Microsoft 365 roadmap roundup – 8 February 2021

Use these buttons to switch between each product’s roadmap updates.

Microsoft Information Protection

Updates listed under this heading combines the following products: Azure Information Protection, 365 compliance center, Information Protection, Office 365 Advanced Threat Protection, Microsoft Defender, Microsoft Intune, Office 365 Data Loss Prevention and Security and Compliance center.

  • Launched (15)
  • Rolling out (7)
  • In development (40)

🍾 LAUNCHED

  • Microsoft Defender for Office 365: External Email Forwarding Controls – With this new feature we are adding support for more granular controls that allow the Office 365 administrators to easily enable external forwarding for the right people in the organization through the outbound spam policy. We are also moving to disable external forwarding by default so organizations are secure by default. Roadmap ID: 63831
  • Microsoft Defender for Office 365: Enhancements to the Threat Protection Status Report – We’re adding an Override Allows view on the Threat Protection Status report to show customers threats that were allowed in due to configurations they’ve made, allowing customers to evaluate the effectiveness of their configuration and address any unintentional gaps in their protection. Roadmap ID: 64912
  • Microsoft 365 Admin Center: Insider Risk Management solution available for Government clouds – Several Insider Risk Management features will be rolling out to Government clouds in the coming months. Roadmap ID: 64187
  • Microsoft Defender for Endpoint: Priority Account Protection – With Priority Account Protection in Defender for Office 365, security teams can now prioritize focus on critical individuals within the organization, offer them differentiated protection and thwart costly breaches in the process. Roadmap ID: 67172
  • Microsoft Defender for Office 365: Configuration Analyzer – Configuration Analyzer will be a place for you to compare your policies settings against the Recommended settings for EOP and Microsoft Defender for Office 365 security. Roadmap ID: 66362
  • Microsoft Defender for Office 365 Improvements to Threat Hunting with Threat Explorer and Real Time Detections – Additional enhancements when it comes to identifying threats within your organization such as spam verdict within Threat Explorer, Showing Threats in URLs and Additional Actions. Roadmap ID: 66467
  • Microsoft Defender for Office 365 Extended capabilities in Threat Explorer – As part of this work, Microsoft will be extending Top Targeted Users to Phish and All Email. Roadmap ID: 66468
  • Microsoft Defender for Endpoint: EDR in block mode – EDR in block mode is a capability in Microsoft Defender for Endpoint that turns EDR detections into blocking and containment of malicious behaviours. Roadmap ID: 68850
  • Microsoft Compliance Center: Microsoft 365 compliance center – Audit retention dashboard (preview) – Create and manage audit log retention policies within the new Audit retention dashboard in the Microsoft 365 compliance center. Roadmap ID: 68854
  • Microsoft Defender for Endpoint: Linux EDR – With the new Linux EDR capabilities, Microsoft Defender for Endpoint customers will have the ability to detect advanced attacks that involve Linux servers, utilize rich investigation experiences, perform advanced hunting, and quickly remediate threats on Linux servers. Roadmap ID: 68858
  • Microsoft Defender for Office 365 Defender for Office 365 – Evaluation Mode – We’re introducing Evaluation Mode in Microsoft Defender for Office 365 – the most effective way to evaluate the filtering efficacy of Defender for Office 365 using real-world email in your production environment. Roadmap ID: 68862
  • Microsoft Information Protection: Sensitivity labels extend to assets in Azure – With the new Microsoft Azure Purview, you can now extend the reach of your MIP sensitivity labels and the value from built-in sensitive information types to a much broader set of data locations and data types. Roadmap ID: 68889
  • Microsoft Defender for Office 365: Attack Simulation Training – Attack Simulation training helps customers detect, assess, and remediate phishing risk across users through integrated simulations and targeted training campaigns that change user behaviour. Roadmap ID: 68925
  • Microsoft Defender for Office 365: Updates to Automated Investigations – A number of improvements are being delivered to improve the clarity and value of automated investigations. Roadmap ID: 68949
  • Microsoft Defender for Endpoint: Threat and vulnerability management for macOS – Software vulnerability assessment are available for macOS. Roadmap ID: 70691

đźš‚ ROLLING OUT

  • Microsoft Defender for Office 365: Customization for Quarantine Notification and Alerts – With this update, tenant administrators will be able to add various customized components to quarantine notifications and alerts, such as an organization logo, a custom display name, and custom disclaimer. Roadmap ID: 64781
  • Microsoft Defender for Office 365: Request Release workflow – We’ve added a way for end users to triage quarantined phish messages. Roadmap ID:62449
  • Microsoft Defender for Office 365: Quarantine – Custom Policy and Folder – Previously, quarantine behaviour was configured through each individual filtering policy. To reduce complexity, we’ve moved new and existing quarantine parameters into a standalone Quarantine policy. Roadmap ID: 62450
  • Microsoft Defender for Office 365: Secure by Default – Honoring detonation verdicts – All too frequently, URLs and files that have been flagged as malicious are allowed through to the inbox due to transport rules and domain allows. We’re updating our filters to ensure that malicious files and URLs are not delivered regardless of configuration, unless manually overridden. Roadmap ID: 60827
  • Microsoft Defender for Endpoint: MTD for iOS (Preview) – Microsoft for Endpoint on iOS will offer phishing protection, blocking of unsafe connections, and the ability to create custom indicators. Roadmap ID: 68857
  • Microsoft Defender for Endpoint: Threat and vulnerability management for Windows 8.1 – Threat and vulnerability management capabilities, both software vulnerability assessment for the OS and applications, as well as secure configuration assessment will now support Windows 8.1 devices. Roadmap ID: 70690
  • Microsoft 365 Compliance Center: Conflict of interest template – Introducing a new policy template for Communication Compliance that will monitor communications between two groups of users which can be used for collusion or conflict of interest detection. Roadmap ID: 68132

⌛ IN DEVELOPMENT

Release – February 2021

  • 🆕 Microsoft Defender for Office 365: Hunting for Impersonated domains and users – Threat Explorer (P2) and Real-time detections (P1) are powerful near real-time tools to help Security Operations teams investigate and respond to threats. Today we provide filters for Detection Technology with User impersonation or Domain impersonation which show all Phish emails caught by our impersonation detection. Roadmap ID: 70613
  • Microsoft Defender for Office 365: Potential Nation State Activity Alerts – Nation state threats are defined as cyber threat activity that originates in a particular country with the apparent intent of furthering national interests. Roadmap ID: 70624
  • Microsoft Defender for Office 365: Updates to post-delivery detections and investigations – Microsoft are rolling out updates to alerts and investigations including new alert policies and post-delivery detections related to Zero-hour auto purge (ZAP). Roadmap ID: 70614
  • Microsoft Defender for Office 365: Safe Links Protection for Microsoft Teams – The power of Safe Links will now be available to protect users from malicious links sent via Microsoft Teams. Roadmap ID: 34298
  • Microsoft Defender for Office 365 Auto-remediation with enhanced playbooks – Auto-remediation of threats with additional playbooks and deeper integration with Microsoft Cloud App Security and Azure Active Directory. Roadmap ID: 34296
  • Microsoft Defender for Office 365: Blocking URLs and Files with Tenant Allow/Block List – In order to provide a way for customers to block URLs and files at the time of click and during mail flow, we’re developing a portal to help you self-serve and do it yourself. Roadmap ID: 61352
  • Microsoft Information Protection: Manual sensitivity labelling available in Office apps for Government clouds – You can now apply sensitivity labels to important documents and associate the labels with protection policies within the Outlook and Word/Excel/PowerPoint applications. The labels can also be associated with actions like encryption and visual marking. Roadmap ID: 63662
  • Microsoft Information Protection: Manual sensitivity labeling available in Office apps for DoD – You can now apply sensitivity labels to important documents and associate the labels with protection policies within the Outlook and Word/Excel/PowerPoint applications. The labels can also be associated with actions like encryption and visual marking. Roadmap ID: 76504
  • Microsoft Information Protection: Exact Data Match will support data configuration – Exact Data Match will support data configuration, allowing text case and character delimiters to optionally be ignored, helping reduce the need for manually defining minor variations in the hashed and uploaded data being protected. Roadmap ID: 65880
  • Microsoft 365 compliance center: Communication Compliance availability for government clouds – Communication Compliance is an insider risk solution in Microsoft 365 that helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization. Roadmap ID: 67112
  • Microsoft Information Protection: Auto-classification with sensitivity labels in SPO, EXO, OneDrive for gov clouds – Auto-classification with sensitivity labels in OneDrive, SharePoint Online, and Exchange Online will soon be available in GCC, GCC-High and, DoD environments. Roadmap ID: 67125
  • Azure Information Protection: Microsoft 365 Groups: support for Sensitivity Labels in Government Community Clouds – Microsoft 365 Groups will soon support Sensitivity Labels to help you manage privacy and external access. Roadmap ID: 67158
  • Microsoft Information Protection: AIP client and scanner data available in Audit and Activity explorer – Azure Information Protection (AIP) customers can now access data in Microsoft 365 compliance center Audit logs and Activity explorer, in addition to the AIP Analytics portal. This means that all data logged via AIP client and AIP scanner can be witnessed along with the rest of the Microsoft Information Protection (MIP) and Data Loss Prevention (DLP) data sets from native Office apps and other cloud resources. Roadmap ID: 70600
  • Microsoft 365 compliance center: Auto-apply retention labels leveraging document understanding – Easily assign a retention label created in the Microsoft 365 compliance center to a document understanding model that you created, leveraging the document classification in Project Cortex for dual purposes— business processes and compliance. Roadmap ID: 68690
  • Microsoft 365 compliance center: Auto-apply retention labels leveraging document understanding – Easily assign a retention label created in the Microsoft 365 compliance center to a document understanding model that you created, leveraging the document classification in Project Cortex for dual purposes— business processes and compliance. Roadmap ID: 68690
  • Microsoft Defender for Endpoint: Web Content Filtering – Web content filtering is a feature in Microsoft Defender for Endpoint that enables security administrators to track and regulate access to websites based on specified content categories. Roadmap ID: 68851
  • Microsoft Compliance center: Compliance capabilities for card content generated through apps in Teams messages – We are extending Microsoft 365 compliance capabilities to content generated through Teams apps. Roadmap ID: 68875
  • Microsoft 365 compliance center: Advanced Audit log retention (1 year) – Log retention for up to one year to meet investigation requirements and customize retention policies per an organization’s requirements. Roadmap ID: 68878
  • Microsoft Compliance center: Information barriers for GCC – Information barriers is a compliance feature to restrict communication and collaboration between two groups to avoid a conflict of interest from occurring in your organization. Roadmap ID: 68898
  • Microsoft Teams: Sensitivity Labels for GCC, GCC-H, and DoD Clouds – Sensitivity labels created in the security and compliance admin center can now be used to control the privacy and guest access settings of the team. Roadmap ID: 68907
  • Microsoft Information Protection: Office 365 Advanced Message Encryption – Email revocation by end user – Microsoft are extending the email revocation capabilities to the end user. Previously, you had to be an admin to revoke an already sent message; with this update, end users will have this capability as well. Roadmap ID: 68908
  • Microsoft Information Protection: Upgraded data classification confidence levels – Microsoft are upgrading the confidence levels (match accuracy) from a numerical scale of 1 to 100 to three distinct levels: high, medium, and low. Each level reflects how much supporting evidence is detected along with primary element. Roadmap ID: 68915
  • Microsoft Information Protection: Copy and edit built-in info types and other improvements – You can now copy built-in sensitive info types and edit the copied versions to fine-tune them to for your organization. Other highlights include the ability to use validators (like a Luhn check) for regular expressions and additional checks to help refine detection, including options for excluding text, defining starting and ending characters, and more. Roadmap ID: 68916
  • Microsoft Information Protection: Automatic and recommended sensitivity labeling available in Office apps for DoD – Automatic and recommended sensitivity labeling, based on content inspection, is natively built into Office apps within Outlook and Word/Excel/PowerPoint applications on Windows (in the Office 365 subscription version of the Office apps) and Office Online. Roadmap ID: 76502
  • Microsoft Information Protection: Auditing and Analytics in Office apps – Office apps (Word, Excel, PowerPoint, Outlook) will now send user label activity data to the Audit Log and Activity Explorer for admins to search and review. Roadmap ID: 70542
  • Microsoft Defender for Office 365: Improvements to Alerts and Hunting – Microsoft are releasing a number of updates to alerts and hunting, including: Extending data retention for Threat Explorer and Real-time detections from 7 days to 30 days for trial tenants, after which you will be able to search for data for 30 days. Roadmap ID: 70544

Release – March 2021

  • 🆕 Microsoft 365 compliance center: “Watch-the-watchers” audit trail for Insider Risk Management – Audit and review activities of IRM Analyst, IRM Investigator, and IRM Admin roles within the Microsoft 365 Insider Risk Management solution. Roadmap ID: 68921
  • Microsoft 365 compliance center: Audit retention dashboard for government clouds – Create and manage audit log retention policies within the new Audit retention dashboard in the Microsoft 365 compliance center. Roadmap ID: 70627
  • Microsoft Defender for Office 365: Detonation details – Microsoft are working to reveal more of the details that led to a malicious verdict when URLs or files are detonated in Microsoft Defender for Office 365. Roadmap ID: 64570
  • Microsoft Defender for Identity: Administrative functions in Microsoft 365 security center – Defender for Identity’s administrative functions will be available to view and edit within the Microsoft 365 security center. Roadmap ID: 68886
  • Microsoft Defender for Identity: Full alert experience in Microsoft 365 security center – Defender for Identity will offer it’s full alert and investigation experiences natively within the Microsoft 365 security center. Roadmap ID: 68887
  • Microsoft Defender for Identity: New Detection – Golden ticket using AES encryption – An alert already exists to detect instances where an attacker downgrades the encryption level of the ticket-granting ticket (TGT) field, but this new alert introduces detection capabilities for when an attacker uses the KRBTGT AES hash to generate the ticket. Roadmap ID: 68888
  • Microsoft Defender for Identity: Detection improvement – Netlogon – An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol, also known as Netlogon Elevation of Privilege Vulnerability. Defender for Identity already has a detection for this, but this improvement adds capabilities to determine potential encryption and null source account logic detection to the alert, improving accuracy and potential for false positives. Roadmap ID: 68890
  • Microsoft Defender for Identity: Detection improvement – Suspicious additions to sensitive groups – New logs are being added to the detection logic for what is “normal” in a particular environment. This will remove an initial dependency on establishing a baseline so that detection is available to use immediately for known sensitive groups. Roadmap ID: 68891
  • Microsoft 365 Compliance Center: Communication Compliance can now leverage optical character recognition to extract and evaluate messages – Introducing the ability to extract printed or handwritten text from images using Azure’s Computer Vision Optical Character Recognition (OCR). Text extracted will then be evaluated against Communication Compliance policies conditions. Roadmap ID: 70622
  • Microsoft 365 Compliance Center: Communication Compliance now support 7 languages for the Threat, Targeted Harassment and Profanities classifiers – Communication Compliance can now detect threat, targeted harassment, and profanities in the following languages: English, French, Spanish, German, Portuguese, Italian, Japanese, and Chinese. Roadmap ID: 70623

Release – April 2021

  • Microsoft 365 Compliance Center: Insider risk management hand-off – Introducing a new remediation action in Communication Compliance that will enable a user to be added to an existing Insider risk management policy for further evaluation. Roadmap ID: 68686
  • Microsoft 365 Compliance Center: Policy health check and ability to pause policy – Provide guidance during Communication Compliance policy creation on the settings used and the potential volume of items that will be captured. Roadmap ID: 68687
  • Microsoft 365 Compliance Center: Ability to set a retention period for a Communication Compliance policy – Introducing the ability to define how long content captured by a Communication Compliance policy is retained. Roadmap ID: 68688
  • Microsoft 365 Compliance Center: Ability to ignore email signature or disclaimer – Provide the ability within Communication Compliance to define text that should be ignored during policy evaluation to avoid false positives.  Roadmap ID: 68133

Release – June 2021

  • Microsoft Defender for Identity: Auditing capabilities – Defender for Identity will offer audit logs for most activity types, allowing administrators to track changes to administrative settings and configurations. Roadmap ID: 68885

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s