization: You are receiving this message because your Microsoft 365 license grants access to Microsoft Purview Data Lifecycle Management and Records Management solutions, and you are currently unable to use the adaptive policy scopes feature. Until this issue is resolved, you will continue to be unable to create adaptive scopes or use them in retention policies and label policies. What you need to do to prepare: We are working diligently to address this issue and anticipate relaunching adaptive policy scopes feature by the end of October (previously end of August). Status of this feature will be tracked via Microsoft 365 roadmap item 93329. There is nothing you need to do to prepare. Once this issue has been resolved we will notify you via Message Center. Learn more about this feature: Adaptive policy scopes allow data administrators to scope retention policies and retention label policies to a dynamic set of users, SharePoint sites, or Microsoft 365 Groups. They do this by using the properties or attributes associated with these locations. Adaptive policy scopes work with all locations, including Exchange mailboxes, Microsoft 365 Groups, SharePoint sites, OneDrive accounts, Teams chats and channel messages (including private channels), and Yammer user and community messages. · Documentation: Learn about retention policies & labels to automatically retain or delete content · Blog: Adaptive Policy Scopes Microsoft 365 Records Management · Webinar: Deep dive on adaptive solutions MC296611 — (Updated) Microsoft Defender for Office 365: Introducing Built-In-Protection Microsoft 365 Roadmap ID 72208 Updated August 30, 2022: We have updated the rollout timeline below. Thank you for your patience. Note: this has begun being enforced for organizations where it is already available. We are introducing a powerful new default security preset called Built-in-Protection in Defender for Office 365. Built-in-Protection is a third preset security policy (like the Standard and Strict preset policies), and is enabled by default for all new and existing customers. It will implement a version of Safe Links and Safe Attachments resulting in low impact on the end-user. It's low impact as the end user experience will not be changed - URL links will not be wrapped. However, it will implement delivery time file and URL detonation as well as time of click protection. Key points: · Timing: We will begin rolling out in mid-December and complete by early October (previously late August). o Beginning in early November, you will be able to view the Built-in-Protection preset in the Defender for Office 365 portal and configure any exceptions required ahead of the policy enablement rollout that begins in mid-December. · Action: Review and assess impact to users in your organization. Note: Configured exceptions will be honored for the Safe Links and Safe Attachment settings within Built-In-Protection when it is eventually enabled for your tenant. Configured exceptions do not apply to the global Safe Links and Safe Attachment settings within Built-in-Protection. To changes these settings after Built-in-Protection is enabled, admins can modify the global Safe Attachments or global Safe Links policies directly at any time. To learn about the specific settings set by Built-in-Protection, please see: Microsoft recommendations for EOP and Defender for Office 365 security settings - Office 365 | Microsoft Docs How this will affect your organization: Built-In-Protection will not impact users who currently have a Safe Links or Safe Attachments policy in place. Note: For users already covered under the standard or strict preset; or under an explicit custom policy, this new built-in preset will not impact them as this policy has the lowest priority. Policies will be applied in the following order of precedence: 1. Strict 2. Standard 3. Custom 4. Built-In-Protection or default This means that if additional domains are added to your tenant, they will automatically be protected through Built-In-Protection with a base level of Safe Links and Safe Attachment. This will reduce the administrative burden and time involved to protect these users, as they'll get instant protection under the Built-in preset. What you need to do to prepare: No security admin action is required. You will want to review the impact to users who are not already protected under a standard or strict preset or under an explicit Safe Links and Safe Attachment custom policy. · We will release the option to configure exceptions in the Microsoft 365 Defender portal in early November ahead of enabling the Built-In-Protection policy. · Although we do not recommend it, we recognize the need for some organizations to exclude certain users or groups from Built-In-Protection and admins will have the opportunity to configure these exceptions ahead of December rollout. This is rolling out default on. Learn more: · MDO blog announcing Built-In-Protection · Learn how to configure Built-in-Protection · See the specific settings set in Built-In-Protection Microsoft 365 IP and URL Endpoint Updates August 29, 2022 - GCC June 29, 2022 – GCC High August 29, 2022 - DOD Continue reading...

With an increasing number of users choosing to access company resources from mobile devices to improve productivity, organizations are tasked with balancing more employee flexibility with where and how they work while maintaining effective security practices. To do this, organizations are implementing mobile threat defense (MTD) solutions that give IT and security teams greater visibility into the threats directed at their diverse mobile fleet. We are excited to announce that Microsoft Defender for Endpoint is now available on Android Enterprise (AE) company-owned personally enabled (COPE) devices. This release adds to the already existing support for installation on enrolled devices for AE bring your own device (BYOD) and AE fully managed modes, the legacy Device Administrator mode, and the unenrolled mobile application management (MAM) devices. Company-owned personally enabled devices are owned by an organization and issued to their employees. Both the enterprise and the employee can install applications onto the device. Cope architecture uses containerization tools like a work profile to maintain separation between personal and work data, and the applications used for each. This provides admins full management control within the work profile while only limited visibility into the personal profile. This practice helps admins continue to enforce policies while maintaining employee privacy. This release gives Android Enterprise COPE devices all the capabilities our Defender for Endpoint for Android devices offering has available today including phishing and web protection, malware scanning, network protection (preview) and additional breach prevention through integration with Microsoft Endpoint Manager and Conditional Access. We are excited to share this new release with you. For more details, please refer to the documentation here. We look forward to hearing your feedback. Continue reading...

Age mellowed me.

Great. It's another sunny day in Florida.

Based on customer feedback, we're planning to remove automatic deployment of the iOS/iPadOS Company Portal app as a required app for Automated Device Enrollment (ADE) Setup Assistant with modern authentication enrollment profiles. This will occur in two phases. The first phase will remove the automatic deployment from new profiles and introduce a new configuration option for existing profiles to stop the automatic deployment. The second phase will remove automatic deployment from existing profiles. We'll keep you updated on the expected timeline and any additional information for the change in this post. Existing ADE profiles with Setup Assistant with modern authentication To prepare for this change, we will be adding a new option for all existing ADE Setup Assistant with modern authentication enrollment profiles that will allow you to stop the automatic deployment of the iOS/iPadOS Company Portal as a required app from the enrollment profile. The new option will be available in the “Install Company Portal with VPP” drop-down menu. Stay tuned to In development and What’s new in Intune for the release. If you have existing ADE profiles with Setup Assistant with modern authentication, enable the new drop-down configuration to stop the automatic deployment of the Company Portal app once it’s available. After updating the configuration of the setting, use an app configuration policy and app targeting to push the Company Portal app as an available or required Volume Purchase Program (VPP) app. VPP is not required but is recommended. A few months after the new drop-down is released, we will be removing the automatic deployment of the Company Portal app from the modern authentication enrollment profile regardless of the VPP setting configuration. After updating your existing profile, complete the following steps: Create an app configuration policy, specifically sending the app configuration XML file called “Use the Company Portal on an Automated Device Enrollment (ADE) device enrolled with user affinity” see Add app configuration policies for managed iOS/iPadOS devices for instructions. Deploy the Company Portal app to the device, there are two options for this (Recommended) Set up VPP for iOS/iPadOS and assign the Company Portal app as required. For instructions see How to manage iOS and macOS apps purchased through Apple Business Manager with Microsoft Intune. You're highly encouraged to set “Automatic app updates” to Yes. Add the Company Portal to Intune, see Add apps to Microsoft Intune and then assign the app as required by following these instructions: Assign apps to groups with Microsoft Intune. The correct app configuration policy must be assigned to the devices regardless of whether VPP is configured for the Company Portal. The Company Portal is required on the device. Note: Later, we'll remove the automatic deployment of the Company Portal app from the modern authentication enrollment profile regardless of the “Install Company Portal with VPP” setting configuration. However, you'll continue to see the setting in the enrollment profile. No changes are needed if you’ve already taken the steps above. New ADE profiles with Setup Assistant with modern authentication Once automatic deployment of the Company Portal app has been removed, you'll no longer see the “Install Company Portal with VPP” setting when creating new ADE profiles. You'll need to use an app configuration policy and app targeting to deliver the Company Portal app. Here’s what to do: Create an app configuration policy, specifically sending the app configuration XML file called “Use the Company Portal on an Automated Device Enrollment (ADE) device enrolled with user affinity” see Add app configuration policies for managed iOS/iPadOS devices for instructions. Deploy the Company Portal app to the device as a required app, there are two options for this: The correct app configuration policy must be assigned to the devices regardless of VPP being configured for the Company Portal or not. We’ll continue to update this post with additional details, as needed, including when the new drop-down option becomes available and expected timelines for this change. More documentation will be available once the new option has been released. If you have any questions, please comment below or reach out to us on Twitter @IntuneSuppTeam. Continue reading... (Recommended) Set up VPP for iOS/iPadOS and assign the Company Portal app. For instructions see How to manage iOS and macOS apps purchased through Apple Business Manager with Microsoft Intune. You're highly encouraged to set “Automatic app updates” to Yes. Add the Company Portal to Intune, see Add apps to Microsoft Intune and then assign the app as required by following these instructions: Assign apps to groups with Microsoft Intune.

As highlighted in the Microsoft simplifies Endpoint Manager enrollment for Apple updates - Microsoft Tech Community post, we’ve been preparing for the iOS 16/iPadOS 16 by testing each beta release. We recently discovered an issue in Apple’s User Enrollment process. Both Intune and Apple are working on updates, but in the interim, if you enroll devices with User Enrollment you’ll want to understand the background and options as iOS/iPadOS 16 releases. Impacted devices are: Enrolled with User Enrollment, and on iOS 15 or iPadOS 15. User Enrolled devices into Intune between September 16, 2021, (Intune’s 2109 service release) and the August (2208) Intune releases. You can see the device enrollment date within the Microsoft Endpoint Manager admin center reporting by going Devices > iOS/iPadOS, on the overview page see the Enrollment date column. If you’re looking on an actual iOS device, you can see the enrollment date under Settings -> General > VPN & Device management -> Management Profile -> then look at when the Device Identity Certificate expires – if it’s between September 2022 and September 2023 it’s likely impacted as most customers use a one-year certificate. If we believe you have devices that meet the criteria above, we also posted Service Health Dashboard post IT428176 on your dashboard. The user experience: If the device updates from iOS/iPadOS 15 to iOS/iPadOS 16, the user will be presented with a “new MDM payload does not match the old payload" error. At the device level, the enrolled devices are not able to update their management profile. When management profiles are not updated, the device could lose compliance, which depending on your policies, may block access to company resources. Immediate mitigation: A device can be un-enrolled and re-enrolled which will apply a new management profile and the new OS. We're working on a mitigation where you don’t need to take this step. Work underway for mitigation: Intune is releasing a fix which will be completely rolled out to the entire Intune environment by September 16; and Apple is working on an update to iOS/iPadOS 16, however we don’t know if it’ll release with 16 or with 16.x (an upcoming release). We will keep this post updated. Once both fixes are complete, users will not receive the update error and can easily update to iOS 16/iPadOS 16. We will keep this post updated as we have additional information and as fixes are released. If you have questions, reply to this post or reach out to @IntuneSuppTeam on Twitter. Continue reading...

One month from today, we’re going to start to turn off basic auth for specific protocols in Exchange Online for customers who use them. Since our first announcement nearly three years ago, we’ve seen millions of users move away from basic auth, and we’ve disabled it in millions of tenants to proactively protect them. We’re not done yet though, and unfortunately usage isn’t yet at zero. Despite that, we will start to turn off basic auth for several protocols for tenants not previously disabled. Starting October 1st, we will start to randomly select tenants and disable basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. We will post a message to the Message Center 7 days prior, and we will post Service Health Dashboard notifications to each tenant on the day of the change. We will not be disabling or changing any settings for SMTP AUTH. If you have removed your dependency on basic auth, this will not affect your tenant or users. If you have not (or are not sure), check the Message Center for the latest data contained in the monthly usage reports we have been sending monthly since October 2021. The data for August 2022 will be sent within the first few days of September. What If You Are Not Ready for This Change? We recognize that unfortunately there are still many tenants unprepared for this change. Despite multiple blog posts, Message Center posts, interruptions of service, and coverage via tweets, videos, conference presentations and more, some customers are still unaware this change is coming. There are also many customers aware of the deadline who simply haven’t done the necessary work to avoid an outage. Our goal with this effort has only ever been to protect your data and accounts from the increasing number of attacks we see that are leveraging basic auth. However, we understand that email is a mission-critical service for many of our customers and turning off basic auth for many of them could potentially be very impactful. One-Time Re-Enablement Today we are announcing an update to our plan to offer customers who are unaware or are not ready for this change. When we turn off basic auth after October 1st, all customers will be able to use the self-service diagnostic to re-enable basic auth for any protocols they need, once per protocol. Details on this process are below. Once this diagnostic is run, basic auth will be re-enabled for those protocol(s). Selected protocol(s) will stay enabled for basic auth use until end of December 2022. During the first week of calendar year 2023, those protocols will be disabled for basic auth use permanently, and there will be no possibility of using basic auth after that. Avoiding Disruption If you already know you need more time and wish to avoid the disruption of having basic auth disabled you can run the diagnostics during the month of September, and when October comes, we will not disable basic for protocol(s) you specify. We will disable basic for any non-opted-out protocols, but you will be able to re-enable them (until the end of the year) by following the steps below if you later decide you need those too. In other words – if you do not want basic for a specific protocol or protocols disabled in October, you can use the same self-service diagnostic in the month of September. Details on this process below. Diagnostic Options Thousands of customers have already used the self-service diagnostic we discussed in earlier blog posts (here and here) to re-enable basic auth for a protocol that had been turned off, or to tell us not to include them in our proactive protection expansion program. We’re using this same diagnostic again, but the workflow is changing a little. Today, we have archived all prior re-enable and opt-out requests. If you have previously opted out or re-enabled basic for some protocol, you’ll need to follow the steps below during the month of September to indicate you want us to leave something enabled for basic auth after Oct 1. To invoke the self-service diagnostic, you can go directly to the basic auth self-help diagnostic by simply clicking on this button (it’ll bring up the diagnostic in the Microsoft 365 admin center if you’re a tenant Global Admin): Or you can open the Microsoft 365 admin center and click the green Help & support button in the lower right-hand corner of the screen. When you click the button, you enter our self-help system. Here you can enter the phrase “Diag: Enable Basic Auth in EXO” Customers with tenants in the Government Community Cloud (GCC) are unable to use the self-service diagnostic covered here. Those tenants may opt out by following the process contained in the Message Center post sent to their tenant today. If GCC customers need to re-enable a protocol following the Oct 1st deadline they will need to open a support ticket. Opting Out During the month of September 2022, the diagnostic will offer only the option to opt-out. By submitting your opt-out request during September, you are telling us that you do not want us to disable basic for a protocol or protocols during October. Please understand we will be disabling basic auth for all tenants permanently in January 2023, regardless of their opt-out status. The diagnostic will show a version of the dialog below, and you can re-run it for multiple protocols. It might look a bit different if some protocols have already been disabled. Note too that protocols are not removed from the list as you opt-out but rest assured (unless you receive an error) we will receive the request. Re-Enabling Basic for protocols Starting October 1, the diagnostic will only allow you to re-enable basic auth for a protocol that it was disabled for. If you did not opt-out during September, and we disabled basic for a protocol you later realize you need, you can use this to re-enable it. Within an hour (usually much sooner) after you run the diagnostics and ask us to re-enable basic for a protocol, basic auth will start to work again. At this point, we have to remind you that by re-enabling basic for a protocol, you are leaving your users and data vulnerable to security risks, and that we have customers suffering from basic auth-based attacks every single day (but you know that already). Starting January 1, 2023, the self-serve diagnostic will no longer be available, and basic auth will soon thereafter be disabled for all protocols. Summary of timelines and actions Please see the following flow chart to help illustrate the changes and actions that you might need to take: Blocking Basic Authentication Yourself If you re-enable basic for a protocol because you need some extra time and then afterward no longer need basic auth you can block it yourself instead of waiting for us to do it in January 2023. The quickest and most effective way to do this is to use Authentication Policies which block basic auth connections at the first point of contact to Exchange Online. Just go into the Microsoft 365 admin center, navigate to Settings, Org Settings, Modern Authentication and uncheck the boxes to block basic for all protocols you no longer need (these checkboxes will do nothing once we block basic for a protocol permanently, and we’ll remove them some time after January 2023). Reporting Web Service Endpoint For those of you using the Reporting Web Service REST endpoint to get access to Message Tracking Logs and more, we’re also announcing today that this service will continue to have basic auth enabled until Dec 31st for all customers, no opt-out or re-enablement is required. EOP/SCC PowerShell Basic authentication will remain enabled until Dec 31st, 2022. Customers need to migrate to certificate based authentication. Follow the Instructions here: App-only authentication One Other Basic Authentication Related Update We’re adding a new capability to Microsoft 365 to help our customers avoid the risks posed by basic authentication. This new feature changes the default behavior of Office applications to block sign-in prompts using basic authentication. With this change, if users try to open Office files on servers that only use basic authentication, they won't see any basic authentication sign-in prompts. Instead, they'll see a message that the file has been blocked because it uses a sign-in method that may be insecure. You can read more about this great new feature here: Basic authentication sign-in prompts are blocked by default in Microsoft 365 Apps. Office Team is looking for customers to opt-in to their Private Preview Program for this feature. Please send them an email if you are interested in signing up: basicauthdeprmailer@microsoft.com. Summary This effort has taken three years from initial communication until now, and even that has not been enough time to ensure that all customers know about this change and take all necessary steps. IT and change can be hard, and the pandemic changed priorities for many of us, but everyone wants the same thing: better security for their users and data. Our customers are important to us, and we do not want to see them breached, or disrupted. It’s a fine balance but we hope this final option will allow the remaining customers using Basic auth to finally get rid of it. The end of 2022 will see us collectively reach that goal, to Improve Security – Together. The Exchange Team Continue reading...

Welcome to the August 2022 update. This month, we have many new features rolling out to Insiders and many more becoming generally available (GA) across web, Windows, and Mac. New functions to manipulate text and arrays including TEXTBEFORE / TEXTAFTER, VSTACK / HSTACK, CHOOSEROWS / CHOOSECOLS, and more are now GA; and the IMAGE function to insert images in cells is rolling out to the Beta channel for Insiders. Check out this Excel Features Flyer to find if a specific feature is in your version of Excel Excel for the web New Excel Functions Power Query Group operations Improvements to the connected Power BI experience Add and edit rich text formatting Sort by color or icon from auto filter menu Edit files with legacy data connections Edit files with legacy Shared Workbook feature Delete chart elements Multiline formula bar Excel for Windows New Excel Functions IMAGE function (Insiders Beta) Improvements to the connected Power BI experience (Insiders Beta) Show Changes (Insiders CC Preview) Excel for Mac New Excel Functions IMAGE function (Insiders Beta) Show Changes (Insiders CC Preview) Android New Excel Functions IMAGE function (Insiders Beta) iOS New Excel Functions IMAGE function (Insiders Beta) Excel for the web New Excel Functions 14 new functions to manipulate text and arrays including TEXTBEFORE / TEXTAFTER, VSTACK / HSTACK, CHOOSEROWS / CHOOSECOLS, and more are now rolling out to users. Read more > Text manipulation Power Query Group operations You can now perform various operations on Power Query groups to better organize your queries and easily consume the data on the queries pane. Read more > Power Query group operations Improvements to the connected Power BI experience In both Excel for the web and Excel for Windows, you can create a PivotTable that connects directly to a Power BI dataset. This allows you to analyze data between platforms seamlessly. With this set of updates, we improve the experience of analyzing data in PivotTables. Read more > Power BI connected PivotTable Add and edit rich text formatting Rich text formatting allows the user to add formatting to only part of the text within a cell. You can use the ribbon or shortcuts to add the formatting. Edit rich text Sort by color or icon from auto filter menu Sorting is now easier and more convenient with new sort-by-color or icon options. Sort by color or icon from auto filter menu Edit files with legacy data connections You can now edit files that contain legacy data connections like Text Queries, Web Queries, Query Table, or SharePoint Lists. This enables interaction with the workbook and access to the previously stored data from these connections, but without interaction, modification, or refreshing of the connections themselves. We recommend switching to import data via Power Query to connect and refresh data. Edit files with legacy data connections Edit files with legacy Shared Workbook feature You can now edit files that use the legacy shared workbook feature, with a provision for one-click turn-off of the legacy feature, thus allowing you to interact and collaborate with the workbook. Edit files with legacy Shared Workbooks Delete chart elements Deleting a data series from charts is now easier by selecting a series and pressing the delete/backspace key to remove it. Delete chart elements Multiline formula bar Users can now expand and collapse the formula bar by using the chevron or manually resizing it. This capability Improves the readability of long formulas or text Multiline formula bar Excel for Windows New Excel Functions 14 new functions to manipulate text and arrays including TEXTBEFORE / TEXTAFTER, VSTACK / HSTACK, CHOOSEROWS / CHOOSECOLS, and more are rolling out to users in the Current Channel. Read more > IMAGE Function (Insiders Beta) The image function inserts images into cells from a source location, along with the alternative text. Your images can now be part of the worksheet, instead of floating on top. You can move and resize cells, sort and filter, and work with images within an Excel table. Read more > Insert Image Function Improvements to the connected Power BI experience (Insiders Beta) In both Excel for the web and Excel for Windows, you can create a PivotTable that connects directly to a Power BI dataset. This allows you to analyze data between platforms seamlessly. With this set of updates, we improve the experience of analyzing data in PivotTables. Read more > Show Changes (Insiders CC Preview) Show Changes in Excel lets you see exactly what edits were made to your workbooks, so you can confidently allow others to collaborate on your work. You can see details of who changed what, where, and when, along with the previous value of the cell for quick reversion. Now available in the CC Preview Channel for Insiders. Read more > Show Changes Excel for Mac New Excel Functions 14 new functions to manipulate text and arrays including TEXTBEFORE / TEXTAFTER, VSTACK / HSTACK, CHOOSEROWS / CHOOSECOLS, and more are now rolling out to users. Read more > IMAGE Function (Insiders Beta) The image function inserts images into cells from a source location, along with the alternative text. Your images can now be part of the worksheet, instead of floating on top. You can move and resize cells, sort and filter, and work with images within an Excel table. Read more > Show Changes (Insiders CC Preview) Show Changes in Excel lets you see exactly what edits were made to your workbooks, so you can confidently allow others to collaborate on your work. You can see details of who changed what, where, and when, along with the previous value of the cell for quick reversion. Now available in the CC Preview Channel for Insiders. Read more > Your feedback helps shape the future of Excel. Please let us know how you like a particular feature and what we can improve upon—send us a smile or frown.  You can also submit new ideas or vote for other ideas via Microsoft Feedback. Subscribe to our Excel Blog and the Insiders Blog to get the latest updates. Stay connected with us and other Excel fans around the world – join our Excel Community and follow us on Twitter. Check out this Excel Features Flyer to find if a specific feature is in your version of Excel :) Continue reading...

Yes.

Today, we are releasing our latest version of Windows Admin Center! Windows Admin Center version 2208 is now in Public Preview. Thank you to our customers, partners, and fans for helping us to continue to improve and make Windows Admin Center better! We’re working constantly to ensure users of our product have the best user experience. Platform updates Accessibility: support for 400% zoom We’re excited to provide support for reflow and up-to 400% zoom for our customers. Now, visually impaired users are able to zoom in and navigate through Windows Admin Center without any issues or worry. The UI components will adjust dynamically as the user zooms in and provide the same seamless experience that you all know and love. Support for WDAC-enforced infrastructure With thousands of new malicious files created every day, using traditional methods like antivirus solutions—signature-based detection to fight against malware—provides an inadequate defense against new attacks. In most organizations, information is the most valuable asset, and ensuring that only approved users have access to that information is imperative. However, when a user runs a process, that process has the same level of access to data that the user has. As a result, sensitive information could easily be deleted or transmitted out of the organization if a user knowingly or unknowingly runs malicious software. Windows Defender application control (WDAC) can help mitigate many security threats by restricting the applications that users are allowed to run and the code that runs in the System Core (kernel). Application control policies can also block unsigned scripts and MSIs, and restrict Windows PowerShell to run in Constrained Language Mode. Learn more about Application Control for Windows. In this preview, Windows Admin Center now supports managing your WDAC-enforced infrastructure. This capability enables you to use the modern interface of Windows Admin Center to manage your secure environments, no matter where they are running. Application control is a crucial line of defense for protecting enterprises given today’s threat landscape, and it has an inherent advantage over traditional antivirus solutions. Learn more. Azure Stack HCI deployment and management Azure Stack HCI cluster Properties page Have you ever wanted to access all the basic information about your Azure Stack HCI cluster in one place? The new Properties page in Cluster Manager Settings brings cluster, operating system, and hardware related information to a single page with click-to-copy functionality. Settings search feature with smart keywords The settings pages for Windows Admin Center, Cluster Manager, Server Manager, and Computer Management now contain a search box to improve navigation. The search feature can handle non-trivial keywords to match more than just the section title. Visual design refresh The overall look and feel of Windows Admin Center has been refreshed to provide a sleeker, more modern experience. This includes new section title breadcrumbs and colorful icons. SDN updates Managing SDN via Windows Admin Center has now graduated to General Availability: After a comprehensive set of quality enhancements and resolution of known issues, all SDN extensions are moving into the General Availability tier, and the preview banners have been removed for all extensions. We’ve also made several improvements in the monitoring and health of SDN. These changes include: The SDN dashboard no longer requires a user to enter the name of a Network Controller (NC) VM to fetch health information for the SDN deployment.   We have also fixed a bunch of issues related to SDN health reporting. Now, you will be able to see accurate health information for all the SDN resources. Moreover, each alert is more actionable with severity, details and time.  We now show information and expiry dates for SDN certificates. This will help you plan certificate rotations in a timely manner and avoid disruptions.  Additionally, when adding an Azure Stack HCI cluster to Windows Admin Center, you no longer need to input the NC REST uri. SDN is auto-detected when you click on the SDN Infrastructure extension in Windows Admin Center.  Windows Admin Center in Azure A few months ago, we release the preview of Windows Admin Center in Azure to manage your Arc-enabled servers and Azure Stack HCI clusters. This new capability enables seamless and granular management of your Arc-enabled Windows servers and virtual machines as well as Azure Stack HCI systems (in addition to your IaaS VMs) from within the Azure portal. You can securely manage your servers and clusters from the cloud—without needing a VPN, public IP address, or other inbound connectivity to your machine. Here is a short video highlighting some of the capabilities included with Windows Admin Center: How to use Windows Admin Center in the Azure portal. Over the next few weeks, your instances of Windows Admin Center in Azure will update to include the awesome new features from this Windows Admin Center 2208 preview. Stay tuned! Extension updates Cluster create This new build introduces a couple of bug fixes including the domain join issue in Stage 1.3, the 1% stuck issue in Stage 3.2, and the server restart issue in Stage 1.7. This new version also comes with support for clustering VMs using Network ATC as long as the VMs both have 2 or more processors. Download today! We hope you enjoy this latest update of Windows Admin Center, the various new functionality in preview, and all the extensions now available. Learn more and download today! As always, thanks for your ongoing support, adoption, and feedback. Your contributions through user feedback continue to be vital and valuable to us, helping us prioritize and sequence our investments. Windows Admin Center is continuously evolving and growing as a tool and a platform, and we are beyond thrilled to have you part of our journey. To skill up on Windows Admin Center and Windows Server 2022, check out our Windows Server Hybrid Administrator Certification and other featured Learn courses. Thank you, Windows Admin Center Team (@servermgmt) Continue reading...

We are excited to announce that the iOS and Android apps for Microsoft To Do (a tool for managing and sharing tasks and lists) is rolling out to GCC (Government Community Cloud) users. The rollout begins in late August, with plans to be completed by mid-September. This launch will add the mobile apps to the web and Outlook functionality that GCC accounts already have today. Using To Do on iOS and Android means that users can bring the power and flexibility of task list management wherever they go, with an intuitive UI closely resembling the experience users know from the web app: Surface Duo users will also appreciate the 2-screen experience of the Android app that allows them to view their list of tasks on 1 screen, while viewing the details of a particular task on the other: No admin action is needed to enable To Do mobile app access for GCC tenants. Features that remain unavailable in GCC at this time (consistent with the limitations of To Do Web) include shared list notifications, and the ability to share task lists outside your organization. For more information, check out the support page. For more info from me on collaboration & teamwork, follow me at TeamworkCowbell (blog | Twitter | YouTube) or at ricardo303, SharePointCowbell, and LinkedIn. Continue reading...

Customers have been asking for unified APIs that are part of the Microsoft Graph with a single endpoint, permissions, auth model, and access token. We’re happy to share that the new Microsoft 365 Defender APIs in MS Graph: Incidents, Alerts, and Hunting, are now in public preview! What’s new Alerts (alerts_v2): The Microsoft 365 Defender unified alerts API serves alerts from Microsoft 365 Defender, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Purview Data Loss Prevention (and any future new signals integrated into M365D). Integrating with this API will support the entire scope of Microsoft 365 Defender. As part of the alerts schema, in addition to the alert severity, we added the containing – this allows SOC team to be aware of the overall severity of the incident when triaging an alert, so they can prioritize effectively. The new alert schema expands and enriches supported evidence entities at parity and beyond with the native service Alert APIs. Below is an example of email (named 'analyzedMessage' in the MS Graph API) evidence metadata that includes email headers that you’ve been waiting for: Incidents: Contain incident metadata and a collection of the new Microsoft 365 Defender unified alerts (see above). This API is at parity with the existing Incidents API on the native Microsoft 365 Defender endpoint and combined with the new alerts API, it provides much richer and actionable information for your automation flows. Hunting: The Hunting API is identical to the existing Hunting API on the native Microsoft 365 Defender endpoint, but now available in MS Graph. Getting started The following section is a modified version of the Microsoft 365 Defender documentation of how to register an Azure AD application to use the APIs: Hello World for Microsoft 365 Defender REST API Register an application in Azure Active Directory Sign into Azure Portal as a user with the Global administrator role. Navigate to Azure Active Directory > App registrations > New registration. In the registration form, enter a name for your application, then select Register. Selecting a redirect URI is optional. On your application page, select API Permissions > Microsoft Graph. In the page displayed, select Delegated permissions, start typing “security” in the search box, select SecurityIncident.Read.All and then click on Add permission. Click admin consent for your tenant. You can select multiple permissions and then grant admin consent for them all. Add a secret to the application. Select Certificates & secrets, add a description to the secret, then select Add. Remember to save this secret. Record your application ID and tenant ID somewhere safe. They’re listed on your application Overview page. Authentication and authorization with the Microsoft Graph (or ‘Get a token using the app and use the token to access the API’) Because the new Microsoft 365 Defender APIs are hosted in Microsoft Graph, follow the steps as outlined in Microsoft Graph online documentation: For Delegated Authentication & authorization (AuthNZ): Get access on behalf of a user - Microsoft Graph For Application only AuthNZ (i.e., without a signed-in user): Get access without a user - Microsoft Graph The new Microsoft Graph permissions The new Microsoft 365 Defender incidents, alerts_v2, and hunting APIs require the following Microsoft Graph permissions: SecurityAlert.Read.All – Required to list alerts and get alert (by ID) SecurityAlert.ReadWrite.All – Required for update alert (& list/get alert) SecurityIncident.Read.All - Required to list incidents & get incident (by ID) SecurityIncident.ReadWrite.All - Required to update incident (& list/get incident) ThreatHunting.Read.All – Required for running hunting queries API documentation and more information Full API documentation is available in MS Graph documentation. Here are a few sample API calls to get you started: List Incidents: GET http://graph.microsoft.com/beta/security/incidents/ Get Incident (by ID): GET http://graph.microsoft.com/beta/security/incidents/{id} List Alerts: GET http://graph.microsoft.com/beta/security/alerts_v2/ Get Alert (by ID): GET http://graph.microsoft.com/beta/security/alerts_v2/{id} Run Hunting Query: POST http://graph.microsoft.com/beta/security/runHuntingQuery Body { "Query":"DeviceProcessEvents | where InitiatingProcessFileName =~ \"powershell.exe\" | project Timestamp, FileName, InitiatingProcessFileName | order by Timestamp desc | limit 2" } Continue reading...

Over the last two years, the world has dramatically changed both in our daily lives and how companies conduct business. In the pre-pandemic world, eroding network boundaries and the maturity of SaaS applications precipitated endpoint-first design. The pandemic and post-pandemic era demand it, the world is embracing hybrid workplaces and zero trust postures. When we first launched Network Protection for Windows and built powerful Web Protection and Microsoft Defender for Cloud Apps (MDA) capabilities on top of it, we knew our vision to bring you our proxy-less endpoint first architecture would remain incomplete until we delivered for macOS and Linux. That day has arrived, and we could not be more excited to share that Network and Web Protection for macOS and Linux is now in Public Preview. Network Protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. It is the foundation on which our Web Protection for Microsoft Defender for Endpoint is built. These capabilities include Web threat protection, Web content filtering, and IP/URL Custom indicators. Web protection enables you to secure your devices against web threats and helps to regulate unwanted content. Network protection also integrates Microsoft Defender for Endpoint with Defender for Cloud Apps natively. Currently, the integration for macOS and Linux only supports endpoint enforcement capabilities. How to evaluate Network Protection and the features it enables: Explore Network Protection on macOS Prerequisites & Requirements Licensing: Microsoft Defender for Endpoint tenant (can be trial) Onboarded Machines: Minimum macOS version: 11 (Big Sur) MDE product version: 101.78.13 Your device must be in the InsiderSlow or InsiderFast Microsoft AutoUpdate update channel. You can check the update channel using the following command: mdatp --health releaseRing If your device is not already in the InsiderSlow update channel, execute the following command from the Terminal. The channel update takes effect next time the product starts (when the next product update is installed or when the device is rebooted). defaults write com.microsoft.autoupdate2 ChannelName InsiderSlow Alternatively, if you are in a managed environment (JAMF or Intune), you can configure the device group remotely. For more information, reference this page. Once the prerequisites have been met, follow installation and configuration instructions in Use network protection to help prevent macOS connections to bad sites | Microsoft Docs Here is how the experience looks on macOS: Explore Network Protection on Linux Prerequisites & Requirements Licensing: Microsoft Defender for Endpoint tenant (can be trial) and platform specific requirements found in Microsoft Defender for Endpoint for non-Windows platforms | Microsoft Docs Onboarded Machines: Minimum Linux distro version: refer to Microsoft Defender for Endpoint on Linux Microsoft Defender for Endpoint Linux client version: 101.78.13-insidersfast Once the prerequisites have been met, follow installation and configuration instructions in Use network protection to help prevent Linux connections to bad sites | Microsoft Docs How do I verify my Mac/Linux device is configured properly? Navigate to SmartScreen Test which will block the browser from loading the page. On macOS an accompanying toast message will also be shown. On Linux the connection will be disallowed as shown below. There will be no accompanying toast message in Linux: Alternatively, you can also test this from the Terminal by running the following command and noticing that the connection is blocked by the Network Protection: curl SmartScreen Test How do I explore the features? Protect your organization against web threats | Microsoft Docs Web threat protection is part of Web protection in Microsoft Defender for Endpoint. It uses network protection to secure your devices against web threats. [*]Run through the IP/URL Custom Indicators of Compromise flow to get blocks on the Custom Indicator type. [*]Explore Web content filtering | Microsoft Docs Note: if you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment. Pro Tip: You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy. [*]Integrate Microsoft Defender for Endpoint with Cloud App Security | Microsoft Docs and your Linux and macOS devices with Network Protection enabled will have endpoint policy enforcement capabilities. Note: Discovery and other features are currently not supported on macOS and Linux platforms. On device experience When an end user attempts to access monitored domains on macOS/Linux, their navigation effort will be audited/blocked (depending on Network Protection policy). On macOS, the user will also be informed by Microsoft Defender for Endpoint via toast. macOS The user will get a plain block experience accompanied by the following toast message which will be displayed by the operating system including the name of the blocked application or website (e.g Blogger.com) No block pages are shown in third-party browsers, and the user sees a "Secure Connection Failed' page along with a toast notification. Depending on the policy responsible for the block, a user will see a different message in the toast notification. For example, web content filtering will display the message 'This content is blocked'. We are looking forward to hearing your feedback and answering any questions you may have! Reference Documents Microsoft Defender for Endpoint on Mac documentation - Microsoft Defender for Endpoint on Mac | Microsoft Docs Microsoft Defender for Endpoint on Linux documentation - Microsoft Defender for Endpoint on Linux | Microsoft Docs About Microsoft Defender for Endpoint Network Protection - Use network protection to help prevent connections to bad sites | Microsoft Docs About Microsoft Defender for Endpoint Network Protection on Linux - Use network protection to help prevent Linux connections to bad sites | Microsoft Docs About Microsoft Defender for Endpoint Network Protection on macOS - Use network protection to help prevent macOS connections to bad sites | Microsoft Docs Enable Network Protection - Turn on network protection | Microsoft Docs Web Protection - Web protection | Microsoft Docs Custom Indicators - Create indicators | Microsoft Docs Web Content Filtering (WCF) - Web content filtering | Microsoft Docs Microsoft Defender for Cloud Apps - Integrate Microsoft Defender for Endpoint with Cloud App Security | Microsoft Docs Edge Browser Setup - Microsoft Edge Browser Features | Microsoft Microsoft Defender for Endpoint is an industry-leading, cloud-powered endpoint security solution offering vulnerability management, endpoint protection, endpoint detection and response, and mobile threat defense in a single unified platform. With our solution, threats are no match. If you are not yet taking advantage of Microsoft’s unrivaled threat optics and proven capabilities, sign up for a free trial of Microsoft Defender for Endpoint today. Microsoft Defender for Endpoint team Continue reading...

In this post, I am detailing the steps I did to enable the PDF Preview on Outlook running on Windows 10, since some customers that are using Windows 10 for Azure Virtual Desktop (AVD) asked me a guidance for this. If you are running Windows 11, you can skip this post, since it is already working by design. At least, it was supposed to. Just as a spoiler, I made it work by setting Microsoft Edge PDF Preview Handler on Microsoft Outlook. This file cannot be previewed because there is no previewer installed for it That was the message error that I was getting when I tried to preview a PDF file for Outlook running on Windows 10 of my Azure Virtual Desktop environment. Steps to Fix it The steps to fix it are really simple, but it took me a lot of time to figure out the registry keys that must be changed. I used the Process Monitor to find the values that were missing. But don't worry, I am omitting the PROCMON analysis and going straight to the point. :) Follows the keys that you need to add on registry. You can copy and save it in a .reg file (something like pdfpreview.reg) and run it to add those settings to registry. You will need admin privileges for it. Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.pdf] "Content Type"="application/pdf" [HKEY_CLASSES_ROOT\.pdf\OpenWithProgids] "AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723"=hex(0): "AppXhaf982pj5x803bbs896zjjytm0naym8x"=hex: "MSEdgePDF"="" [HKEY_CLASSES_ROOT\.pdf\PersistentHandler] @="{1AA9BF05-9A97-48c1-BA28-D9DCE795E93C}" [HKEY_CLASSES_ROOT\.pdf\ShellEx] [HKEY_CLASSES_ROOT\.pdf\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}] @="{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}" [HKEY_CLASSES_ROOT\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}] @="PDF Preview Handler" "DisplayName"="PDF Preview Handler" "AppID"="{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}" "EnablePreviewHandler"=dword:00000001 [HKEY_CLASSES_ROOT\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32] @="C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\104.0.1293.54\\PdfPreview\\PdfPreviewHandler.dll" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PreviewHandlers] "{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}"="Microsoft PDF Previewer" As I was using a clean Windows 10 image, I found out that I also need to install the Microsoft Edge WebView2 runtime. But probably you already have it installed on your environment. Finally, after adding those keys to registry and having installed WebView2 runtime, I successfully enabled PDF Preview for Outlook. I hope that those steps can help you too. Continue reading...

The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state interests. Its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. SEABORGIUM intrusions have also been linked to hack-and-leak campaigns, where stolen and leaked data is used to shape narratives in targeted countries. While we cannot rule out that supporting elements of the group may have current or prior affiliations with criminal or other nonstate ecosystems, MSTIC assesses that information collected during SEABORGIUM intrusions likely supports traditional espionage objectives and information operations as opposed to financial motivations. This blog provides insights into SEABORGIUM’s activities and technical methods, with the goal of sharing context and raising awareness about a significant threat to Microsoft customers. MSTIC would like to acknowledge the Google Threat Analysis Group (TAG) and the Proofpoint Threat Research Team for their collaboration on tracking and disrupting this actor. Microsoft’s ability to detect and track SEABORGIUM’s abuse of Microsoft services, particularly OneDrive, has provided MSTIC sustained visibility into the actor’s activities and enabled us to notify impacted customers. As an outcome of these service abuse investigations, MSTIC partnered with abuse teams in Microsoft to disable accounts used by the actor for reconnaissance, phishing, and email collection. Microsoft Defender SmartScreen has also implemented detections against the phishing domains represented in SEABORGIUM’s activities. Who is SEABORGIUM? SEABORGIUM is a highly persistent threat actor, frequently targeting the same organizations over long periods of time. Once successful, it slowly infiltrates targeted organizations’ social networks through constant impersonation, rapport building, and phishing to deepen their intrusion. SEABORGIUM has successfully compromised organizations and people of interest in consistent campaigns for several years, rarely changing methodologies or tactics. Based on known indicators of compromise and actor tactics, SEABORGIUM overlaps with the threat groups tracked as Callisto Group (F-Secure), TA446 (Proofpoint) and COLDRIVER (Google). Security Service of Ukraine (SSU) has associated Callisto with Gamaredon Group (tracked by Microsoft as ACTINIUM); however, MSTIC has not observed technical intrusion links to support the association. Since the beginning of 2022, Microsoft has observed SEABORGIUM campaigns targeting over 30 organizations, in addition to personal accounts of people of interest. SEABORGIUM primarily targets NATO countries, particularly the US and the UK, with occasional targeting of other countries in the Baltics, the Nordics, and Eastern Europe. Such targeting has included the government sector of Ukraine in the months leading up to the invasion by Russia, and organizations involved in supporting roles for the war in Ukraine. Despite some targeting of these organizations, Microsoft assesses that Ukraine is likely not a primary focus for this actor; however, it is most likely a reactive focus area for the actor and one of many diverse targets. Within the target countries, SEABORGIUM primarily focuses operations on defense and intelligence consulting companies, non-governmental organizations (NGOs) and intergovernmental organizations (IGOs), think tanks, and higher education. SEABORGIUM has a high interest in targeting individuals as well, with 30% of Microsoft’s nation-state notifications related to SEABORGIUM activity being delivered to Microsoft consumer email accounts. SEABORGIUM has been observed targeting former intelligence officials, experts in Russian affairs, and Russian citizens abroad. As with any observed nation-state actor activity, Microsoft directly notifies customers of Microsoft services that have been targeted or compromised, providing them with the information they need to secure their accounts. Observed actor activity Over many years of tracking, Microsoft has observed a consistent methodology from SEABORGIUM with only slight deviations in their social engineering approaches and in how they deliver the initial malicious URL to their targets. In this section, we provide detailed analysis of SEABORBIUM’s operational tactics as well as several examples of their campaigns. Impersonation and establishing contact Before starting a campaign, SEABORGIUM often conducts reconnaissance of target individuals, with a focus on identifying legitimate contacts in the targets’ distant social network or sphere of influence. Based on some of the impersonation and targeting observed, we suspect that the threat actor uses social media platforms, personal directories, and general open-source intelligence (OSINT) to supplement their reconnaissance efforts. MSTIC, in partnership with LinkedIn, has observed fraudulent profiles attributed to SEABORGIUM being used sporadically for conducting reconnaissance of employees from specific organizations of interest. In accordance with their policies, LinkedIn terminated any account (including the one shown below) identified as conducting inauthentic or fraudulent behavior. Figure 1: Example profile used by SEABORGIUM to conduct industry-specific reconnaissance SEABORGIUM also registers new email accounts at various consumer email providers, with the email address or alias configured to match legitimate aliases or names of impersonated individuals. While the creation of new consumer accounts is common, we have also observed SEABORGIUM returning to and reusing historical accounts that match the industry of the ultimate target. In one case, we observed SEABORGIUM returning to an account it had not used in a year, indicating potential tracking and reusing of accounts if relevant to targets’ verticals. After registering new accounts, SEABORGIUM proceeds to establish contact with their target. In cases of personal or consumer targeting, MSTIC has mostly observed the actor starting the conversation with a benign email message, typically exchanging pleasantries before referencing a non-existent attachment while highlighting a topic of interest to the target. It’s likely that this additional step helps the actor establish rapport and avoid suspicion, resulting in further interaction. If the target replies, SEABORGIUM proceeds to send a weaponized email. Figure 2: Example email showing the multi-email approach and rapport building frequently used by the actors. MSTIC has also documented several cases where the actor focuses on a more organizational approach to phishing. In these cases, the actor uses an authoritative approach in their social engineering and typically goes to directly sending malicious content. Figure 3: Example phishing email from 2022 where the actor impersonates the lead of an organization and emails select members of the organization with a cybersecurity themed lure. These examples serve to demonstrate the actors’ capability to be dynamic and to adapt their social engineering approach to gain the trust of their victims. Delivery of malicious content Microsoft has identified several variations in the way that SEABORGIUM delivers a link that directs targets to their credential stealing infrastructure. URL in body of email In the simplest case, SEABORGIUM directly adds a URL to the body of their phishing email. Occasionally, the actor leverages URL shorteners and open redirects to obfuscate their URL from the target and inline protection platforms. The email varies between fake personal correspondence with a hyperlinked text and fake file sharing emails that imitate a range of platforms. Figure 4: Example follow-up email impersonating a OneDrive share. The link embedded takes the user to actor-controlled infrastructure. PDF file attachment that contains a URL MSTIC has observed an increase in the use of attachments in SEABORGIUM campaigns. These attachments typically imitate a file or document hosting service, including OneDrive, and request the user to open the document by clicking a button. Figure 5: Campaign from 2022 using the war in Ukraine as a ruse. Example of SEABORGIUM directly attaching a PDF file to the email. Figure 6: Example PDF file used in campaigns. The PDF files appear to be a failed preview, redirecting the users to click a link which takes the user to actor-controlled infrastructure. OneDrive link to PDF file that contains a URL SEABORGIUM also abuses OneDrive to host PDF files that contain a link to the malicious URL. This activity does not represent any security issues or vulnerabilities on the OneDrive platform. The actors include a OneDrive link in the body of the email that when clicked directs the user to a PDF file hosted within a SEABORGIUM-controlled OneDrive account. As seen in the previous example, the victim is presented with what appears to be a failed preview message, enticing the target to click the link to be directed to the credential-stealing infrastructure. Occasionally, SEABORGIUM makes use of open redirects within the PDF file to further disguise their operational infrastructure. In the example below, SEABORGIUM uses a Google URL for redirection. Figure 7: Example document hosted on OneDrive that uses a Google redirect link to send users to actor-controlled infrastructure. Credential theft Regardless of the method of delivery, when the target clicks the URL, the target is directed to an actor-controlled server hosting a phishing framework, most often EvilGinx. On occasion, Microsoft has observed attempts by the actor to evade automated browsing and detonation by fingerprinting browsing behavior. Once the target is redirected to the final page, the framework prompts the target for authentication, mirroring the sign-in page for a legitimate provider and intercepting any credentials. After credentials are captured, the target is redirected to a website or document to complete the interaction. Figure 8: Example cloned phishing portal used by SEABORGIUM to directly impersonate a victim organization. Data exfiltration and impact SEABORGIUM has been observed to use stolen credentials and directly sign in to victim email accounts. Based on our experience responding to intrusions from this actor on behalf of our customers, we have confirmed that the following activities are common: Exfiltration of intelligence data: SEABORGIUM has been observed exfiltrating emails and attachments from the inbox of victims. Setup of persistent data collection: In limited cases, SEABORGIUM has been observed setting up forwarding rules from victim inboxes to actor-controlled dead drop accounts where the actor has long-term access to collected data. On more than one occasion, we have observed that the actors were able to access mailing-list data for sensitive groups, such as those frequented by former intelligence officials, and maintain a collection of information from the mailing-list for follow-on targeting and exfiltration. Access to people of interest: There have been several cases where SEABORGIUM has been observed using their impersonation accounts to facilitate dialog with specific people of interest and, as a result, were included in conversations, sometimes unwittingly, involving multiple parties. The nature of the conversations identified during investigations by Microsoft demonstrates potentially sensitive information being shared that could provide intelligence value. Based on the specific victimology, documents stolen, conversations fostered, and sustained collection observed, we assess that espionage is likely a key motivation of the actor. Sporadic involvement with information operations In May 2021, MSTIC attributed an information operation to SEABORGIUM based on observations and technical overlaps with known phishing campaigns. The operation involved documents allegedly stolen from a political organization in the UK that were uploaded to a public PDF file-sharing site. The documents were later amplified on social media via known SEABORGIUM accounts, however MSTIC observed minimal engagement or further amplification. Microsoft was unable to validate the authenticity of the material. In late May 2022, Reuters along with Google TAG disclosed details about an information operation, specifically using hack and leak, that they attributed to COLDRIVER/SEABORGIUM. Microsoft independently linked SEABORGIUM to the campaign through technical indicators and agrees with the assessment by TAG on the actor responsible for the operation. In the said operation, the actors leaked emails/documents from 2018 to 2022, allegedly stolen from consumer Protonmail accounts belonging to high-level proponents of Brexit, to build a narrative that the participants were planning a coup. The narrative was amplified using social media and through specific politically themed media sources that garnered quite a bit of reach. While we have only observed two cases of direct involvement, MSTIC is not able to rule out that SEABORGIUM’s intrusion operations have yielded data used through other information outlets. As with any information operation, Microsoft urges caution in distributing or amplifying direct narratives, and urges readers to be critical that the malicious actors could have intentionally inserted misinformation or disinformation to assist their narrative. With this in mind, Microsoft will not be releasing the specific domain or content to avoid amplification. Recommended customer actions The techniques used by the actor and described in the “Observed actor activity” section can be mitigated by adopting the security considerations provided below: Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Configure Office 365 to disable email auto-forwarding. Use the included indicators of compromise to investigate whether they exist in your environment and assess for potential intrusion. Review all authentication activity for remote access infrastructure, with a particular focus on accounts configured with single factor authentication, to confirm authenticity and investigate any anomalous activity. Require multifactor authentication (MFA) for all users coming from all locations including perceived trusted environments, and all internet-facing infrastructure–even those coming from on-premises systems. Leverage more secure implementations such as FIDO Tokens, or Microsoft Authenticator with number matching. Avoid telephony-based MFA methods to avoid risks associated with SIM-jacking. For Microsoft Defender for Office 365 Customers: Use Microsoft Defender for Office 365 for enhanced phishing protection and coverage against new threats and polymorphic variants. Enable Zero-hour auto purge (ZAP) in Office 365 to quarantine sent mail in response to newly acquired threat intelligence and retroactively neutralize malicious phishing, spam, or malware messages that have already been delivered to mailboxes. Configure Defender for Office 365 to recheck links on click. Safe Links provides URL scanning and rewriting of inbound email messages in mail flow, and time-of-click verification of URLs and links in email messages, other Office applications such as Teams, and other locations such as SharePoint Online. Safe Links scanning occurs in addition to the regular anti-spam and anti-malware protection in inbound email messages in Exchange Online Protection (EOP). Safe Links scanning can help protect your organization from malicious links that are used in phishing and other attacks. Use the Attack Simulator in Microsoft Defender for Office 365 to run realistic, yet safe, simulated phishing and password attack campaigns within your organization. Run spear-phishing (credential harvest) simulations to train end-users against clicking URLs in unsolicited messages and disclosing their credentials. Indicators of compromise (IOCs) The below list provides IOCs observed during our investigation. We encourage our customers to investigate these indicators in their environments and implement detections and protections to identify past related activity and prevent future attacks against their systems. Indicator Type Confidence Public References (if Applicable) cache-dns[.]com Domain name High Google TAG, Sekoia.io cache-dns-forwarding[.]com Domain name High cache-dns-preview[.]com Domain name High cache-docs[.]com Domain name High Sekoia.io cache-pdf[.]com Domain name High cache-pdf[.]online Domain name High cache-services[.]live Domain name High cloud-docs[.]com Domain name High Sekoia.io cloud-drive[.]live Domain name High cloud-storage[.]live Domain name High docs-cache[.]com Domain name High Sekoia.io docs-forwarding[.]online Domain name High docs-info[.]com Domain name High Sekoia.io docs-shared[.]com Domain name High Google TAG, Sekoia.io docs-shared[.]online Domain name High docs-view[.]online Domain name High document-forwarding[.]com Domain name High document-online[.]live Domain name High document-preview[.]com Domain name High documents-cloud[.]com Domain name High Sekoia.io documents-cloud[.]online Domain name High Sekoia.io documents-forwarding[.]com Domain name High Google TAG document-share[.]live Domain name High documents-online[.]live Domain name High documents-pdf[.]online Domain name High Sekoia.io documents-preview[.]com Domain name High Google TAG documents-view[.]live Domain name High document-view[.]live Domain name High drive-docs[.]com Domain name High Sekoia.io drive-share[.]live Domain name High Google TAG, Sekoia.io goo-link[.]online Domain name High hypertextteches[.]com Domain name High Sekoia.io mail-docs[.]online Domain name High officeonline365[.]live Domain name High online365-office[.]com Domain name High online-document[.]live Domain name High online-storage[.]live Domain name High pdf-cache[.]com Domain name High pdf-cache[.]online Domain name High pdf-docs[.]online Domain name High Sekoia.io pdf-forwarding[.]online Domain name High protection-checklinks[.]xyz Domain name High protection-link[.]online Domain name High protectionmail[.]online Domain name High Sekoia.io protection-office[.]live Domain name High Google TAG, Sekoia.io protect-link[.]online Domain name High Google TAG, Sekoia.io proton-docs[.]com Domain name High Sekoia.io proton-reader[.]com Domain name High proton-viewer[.]com Domain name High Google TAG, Sekoia.io relogin-dashboard[.]online Domain name High safe-connection[.]online Domain name High safelinks-protect[.]live Domain name High secureoffice[.]live Domain name High webresources[.]live Domain name High Google TAG word-yand[.]live Domain name High yandx-online[.]cloud Domain name High y-ml[.]co Domain name High docs-drive[.]online Domain name Moderate Sekoia.io docs-info[.]online Domain name Moderate cloud-mail[.]online Domain name Moderate onlinecloud365[.]live Domain name Moderate pdf-cloud[.]online Domain name Moderate Sekoia.io pdf-shared[.]online Domain name Moderate Sekoia.io proton-pdf[.]online Domain name Moderate proton-view[.]online Domain name Moderate Sekoia.io office365-online[.]live Domain name Low doc-viewer[.]com Domain name Low file-milgov[.]systems Domain name Low Sekoia.io office-protection[.]online Domain name Low Sekoia.io NOTE: These indicators should not be considered exhaustive for this observed activity. Detections Intelligence gathered by the Microsoft Threat Intelligence Center (MSTIC) is used within Microsoft security products to provide protection against associated actor activity. Microsoft Defender for Office 365 Microsoft Defender for Office offers enhanced solutions for blocking and identifying malicious emails. Signals from Microsoft Defender for Office inform Microsoft 365 Defender, which correlate cross-domain threat intelligence to deliver coordinated defense, when this threat has been detected. These alerts, however, can be triggered by unrelated threat activity. Example alerts: A potentially malicious URL click was detected Email messages containing malicious URL removed after delivery Email messages removed after delivery Email reported by user as malware or phish Microsoft 365 Defender Aside from the Microsoft Defender for Office 365 alerts above, customers can also monitor for the following Microsoft 365 Defender alerts for this attack. Note that these alerts can also be triggered by unrelated threat activity. Example alerts: Suspicious URL clicked Suspicious URL opened in web browser User accessed link in ZAP-quarantined email Microsoft 365 Defender customers should also investigate any “Stolen session cookie was used” alerts that would betriggered for adversary-in-the-middle (AiTM) attacks. Microsoft Defender SmartScreen Microsoft Defender SmartScreen has implemented detections against the phishing domains represented in the IOC section above. Advanced hunting queries Microsoft Sentinel Microsoft Sentinel customers can run the following advanced hunting queries to locate IOCs and related malicious activity in their environments. The query below identifies matches based on domain IOCs related to SEABORGIUM actor across a range of common Microsoft Sentinel data sets: Azure-Sentinel/SEABORGIUMDomainsAugust2022.yaml at master · Azure/Azure-Sentinel Microsoft 365 Defender Microsoft 365 Defender customers can run the following advanced hunting queries to locate IOCs and related malicious activity in their environments. This query identifies matches based on domain IOCs related to SEABORGIUM against Microsoft Defender for Endpoint device network connections Azure-Sentinel/SEABORGIUMDomainIOCsAug2022.yaml at master · Azure/Azure-Sentinel The post Disrupting SEABORGIUM’s ongoing phishing operations appeared first on Microsoft Security Blog. Continue reading...

It's always better to keep cool. Took me years to perfect the art.

Safeguard holds are one of several previously announced protection features of the Windows Update for Business deployment service. In this article, we explore how you benefit from safeguards to protect devices under your management during deployments. Specifically, we'll review: Safeguard holds for known and likely issues What safeguard holds look like behind the scenes How to make the most of safeguard holds Earlier this year, we started a new blog series exploring these features, which are designed to work together to help you have a smoother experience when updating and upgrading your organization's devices. These features are available to organizations with Windows 10/11 Enterprise E3 or greater, including Education variants. The first such feature we explored was Gradual rollouts with the Windows Update for Business deployment service. Gradually rolling out the update to intelligently ordered waves of devices reduces risk and gives IT pros more confidence in deployment success. If you haven't read this article, I recommend you check it out! Millions of devices managed by IT have been upgraded to the latest Windows using gradual rollouts to simplify the process and reduce deployment risks. Safeguard holds for known and likely issues If you have been using the Windows Update service to deploy a new version of Windows to your devices, you have already benefited from safeguard holds for known issues. This includes all Windows Update for Business users. When you go beyond traditional client policies and enroll in the Windows Update for Business deployment service, this protection is expanded to safeguard holds for likely issues as well. Let's define these types of issues and see how they work. What's a known issue? A known issue is a problem that may occur after an upgrade that was discovered by Microsoft or reported by a customer or partner. This issue has been evaluated and confirmed for a specific set of devices. What's a likely issue? When some devices face complications after an upgrade to Windows 11, protecting customers' devices quickly is a priority. In addition to safeguard holds for known issues, the deployment service utilizes machine learning (ML) performed across millions of unmanaged, daily consumer and commercial PCs installing the upgrade. It looks for any evidence of rollback during setup, an app or driver malfunction, graphics, audio or connectivity issue, etc. When upgrade problems like these surface, this ML spots correlations among device hardware and software characteristics to identify a larger set of devices that have not yet started the upgrade and automatically safeguards them. While this early correlation is not yet a confirmed (known) issue, it is a likely issue. Essentially, where there is smoke, there is often fire, and safeguarding likely issues offers a quicker and higher protection level for such devices. What safeguard holds do to protect your devices If Microsoft finds a potential quality or compatibility issue, the safeguard hold feature automatically pauses updates to just those devices that are identified as exposed or at a high risk of exposure. Figure 1 illustrates how an update is paused before the deployment service offers it to devices under your management. Safeguard holds in action: Diagnostic data from device upgrades not managed by IT informs the deployment service to pause an update deployment to devices under your management. What safeguard holds look like behind the scenes That's all great, but how does it really work? Let's look closer at how issues are identified and the process of safeguarding your devices, including the lifespan of these protective measures. Identifying known issues We receive feedback from many different channels that tell us about known issues with a Windows update. Feedback comes from partners, customers, Windows Insiders, and our own internal testing process. Once we identify issues that may impact devices after upgrade, we build device-specific criteria that are delivered to impacted devices as a safeguard hold. Safeguarded devices are then paused from updates until the issue has been mitigated. Identifying likely issues To make safeguarding likely issues possible, pattern mining is used across millions of daily devices installing the upgrade from Windows Update that are not managed by IT. Specifically, machine learning is applied to the diagnostic data from our broad device ecosystem to automatically identify patterns correlated with update-related disruptions. Data from customer devices using Windows Update for Business is always used in accordance with the Microsoft privacy policy. Figure 2 shows an abnormal failure pattern peaking at 82% against a baseline rate of about 3%. Abnormal update failure pattern across time (adapted from: Using machine learning to improve the Windows 10 update experience) A pattern refers to a specific combination of attributes. These include hardware characteristics, drivers, and applications – the same attributes that determine device assignment to waves in gradual rollouts. For example, a pattern may reveal an incompatibility between driver X and a third-party app Y on the same device. The process of safeguarding your devices Once the machine learning algorithm finds this pattern, it triggers a temporary safeguard hold for a likely issue. Its lifespan varies in duration and prioritizes safety over progress to preserve end user experience and IT peace of mind. The delay allows you a few weeks to make an informed decision on how to proceed with the update to keep your device population protected and productive. We aim to address the temporary hold for a likely issue in four to six weeks by either: Confirming and transitioning the likely issue to a known issue with safeguard hold maintained. Identifying a false positive and automatically removing the hold so devices begin updating. If Microsoft verifies the issue and confirms that the device is indeed not ready to update (scenario a), the safeguard hold transitions to a known issue and continues to delay the device's upgrade until a mitigation is applied. If Microsoft verification deems the likely issue to be a false positive or more scoped in nature (scenario b), the temporary safeguard hold is removed for unaffected devices so the upgrade may proceed, if approved by IT. Microsoft uses two guiding reasons for issuing an automatic safeguard hold for likely issues: We have also paused deployment to consumer devices likely exposed to the issue. The issue is under active investigation by Microsoft engineers. Windows Update maintains a safeguard hold until Microsoft investigates, develops, and validates a fix before offering it to affected devices and restoring the update deployment. Once a fix or mitigation is delivered via Windows Update or a third party, the safeguard hold is lifted, and the device can be offered an update. This ensures a seamless protection experience for end users and IT. How to make the most of safeguard holds Enable safeguard hold protections to maximize your update deployment experience today! These capabilities are available to you through the Microsoft Graph, PowerShell SDK, Intune, and Update Compliance. Deployment scheduling controls are always available. However, to take advantage of the unique deployment protections tailored to devices under your management, configure devices to share diagnostic data with Microsoft and leverage available reporting tools. Ensure device prerequisites are met Diagnostic data must be set to Required or Optional. The AllowWUfBCloudProcessing policy must be set to 8 (see how to do so in Microsoft Endpoint Manager, using Group Policy, or mobile device management). Safeguard holds apply to Windows Update for Business deployments by default. We do not recommend opt-outs or manual updates, except for strict IT environments and for validation purposes only. Monitor safeguard holds reporting If you are affected by a safeguard hold, you will get additional insight into the issue through the M365 Admin Center or the Known Issues sections of the Windows release health dashboard online. You can also monitor your device population with up-to-date reporting. If you use Update Compliance, you can check your safeguard hold report to see which devices under your management are affected by which safeguard holds. The same information is presented in two different views: the total safeguard hold view (see Figure 3) and device view, which you can sort device by device. While all safeguard holds are marked with an 8-digit identifier, the safeguard hold ID value for all likely issues is 00000001. The Update Compliance total safeguard holds view. (Source: Update Compliance - Safeguard Holds report) If you use Intune, safeguard holds are now visible in the Feature Update Failures Report. For additional ways to monitor and report on safeguard holds, refer to the documentation of your management solution, such as Am I affected by a safeguard hold? Stay in the know! Safeguard holds offer tailored solutions to your environment. This feature is informed by partners, customers, and the latest Microsoft machine learning efforts around known and likely issues that emerge while we are updating the broad ecosystem of devices. That said, we would love for you to join one of our early validation programs to discover any potential issues even before your organization-wide deployment: Security Update Validation Program (SUVP) Windows Insider Program for Business This information on the workings of safeguard holds for known and likely issues is meant to prepare you to optimize your update deployment experience. Together with the gradual rollouts feature of Windows Update for Business deployment service, safeguard holds serve to give you additional peace of mind and keep your organization even more protected and productive. There is more to explore, and our next blog in the series will continue this topic by focusing on automated rollback monitoring. Enjoy the new features available to you through the deployment service and let us know what you think in the comments below or on the Windows Tech Community! For additional context, visit our existing publications: Windows Update for Business deployment service (Docs) Access safeguard hold details with Update Compliance (Windows IT Pro Blog) Safeguard holds (Docs) Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter. Continue reading...

Uncover adversaries with new Microsoft Defender threat intelligence products The threat landscape is more sophisticated than ever and damages have soared—the Federal Bureau of Investigation’s 2021 IC3 report found that the cost of cybercrime now totals more than USD6.9 billion.1 To counter these threats, Microsoft is continuously aggregating signal and threat intelligence across the digital estate, which is enabling us to track threat actors much more closely and to better understand their behavior over time. Today, Microsoft tracks 35 ransomware families, and more than 250 unique nation-states, cybercriminals, and other threat actors. Our cloud also processes and analyzes more than 43 trillion security signals every single day. This massive amount of intelligence derived from our platform and products gives us unique insights to help protect customers from the inside out. In addition, our acquisition of RiskIQ just over a year ago, has allowed us to provide customers unique visibility into threat actor activity, behavior patterns, and targeting. They can also map their digital environment and infrastructure to view their organization as an attacker would. That outside-in view delivers even deeper insights to help organizations predict malicious activity and secure unmanaged resources. Building on our vision to provide unmatched, actionable threat intelligence, we’re thrilled to announce two new security products that provide deeper context into threat actor activity and help organizations lock down their infrastructure and reduce their overall attack surface: Track threat actor activity and patterns with Microsoft Defender Threat Intelligence. Security operations teams can uncover attacker infrastructure and accelerate investigation and remediation with more context, insights, and analysis than ever before. While threat intelligence is already built into the real-time detections of our platform and security products like the Microsoft Defender family and Microsoft Sentinel, this new offering provides direct access to real-time data from Microsoft’s unmatched security signals. Organizations can proactively hunt for threats more broadly in their environments, empower custom threat intelligence processes and investigations, and improve the performance of third-party security products. See your business the way an attacker can with Microsoft Defender External Attack Surface Management. The new Defender External Attack Surface Management gives security teams the ability to discover unknown and unmanaged resources that are visible and accessible from the internet—essentially the same view an attacker has when selecting a target. Defender External Attack Surface Management helps customers discover unmanaged resources that could be potential entry points for an attacker. These new threat intelligence offerings expand our growing security portfolio, offer deeper insights into threat actors and their behaviors, and help security teams accelerate the identification and prioritization of risks. Keep reading for more detail on these solutions, as well as the new detection and response capabilities for SAP from Microsoft Sentinel. Plus, find out where you can see a live product demo of all of our threat intelligence products at Black Hat. Unmask your adversaries with Microsoft Defender Threat Intelligence Today, any device connected to the internet is susceptible to vulnerabilities. Understanding the gaps that can lead to vulnerabilities is key to building resilience. Microsoft Defender Threat Intelligence maps the internet every day, providing security teams with the necessary information to understand adversaries and their attack techniques. Customers can access a library of raw threat intelligence detailing adversaries by name, correlating their tools, tactics, and procedures (TTPs), and can see active updates within the portal as new information is distilled from Microsoft’s security signals and experts. Defender Threat Intelligence lifts the veil on the attacker and threat family behavior and helps security teams find, remove, and block hidden adversary tools within their organization. This depth of threat intelligence is created from the security research teams formerly at RiskIQ with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), and the Microsoft 365 Defender security research teams. The volume, scale, and depth of intelligence is designed to empower security operations centers (SOCs) to understand the specific threats their organization faces and to harden their security posture accordingly. This intelligence also enhances the detection capabilities of Microsoft Sentinel and the family of Microsoft Defender products. Microsoft recognizes the importance of working together as a security community to help protect the digital world from threats. As such, the existing free edition will continue to be available. And as we look ahead, we’re excited to continue our journey of innovation and integration. Look for more news later this year on the expanding capabilities of our portfolio. Discover your vulnerabilities with Microsoft Defender External Attack Surface Management Organizations need to see their business the way an attacker can so they can eliminate gaps and strengthen their security posture to help reduce the potential for attack. Many businesses have internet-facing assets they may not be aware of or have simply forgotten about. These are often created by shadow IT, mergers, and acquisitions, incomplete cataloging, business partners’ exposure, or simply rapid business growth. Microsoft Defender External Attack Surface Management scans the internet and its connections every day. This builds a complete catalog of a customer’s environment, discovering internet-facing resources—even the agentless and unmanaged assets. Continuous monitoring, without the need for agents or credentials, prioritizes new vulnerabilities. With a complete view of the organization, customers can take recommended steps to mitigate risk by bringing these unknown resources, endpoints, and assets under secure management within their security information and event management (SIEM) and extended detection and response (XDR) tools. Protect business-critical information within SAP with Microsoft Sentinel In the spirit of continuous innovation and bringing as much of the environment under secure management as possible, we are proud to announce the new Microsoft Sentinel solution for SAP. Security teams can now monitor, detect, and respond to SAP alerts, such as privilege escalation and suspicious downloads, all from our cloud-native SIEM. Business-specific risks can be unique and complicated. With the Microsoft Sentinel solution for SAP, customers can build custom detections for the threats they face and reduce the risk of catastrophic interruption. Learn more To learn more about these products, join us at Black Hat USA and see live demos at the Microsoft Booth 2340 from August 10 to 11, 2022. You can also register now for the Stop Ransomware with Microsoft Security digital event on September 15, 2022, to watch in-depth demos of the latest threat intelligence technology. Explore our new solutions: Microsoft Defender Threat Intelligence Microsoft Defender External Attack Surface Management To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. 1Internet Crime Report 2021, Internet Crime Complaint Center, Federal Bureau of Investigation. 2021. The post Microsoft announces new solutions for threat intelligence and attack surface management appeared first on Microsoft Security Blog. Continue reading...

Today, many enterprise organizations are multicloud and multiplatform. Critical enterprise data is located across clouds and platforms, requiring security and compliance no matter where it lives. To solve the complexity that comes with these environments, organizations have invested in multiple point solutions, which in turn can make it hard for them to manage the fragmented compliance and risk posture covering their entire data estate. To help organizations meet today’s global compliance and risk requirements across their multicloud, multiplatform data environments, we announced Microsoft Purview in April 2022. Microsoft Purview is a portfolio of solutions for information protection, data governance, risk management, and compliance that enables organizations to effectively manage their data all from one place. It provides enhanced visibility that organizations can leverage across their environment to help close gaps that can lead to data exposure, simplify tasks through automation, stay up-to-date with regulatory requirements, and keep their most important asset—their data—secured. Partners play a critical role in helping customers manage their entire data estate. We’ve invested in connectors, APIs, and extensibility to support partners and help customers manage their data. Microsoft Purview product announcements Today, we are excited to announce the general availability of the new Microsoft Graph APIs for Microsoft Purview eDiscovery. With the new Microsoft Purview eDiscovery APIs, organizations can leverage automation to streamline common, repetitive workflows that require a lot of manual effort in the product experience. Customers and partners find automation and extensibility of eDiscovery workflows critically important because of the ability to reduce the potential for human error in highly sensitive workflows. For example, efficiently managing repeatable, defensible processes is critical to managing risk for organizations that have significant requirements for litigation and investigation. Here are some of the ways partners are building value-added solutions and services using our Microsoft Purview eDiscovery APIs: Relativity integrates with Microsoft Purview eDiscovery (Premium) Relativity, Microsoft’s Security ISV of the Year for 2022, shared that “using the right tools to put business’s data into action is essential for many eDiscovery and compliance use cases. RelativityOne integration with Microsoft Purview eDiscovery significantly expedites the eDiscovery review process, minimizes data copies across multiple platforms, facilitates third-party collaboration, and ultimately reduces costs while the data remains secure within the Microsoft cloud. Now is the time to benefit from RelativityOne’s integration with Microsoft’s Purview’s eDiscovery platform,” said Chris Izsak, Strategic Partnerships GTM Manager, Relativity. BDO’s Athenagy integrates with Microsoft Purview eDiscovery BDO’s Athenagy creates dashboards using both Microsoft Purview eDiscovery and RelativityOne. Their “patent-pending business intelligence dashboards now provide legal, IT, and compliance professionals a whole new level of data transparency and cost containment by surfacing up critical insights inside both Microsoft Purview eDiscovery—using the newly released Microsoft Purview eDiscovery APIs—and RelativityOne tied to legal hold, collect, preservation, processing, and review for every investigation, compliance, and litigation matter,” said Daniel Gold, inventor of Athenagy and managing director of E-Discovery Managed Services, BDO. Epiq Global integrates with Microsoft Purview eDiscovery Epiq leverages Microsoft Purview eDiscovery APIs to create an end-to-end eDiscovery workflow. “Utilizing the Microsoft Purview eDiscovery APIs allows us to automate within Microsoft Purview to use inputs from our customer’s existing legal hold system of record to seamlessly orchestrate an end-to-end workflow including sending hold notices, preserving data in place, and performing searches, collections, and exports. When updates are made in the system of record, the changes are propagated directly to the appropriate piece of eDiscovery to ensure parity. An automated solution eliminates human error, reduces administrative costs, and ensures that eDiscovery processes are in sync with your issuance of legal holds,” said Jon Kessler, Vice President of Information Governance Services, Epiq. Lighthouse integrates with Microsoft Purview eDiscovery Lighthouse uses Microsoft Purview eDiscovery APIs to create “a rich and intuitive user experience, taking advantage of custodian data mapping, in-place preservation, modern attachment retrieval, and advanced culling. Our automation and orchestration solution is designed to improve user efficacy with job failure oversight, completion notification, and automatic provisioning and management of Azure storage containers. Clients embracing this solution benefit from automation and orchestration to fully leverage Purview Premium eDiscovery’s apps securely and at scale,” said John Collins, Director of Advisory Services, Lighthouse (winner of the Compliance and Privacy Trailblazer award for 2022). Growth opportunities for partners The opportunity for our partners who invest in the Microsoft compliance ecosystem continues to grow. Our partners are finding success by building value-added solutions and services around Microsoft’s solutions at an increasing rate. For example, partners are creating solutions that connect disparate information repositories for enterprise-wide compliance initiatives. Microsoft partners continue to have the ability to participate in our successful go-to-market program, the partner build-intent workshops. These workshops cover the Microsoft Security portfolio and help drive customer success with Microsoft products and partner services through prescriptive scenarios that address the top pain points of our customers. These workshops have been updated to give partners the ability to uncover additional opportunities leveraging the most up-to-date tools and solutions. Discover all our partner workshops and get started with unlocking opportunities and value with your customers. How Microsoft supports the partner ecosystem The Microsoft Purview platform enables our customers and partners to adapt, extend, integrate, and automate information protection, data governance, risk management, and compliance scenarios. These capabilities are enabled through our investments in these key building blocks: Microsoft Purview APIs: We are constantly expanding our API surface area. With our investments in Microsoft Graph APIs we currently enabling extensibility scenarios across Purview Information Protection, Purview Data Lifecycle Management, Purview eDiscovery, Purview Audit, and more. Partners are using these APIs to build value-added services and solve unique customer scenarios. Microsoft Purview Data Connectors: To enable high-fidelity data ingestion—including sources such as Slack, Zoom, and WhatsApp, we have partnered with Veritas, TeleMessage, 17a-4, and CellTrust to deliver more than 70 ready-to-use connectors. Our extensibility push provides more opportunities for partners to join this connector ecosystem. Microsoft Purview Data Catalog: Microsoft Purview’s unified data governance capabilities help with managing on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview Data Catalog supports multicloud data classification and covers data repositories such as Azure Cosmos DB and Amazon Web Services (AWS) S3 buckets. There is also an Atlas Kafka API that facilitates extensibility scenarios for our partners and customers. Microsoft Purview Compliance Manager: With universal templates, we help partners and customers extend compliance management capabilities to non-Microsoft environments. Power Automate integrations: Microsoft Purview solutions including Microsoft Purview Data Lifecycle Management, Insider Risk Management, and Communication Compliance have built-in Power Automate integrations. This offers unique opportunities for our partners and customers to streamline and automate workflows and business scenarios. Another way Microsoft supports the ecosystem is through the Microsoft Intelligent Security Association (MISA). MISA is an ecosystem of independent software vendors and managed service providers that have integrated their products and services with Microsoft’s security technology. Over the last year, MISA has extended its qualifying products to include a broad range of Microsoft Purview and Microsoft Priva products. MISA offers members co-marketing benefits and the opportunity to deepen their technology integrations and relationship within the Microsoft security ecosystem. MISA offers members co-marketing benefits and the opportunity to deepen their technology integrations and relationship within the Microsoft security ecosystem. Partner with Microsoft Purview Here are a few ways that partners can join the Microsoft Purview ecosystem: For more information, check out the Microsoft Purview partner transform page. Explore the many opportunities for the partner ecosystem with Microsoft Purview. Reach out to our partners and explore their solutions. Check out our Microsoft Security Inspire blog post to learn more about how partners can help customers on the Microsoft platform. Get started with unlocking opportunities and value with your customers at our Partner Network. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. The post How Microsoft Purview and Priva support the partner ecosystem appeared first on Microsoft Security Blog. Continue reading...

They say a picture is worth a thousand words, so we've created guided simulations of Windows 11 functionality to help you, the IT pro, see the similarities with Windows 10 and show your employees how familiar the experience is. We want to make it easy for you to see how device and update management are the same as they were with Windows 10—and to help demonstrate how Windows 11 makes people more productive while keeping your organization protected. The four simulations (or demos) below are designed to: Help employees to get to know Windows 11 before you update their devices. Show how easy it is to deploy a cloud printer with Universal Print. Outline the process of upgrading from Windows 10 to Windows 11. Walk through deploying a new device with Windows 11 using Autopilot. While the last three simulations are really for you, the IT professional, we always show how the results are experienced by your people. These are all click-through simulations presenting the actual experience of Windows 11 and Microsoft cloud-based management tools. These simulations feature Contoso employees Megan, an information worker, and Allan, an IT professional, as they incorporate Windows 11 into their workdays. Allan deploys Windows 11 to new and existing company devices. He deploys Universal Print to move print infrastructure to the cloud. Megan receives a new device with Windows 11 and has an existing device upgraded to Windows 11. And she's able to print with Universal Print not only from her new devices, but also from her iPhone. Get to know Windows 11 We begin with Megan's experience with Windows 11, showing the familiar but more productive interface. The new experience is easier to use and navigate, and Megan is able to use new tools and capabilities, as well as her familiar apps. And finally, she experiences the new collaboration features included in Windows 11. Launch the simulation Get to know Universal Print Printer management is often the last thing to get migrated to the cloud. Universal Print is Microsoft's cloud-based print solution that enables simple, rich, and secure printing experiences, while reducing time and effort for IT. The guided simulation shows Allan setting up Universal Print and how Megan benefits from the new capabilities on her Windows 11 laptop and from her smartphone. Launch the simulation Update to Windows 11 Microsoft rolled out Windows 11 to 190,000 devices around the world in five weeks. There was careful planning and testing involved, but Windows Update for Business deployment service and Microsoft Endpoint Manager were key tools for a smooth deployment. The guided simulation shows how Allan can manage the planning and update process for Contoso using cloud management tools. You can read to get the lowdown on the Windows 11 update at Microsoft. Launch the simulation Get to know Windows Autopilot After we show you how existing Windows 10 devices are upgraded to Windows 11, we demonstrate how new devices are deployed with Windows Autopilot. Windows Autopilot enables admins to configure devices from a cloud console and have their supplier ship Windows devices directly to employees, wherever they are. When the device is received, employees just log in with their company credentials, and the device is automatically provisioned. The PC is locked down according to company policies, enrolled into management, and installs curated applications. Windows Autopilot maximizes ease of use for employees, allowing them to unbox and start working right away. Launch the simulation Let us know your thoughts! We are excited about Windows 11 and to share these guided simulations with you. Windows 11 can transform people's work lives while maintaining familiarity. These guided simulations provide an introduction and can also be used as reference while using the new Windows 11 features and technologies. Let us know if you want us to create more of these, and what topics you'd like to see in the comments below! Continue the conversation. Find best practices. Visit the Windows Tech Community. Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter. Continue reading...

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October 2021. A fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates released by Apple on May 16, 2022. Microsoft shares the vulnerability disclosure credit with another researcher, Arsenii Kostromin (0x3c3e), who discovered a similar technique independently. We encourage macOS users to install these security updates as soon as possible. We also want to thank the Apple product security team for their responsiveness in fixing this issue. The App Sandbox is Apple’s access control technology that application developers must adopt to distribute their apps through the Mac App Store. Essentially, an app’s processes are enforced with customizable rules, such as the ability to read or write specific files. The App Sandbox also restricts the processes’ access to system resources and user data to minimize the impact or damage if the app becomes compromised. However, we found that specially crafted codes could bypass these rules. An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads. We found the vulnerability while researching potential ways to run and detect malicious macros in Microsoft Office on macOS. For backward compatibility, Microsoft Word can read or write files with an “~$” prefix. Our findings revealed that it was possible to escape the sandbox by leveraging macOS’s Launch Services to run an open –stdin command on a specially crafted Python file with the said prefix. Our research shows that even the built-in, baseline security features in macOS could still be bypassed, potentially compromising system and user data. Therefore, collaboration between vulnerability researchers, software vendors, and the larger security community remains crucial to helping secure the overall user experience. This includes responsibly disclosing vulnerabilities to vendors. In addition, insights from this case study not only enhance our protection technologies, such as Microsoft Defender for Endpoint, but they also help strengthen the security strategies of software vendors and the computing landscape at large. This blog post thus provides details of our research and overviews of similar sandbox escape vulnerabilities reported by other security researchers that helped enrich our analysis. How macOS App Sandbox works In a nutshell, macOS apps can specify sandbox rules for the operating system to enforce on themselves. The App Sandbox restricts system calls to an allowed subset, and the said system calls can be allowed or disallowed based on files, objects, and arguments. Simply put, the sandbox rules are a defense-in-depth mechanism that dictates the kind of operations an application can or can’t do, regardless of the type of user running it. Examples of such operations include: the kind of files an application can or can’t read or write; whether the application can access specific resources such as the camera or the microphone, and; whether the application is allowed to perform inbound or outbound network connections. [img alt=Diagram comparing how user data and system resources access an app without and with App Sandbox. Without App Sandbox, all user data and system resources will have unrestricted access to the app. With App Sandbox, only the data and resources confined within the said sandbox will have unrestricted access to the app. All other user data and resources won't have access.]https://www.microsoft.com/security/blog/uploads/securityprod/2022/07/fig1-sandboxed-app-illustration.png[/img] Figure 1. Illustration of a sandboxed app, from the App Sandbox documentation (photo credit: Apple) Therefore, the App Sandbox is a useful tool for all macOS developers in providing baseline security for their applications, especially for those that have large attack surfaces and run user-provided code. One example of these applications is Microsoft Office. Sandboxing Microsoft Office in macOS Attackers have targeted Microsoft Office in their attempts to gain a foothold on devices and networks. One of their techniques is abusing Office macros, which they use in social engineering attacks to trick users into downloading malware and other payloads. On Windows systems, Microsoft Defender Application Guard for Office helps secure Microsoft Office against such macro abuse by isolating the host environment using Hyper-V. With this feature enabled, an attacker must first be equipped with a Hyper-V guest-to-host vulnerability to affect the host system—a very high bar compared to simply running a macro. Without a similar isolation technology and default setting on macOS, Office must rely on the operating system’s existing mitigation strategies. Currently, the most promising technology is the macOS App Sandbox. Viewing the Microsoft sandbox rules is quite straightforward with the codesign utility. Figure 2 below shows the truncated sandbox rules for Microsoft Word: Figure 2. Viewing the Microsoft Word sandbox rules with the codesign utility One of the rules dictates the kind of files the application is allowed to read or write. As seen in the screenshot of the syntax below, Word is allowed to read or write files with filenames that start with the “~$” prefix. The reason for this rule is rooted in the way Office works internally and remains intact for backward compatibility. Figure 3. File read and write sandbox rule for Microsoft Word Despite the security restrictions imposed by the App Sandbox’s rules on applications, it’s possible for attackers to bypass the said rules and let malicious codes “escape” the sandbox and execute arbitrary commands on an affected device. These codes could be hidden in a specially crafted Word macro, which, as mentioned earlier, is one of the attackers’ preferred entry points. Previously reported Office-specific sandbox escape vulnerability For example, in 2018, MDSec reported a vulnerability in Microsoft Office on macOS that could allow an attacker to bypass the App Sandbox. As explained in their blog post, MDSec’s proof-of-concept (POC) exploit took advantage of the fact that Word could drop files with arbitrary contents to arbitrary directories (even after passing traditional permission checks), as long as these files’ filenames began with a “~$” prefix. This bypass was relatively straightforward: have a specially crafted macro drop a .plist file in the user’s LaunchAgents directory. The LaunchAgents directory is a well-known persistence mechanism in macOS. PLIST files that adhere to a specific structure describe (that is, contain the metadata of) macOS launch agents initiated by the launchd process when a user signs in. Since these launch agents will be the children of launchd, they won’t inherit the sandbox rules enforced onto Word, and therefore will be out of the Office sandbox. Shortly after the above vulnerability was reported, Microsoft deployed a fix that denied file writes to the LaunchAgents directory and other folders with similar implications. The said disclosure also prompted us to look into different possible sandbox escapes in Microsoft Word and other applications. Exploring Launch Services as means of escaping the sandbox In 2020, several blog posts described a generic sandbox escape vulnerability in macOS’s /usr/bin/open utility, a command commonly used to launch files, folders, and applications just as if a user double-clicked them. While open is a handy command, it doesn’t create child processes on its own. Instead, it performs an inter-process communication (IPC) with the macOS Launch Services, whose logic is implemented in the context of the launchd process. Launch Services then performs the heavy lifting by resolving the handler and launching the right app. Since launchd creates the process, it’s not restricted by the caller’s sandbox, similar to how MDSec’s POC exploit worked in 2018. However, using open for sandbox escape purposes isn’t trivial because the destination app must be registered within Launch Services. This means that, for example, one couldn’t run files like osascript outside the sandbox using open. Our internal offensive security team therefore decided to reassess the open utility for sandbox escape purposes and use it in a larger end-to-end attack simulation. Our obvious first attempt in creating a POC exploit was to create a macro that launches a shell script with the Terminal app. Surprisingly, the POC didn’t work because files dropped from within the sandboxed Word app were automatically given the extended attribute com.apple.quarantine (the same one used by Safari to keep track of internet-downloaded files, as well as by Gatekeeper to block malicious files from executing), and Terminal simply refused to run files with that attribute. We also tried using Python scripts, but the Python app had similar issues running files having the said attribute. Our second attempt was to use application extensibility features. For example, Terminal would run the default macOS shell (zsh), which would then run arbitrary commands from files like ~/.zshenv before running its own command line. This meant that dropping a .zshenv file in the user’s home directory and launching the Terminal app would cause the sandbox escape. However, due to Word’s sandbox rules, dropping a .zshenv file wasn’t straightforward, as the rules only allowed an application to write to files that begin with the “~$” prefix. However, there is an interesting way of writing such a file indirectly. macOS was shipped with an application called Archive Utility responsible of extracting archive files (such as ZIP files). Such archives were extracted without any user interaction, and the files inside an archive were extracted in the same directory as the archive itself. Therefore, our second POC worked as follows: Prepare the payload by creating a .zshenv file with arbitrary commands and placing it in a ZIPfile. Encode the ZIPfile contents in a Word macro and drop those contents into a file “~$exploit.zip” in the user’s home directory. Launch Archive Utility with the open command on the “~$exploit.zip” file. Archive Utility ran outside the sandbox (since it’s the child process of /usr/bin/open) and was therefore permitted to create files with arbitrary names. By default, Archive Utility extracted the files next to the archive itself—in our case, the user’s home directory. Therefore, this step successfully created a .zshenv file with arbitrary contents in the user’s home directory. Launch the Terminal app with the open command. Since Terminal hosted zsh and zsh ran commands from the .zshenv file, the said file could escape the Word sandbox successfully. Figure 4. Preparing a Word macro with our sandbox escape for an internal Red Team operation Perception Point’s CVE-2021-30864 In October 2021, Perception Point published a blog post that discussed a similar finding (and more elegant, in our opinion). In the said post, Perception Point released details about their sandbox escape (now identified as CVE-2021-30864), which used the following facts: Every sandboxed process had its own container directory that’s used as a “scratch space.” The sandboxed process could write arbitrary files, including arbitrary filenames, to that directory unrestricted. The open command had an interesting –env option that could set or override arbitrary environment variables for the launched app. Therefore, Perception Point’s POC exploit was cleverly simple: Drop a .zshenv file in the container directory. This was allowed because sandbox rules weren’t enforced on that directory. Launch Terminal with the open command but use the –env option to override the HOME environment variable to point to the container directory. This made zsh consider the user’s home directory to be the container directory, and run commands from the planted .zshenv file. Apple has since patched the vulnerability Perception Point reported in the latest version of macOS, Monterey. While we could still create the “~$exploit.zip” file in the user’s home directory, using open to launch the Archive Utility on the ZIP file now resulted in it being extracted to the Downloads folder. While this is an interesting behavior, we could no longer use it for sandbox escape purposes. Final exploit attempt: Revisiting the ‘open’ command After discovering that Apple has fixed both variants that abuse .zshenv, , we decided to examine all the command line options of the open command. Soon after, we came across the following: [img alt=Screenshot of a command line interface with the following text: --stdin PATH Launches the application with stdin connected to PATH.]https://www.microsoft.com/security/blog/uploads/securityprod/2022/07/fig5-stdin-option-in-open-utlility.png[/img] Figure 5. The –stdin option in the open utility as presented by its manual entry As mentioned earlier, we couldn’t run Python with a dropped .py file since Python refuses to run files with the “com.apple.quarantine” extended attribute. We also considered abusing the PYTHONSTARTUP environment variable, but Apple’s fix to CVE-2021-30864 apparently prevented that option, too. However, –stdin bypassed the “com.apple.quarantine” extended attribute restriction, as there was no way for Python to know that the contents from its standard input originated from a quarantined file. Our POC exploit thus became simply as follows: Drop a “~$exploit.py” file with arbitrary Python commands. Run open –stdin=’~$exploit.py’ -a Python, which runs the Python app with our dropped file serving as its standard input. Python happily runs our code, and since it’s a child process of launchd, it isn’t bound to Word’s sandbox rules. Figure 6. Sample minimal POC exploit code We also came up with a version that’s short enough to be a Twitter post: Figure 7. “Tweetable” POC exploit Detecting App Sandbox escapes with Microsoft Defender for Endpoint Since our initial discovery of leveraging Launch Services in macOS for generic sandbox escapes, we have been using our POC exploits in Red Team operations to emulate end-to-end attacks against Microsoft Defender for Endpoint, improve its capabilities, and challenge our detections. Shortly after our Red Team used our first POC exploit, our Blue Team members used it to train artificial intelligence (AI) models to detect our exploit not only in Microsoft Office but also on any app used for a similar Launch Services-based sandbox escape. After we learned of Perception Point’s technique and created our own new exploit technique (the Python POC), our Red Team saw another opportunity to fully test our own detection durability. Indeed, the same set of detection rules that handled our first sandbox escape vulnerability still turned out to be durable—even before the vulnerability related to our second POC exploit was patched. [img alt=Partial screenshot of Microsoft Defender for Endpoint detecting an Office sandbox escape vulnerability. The left panel shows the Alert Story with timestamps. The right panel shows the Alert details, including category, MITRE ATT&CK techniques, detection source, service source, detection status, and other information.]https://www.microsoft.com/security/blog/uploads/securityprod/2022/07/fig8-microsoft-defender-endpoint-detecting-sandbox-escape.png[/img] Figure 8. Microsoft Defender for Endpoint detecting Office sandbox escape For Defender for Endpoint customers, such detection durability feeds into the product’s threat and vulnerability management capabilities, which allows them to quickly discover, prioritize, and remediate misconfigurations and vulnerabilities—including those affecting non-Windows devices—through a unified security console. Learn how Microsoft Defender for Endpoint delivers a complete endpoint security solution across all platforms. Jonathan Bar Or Microsoft 365 Defender Research Team The post Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 appeared first on Microsoft Security Blog. Continue reading...

The public anticipation surrounding Windows Autopatch has been building since we announced it in April. Fortunately for all, the wait is over. We are pleased to announce that this service is now generally available for customers with Windows Enterprise E3 and E5 licenses. Microsoft will continue to release updates on the second Tuesday of every month and now Autopatch helps streamline updating operations and create new opportunities for IT pros. Want to share the excitement? Watch this video to learn how Autopatch can improve security and productivity across your organization: What Is Autopatch? In case you missed the public preview announcement, Windows Autopatch automates updating of Windows 10/11, Microsoft Edge, and Microsoft 365 software. Essentially, Microsoft engineers use the Windows Update for Business client policies and deployment service tools on your behalf. The service creates testing rings and monitors rollouts-pausing and even rolling back changes where possible. Windows Autopatch is a service that uses the Windows Update for Business solutions on your behalf. The Autopatch documentation gets more granular if you want to learn more, and if you have questions, our engineers have created a dedicated community to answer your questions that may be more specific than are covered in our FAQ (which gets updated regularly). Getting started with Autopatch To start enrolling devices: Find the Windows Autopatch entry in the Tenant Administration blade of the Microsoft Endpoint Manager admin center. Select Tenant enrollment. Select the check box to agree to the terms and conditions and select Agree. Select Enroll. Follow along with this how-to video for more detailed instructions on enrolling devices into the Autopatch service: Microsoft FastTrack Specialists are also available to help customers with more than 150 eligible licenses work through the Windows Autopatch technical prerequisites described in the documentation. Sign in to Microsoft FastTrack, move to the cloud with confidence with a valid Azure ID to learn more and submit a request for assistance, or contact your Microsoft account team. Working with Autopatch Once you've enrolled devices into Autopatch, the service does most of the work. But through the Autopatch blade in Microsoft Endpoint Manager, you can fine-tune ring membership, access the service health dashboard, generate reports, and file support requests. The reporting capabilities will grow more robust as the service matures. For even more information on how to use Autopatch, see the resources sidebar on the Windows Autopatch community. Increase confidence with Autopatch The idea of delegating this kind of responsibility may give some IT administrators pause. Changing systems in any way can cause hesitation-but unpatched software can leave gaps in protection-and by keeping Windows and Microsoft 365 apps updated you get all the value of new features designed to enhance creativity and collaboration. Because the Autopatch service has such a broad footprint, and pushes updates around the clock, we are able to detect potential issues among an incredibly diverse array of hardware and software configurations. This means that an issue that may have an impact on your portfolio could be detected and resolved before ever reaching your estate. And as the service expands and grows, the ability to detect issues will get more robust.Microsoft invests resources into rigorous testing and validation of our releases. We want to give you the confidence to act. We have a record of 99.6%[1] app compatibility with our updates and an App Assure team that has your back in case you should encounter an application compatibility issue at no additional cost for eligible customers. In some organizations, where update deployment rings are already in place, and the update process is robust, the appetite for this kind automation may not be as strong. In talking to customers, we're learning how to evolve the Autopatch service to meet more use cases and deliver more value and are excited for some of the developments which will be announced in the upcoming months in this blog. What's ahead for Autopatch One announcement we can make is that Windows Autopatch will support updating of Windows 365 cloud PCs. We'll be covering this enhancement in the Windows in the Cloud on July 14th and that special episode will be available on demand on Windows IT Pro YouTube Channel later this month, so be sure to subscribe to the channel for updates. We love hearing from you, during the past months, we have met with some of you, received feedback in our Windows Autopatch community, and during our ‘Ask Microsoft Anything' event. We are working hard on addressing asks and improving the service–so please keep sharing feedback. Please note that we have an evergreen FAQ page here and you can learn more about how Windows Autopatch works in our docs. Microsoft Mechanics, who have been doing an incredible deep dive into update management, will be talking about Autopatch and endpoint management in a future episode, so be sure to subscribe to their channel, too. Of course, if you subscribe to the Windows Autopatch blog you'll get notified about these events and all the excitement moving forward. [1] Source: Microsoft App Assure program data October 2018-February 2022 Continue reading...

We are excited to share that Microsoft has been rated “Outstanding in Functionality” in the KuppingerCole Market Compass for Secure Collaboration, May 2022. Microsoft was also the only company to be awarded the highest possible score of “Strong Positive” in all five categories: security, deployment, interoperability, usability, and market standing for the Microsoft Purview Information Protection platform. The Secure Collaboration Market Compass report covers solutions that protect sensitive data, which includes intellectual property or information restricted to certain audiences (such as trade secrets, some legal contracts, agreements, and financial statements), along with personally identifiable information (PII) and health information for regulatory standards such as General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA). As companies shift towards remote hybrid work, protecting sensitive data that is continuously created and shared among employees, contractors, partners, and suppliers—while not impeding worker productivity—is becoming increasingly important. Enterprises today face the challenge of classifying large volumes of data, especially personal data, which is required by privacy regulations and laws worldwide. At Microsoft, our goal is to provide a built-in, intelligent, unified, and extensible solution to protect sensitive data across your digital estate—in Microsoft 365 cloud services, on-premises, third-party software as a service (SaaS) applications, and more. With Microsoft Purview Information Protection, we are building a unified set of capabilities for classification, labeling, and protection, not only in Microsoft Office apps but also in other popular productivity services where the information resides (such as SharePoint Online, Exchange Online, and Microsoft Teams), as well as endpoint devices. “Microsoft Purview Information Protection provides a sophisticated classification system that can apply labeling to a document based on the creator, the context in which it was created, and/or the content within the document. The functionality is natively embedded into Office services and apps, and third-party applications via the information protection SDK. Sensitive information is discovered and labeled with out-of-the-box, custom, and machine learning (trainable) functionality,” Annie Bailey, KuppingerCole analyst, writes in the report. “Information such as credit card, social security number (SSN), person names, licenses, and business categories like healthcare or financial can be classified out-of-the-box. Custom fields include RegEx, Dictionary, Fingerprint, Named entities detection (e.g., person name, address, medical terms), Exact Data Match, and credentials.” We are also pleased that KuppingerCole recognizes the breadth and depth of our Microsoft Purview Information Protection platform and called out these strengths: • Double Key Encryption provides additional security and governance control. • Built into frequently used enterprise applications. • Simulations to test policy effectiveness. • Interoperates with Microsoft and third-party event logs. • Automated and manual classification options. • Coverage of structured and unstructured data in the Microsoft environment. • Data loss prevention functionality in Teams chat. • Option for no configuration, default classification. We have made significant investments in our Microsoft Purview solutions (such as Data Loss Prevention, Compliance Manager, Data Lifecycle Management, Insider Risk Management, and eDiscovery) and Microsoft Priva privacy solution that leverage our advanced classifiers, unified labeling and protection, sensitive information types, and policy authoring templates provided by our Microsoft Purview Information Protection platform. More than 200 partners are part of our Microsoft Intelligent Security Association (MISA). Partners can leverage our labeling features through our Information Protection SDK, data connectors, and Graph APIs to provide integrations with Microsoft applications and services, security and compliance solutions, and their own products. We are honored to have been designated as “Outstanding in Functionality” by KuppingerCole and rated the highest possible score of “Strong Positive” in five different categories. Learn more We invite you to read the full KuppingerCole Secure Collaboration report. For more information on our Microsoft Purview solutions, please visit our website. Visit the Microsoft Purview Information Protection platform page to learn more about how to protect your data wherever it lives. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. The post KuppingerCole rates Microsoft as outstanding in functionality for secure collaboration appeared first on Microsoft Security Blog. Continue reading...