Microsoft 365 roadmap roundup – 5th July 2021

Use these buttons to switch between each product’s roadmap updates.

Microsoft Information Protection

Updates listed under this heading combines the following products: Azure Information Protection, 365 compliance center, Information Protection, Office 365 Advanced Threat Protection, Microsoft Defender, Microsoft Intune, Office 365 Data Loss Prevention and Security and Compliance center.

  • Launched (2)
  • Rolling out (3)
  • In development (45)

🍾 LAUNCHED

  • Microsoft Defender for Office 365: Enhancements to Spoof Intelligence – Spoof intelligence experience for Security Admins will introduce enhancements so that Admins can setup spoof configurations, manage spoof allow/block lists for a tenant, review insights provided by spoof intelligence and view/export detailed spoof detections report. Roadmap ID: 70590
  • Microsoft Defender for Office 365: Expanded limits for protected users within anti-phishing policies – Microsoft are expanding the limits for protected users in the anti-phishing policy to allow 350 users. Roadmap ID: 81981

🚂 ROLLING OUT

  • Microsoft Defender for Office 365: Advanced Delivery for SecOps Mailboxes and Third-Party Phishing Simulations – Advanced delivery gives admins the ability to configure advanced message delivery for special scenarios, including third-party phishing simulation campaigns and SecOps mailboxes. Roadmap ID: 72207
  • Microsoft Information Protection: New conditions for auto-labeling in Exchange Online – An auto-labeling policy can now apply a label to Exchange Online email based on sender, recipient, subject, or header matches without requiring a scan for sensitive content. Roadmap ID: 72225
  • Microsoft Information Protection: Exact Data Match to support Customer Managed Key – Customers will be able to encrypt Exact Data Match (EDM) data using their own Customer Managed Key (CMK), further enhancing EDM data security. Roadmap ID: 81987

⌛ IN DEVELOPMENT

Release – July 2021

  • 🆕 Microsoft Defender for Identity: New guide to configure security for internal organization identities and devices – In this step-by-step guide you’ll verify that you’ve satisfied all environment prerequisites, create a Defender for Identity instance, connect to Active Directory, and install your sensor. Roadmap ID: 82058
  • 🆕 Microsoft Defender for Identity: Native “response” actions – From this release SecOps will have the ability to directly lock the Active Directory account, or to prompt for the password to be reset, meaning more direct action can be taken when a user is compromised. Roadmap ID: 82077
  • Microsoft Defender for Office 365: Detonation details – Microsoft are working to reveal more of the details that led to a malicious verdict when URLs or files are detonated in Microsoft Defender for Office 365. Roadmap ID: 64570
  • Microsoft Defender for Office 365: Request Release workflow – We’ve added a way for end users to triage quarantined phish messages. Roadmap ID:62449
  • Microsoft Defender for Office 365: Quarantine – Custom Policy and Folder – Previously, quarantine behaviour was configured through each individual filtering policy. To reduce complexity, we’ve moved new and existing quarantine parameters into a standalone Quarantine policy. Roadmap ID: 62450
  • Expanded support to search and export items in SharePoint and OneDrive for Business Recycle Bin in Core eDiscovery & Advanced eDiscovery – The eDiscovery and SharePoint Online teams are making architectural changes that will make the Recycle Bin (both first-stage and second-stage Recycle Bins) in SharePoint Online and OneDrive for Business searchable and exportable by eDiscovery Managers. That means organizations can search and export items in the Recycle Bin regardless of whether a site is on hold or not. Roadmap ID: 67092
  • Microsoft Compliance center: Advanced Audit – Search term events in Exchange Online and SharePoint Online for Government clouds – Advanced Audit helps organizations to conduct forensic and compliance investigations by providing access to crucial events such as when mail items were accessed, or when mail items were replied to and forwarded, and when and what a user searched for in Exchange Online and SharePoint Online. Roadmap ID: 68718
  • Microsoft Defender for Endpoint: Web Content Filtering – Web content filtering is a feature in Microsoft Defender for Endpoint that enables security administrators to track and regulate access to websites based on specified content categories. Roadmap ID: 68851
  • Microsoft Defender for Identity: Administrative functions in Microsoft 365 security center – Defender for Identity’s administrative functions will be available to view and edit within the Microsoft 365 security center. Roadmap ID: 68886
  • Microsoft 365 compliance center: “Watch-the-watchers” audit trail for Insider Risk Management – Audit and review activities of IRM Analyst, IRM Investigator, and IRM Admin roles within the Microsoft 365 Insider Risk Management solution. Roadmap ID: 68921
  • Microsoft 365 compliance center: Increased set of first-party indicators for Insider Risk Management – The Microsoft 365 Insider Risk Management solution will now recognize an increase set of first party indicators, including Endpoint (Windows 10), Microsoft Teams, Azure Active Directory, SharePoint Online, and Microsoft Cloud Access Security. Roadmap ID: 68924
  • Microsoft 365 Compliance center: Information governance – Auto-labeling of cloud attachments – This update enables organizations to automatically apply retention labels to the version of files shared as cloud attachments, which are live links of SharePoint or OneDrive content that can be shared via emails or Teams messages. Roadmap ID: 70580
  • Microsoft 365 compliance center: Advanced Audit – Teams reactions on messages – See new audit activity related to Teams reactions on messages. Roadmap ID: 70585
  • Microsoft 365 compliance center: Advanced eDiscovery – Hold optimizations – This update provides various service optimizations for Advanced eDiscovery, including hold reliability and limits increase. Roadmap ID: 70586
  • Microsoft Information Protection: AIP client and scanner data available in Audit and Activity explorer – Azure Information Protection (AIP) customers can now access data in Microsoft 365 compliance center Audit logs and Activity explorer, in addition to the AIP Analytics portal. This means that all data logged via AIP client and AIP scanner can be witnessed along with the rest of the Microsoft Information Protection (MIP) and Data Loss Prevention (DLP) data sets from native Office apps and other cloud resources. Roadmap ID: 70600
  • Microsoft Cloud App Security: MFA step-up auth – This feature enables enforcing of conditional access policies during a user session. Roadmap ID: 70603
  • Microsoft 365 compliance center: Insider Risk Management recognizes sensitivity label downgrade – Insider Risk Management will now be able to identify documents where the user successfully downgrades the sensitivity label applied on it. Roadmap ID: 70630
  • Microsoft 365 compliance center: Insider Risk Management recognizes sensitivity label downgrade – Insider Risk Management will now be able to identify documents where the user successfully downgrades the sensitivity label applied on it. Roadmap ID: 70630
  • Microsoft 365 compliance center: Enhanced support for domains in Insider Risk Management – Insider Risk Management now support enhanced classification of unallowed, allowed, and third-party domains leveraging wildcards. Roadmap ID: 70631
  • Microsoft 365 Compliance Center: Insider Risk Management supports fine-grained role-based access control – Insider Risk Management will now limit visibility of alerts and cases related to priority users to specific IRM Analysts or IRM Investigators. Roadmap ID: 70711
  • Microsoft 365 Compliance Center: Insider Risk Management supports native triggers – The Microsoft 365 Insider Risk Management solution will now leverage native triggers for Data Leak or Departing Employee Data Theft policy templates. Roadmap ID: 70712
  • Microsoft 365 Compliance Center: Insider Risk Management supports sequencing – Insider Risk Management will improve fidelity of detections by looking for sequences of events over time. Roadmap ID: 70713
  • Microsoft 365 Compliance Center: Enhanced user management in Insider Risk Management solution – We’re improving the experience around manually adding or removing users from Insider Risk Management policy scoring scope. Roadmap ID: 70715
  • Microsoft 365 compliance center | Advanced eDiscovery: Discover only the document version that has been shared – To help customers efficiently meet their regulatory obligations for discovery, Advanced eDiscovery plans to support the ability to discover the version of the document at the time that it was shared. This helps ensure that the correct document information is available to eDiscovery processes. Roadmap ID: 70718
  • Microsoft 365 Compliance Center: Data loss prevention (DLP) data surfaced in Activity Explorer – DLP-related data sets which currently flow into Microsoft 365 Audit logs will now also surface within Activity Explorer under an activity called ‘DLP rule matched’. Roadmap ID: 70730
  • Microsoft Information Protection: Configure external sharing for sensitivity labels in Teams and SharePoint sites – With this update, you can set controls on external sharing while configuring a Team or site protection policy. For example you can set a very restrictive one for a Team or site labeled ‘confidential’—restricting sharing with people outside the organization or set a very relaxed one for a Team or site labeled ‘general’—allowing anyone with a link to access without requiring sign-in. Roadmap ID: 70735
  • Defender for Office 365: Updates to Management Activity API – We are introducing additional data within Email detection details like Authentication information, Override details, Additional Actions, Phish confidence level and other details for efficient investigation. Roadmap ID: 70744
  • Microsoft Information Protection: Migrate legacy exchange DLP policies to the M365 compliance center – The Exchange DLP migration wizard will enable you to seamlessly migrate the exchange DLP policies managed in the exchange admin center to the compliance center. M365 compliance center provides access to advanced classification capabilities like EDM, ML etc. along with rich alerts, incident management features and more. Roadmap ID: 70790
  • Microsoft 365 Compliance Center: Microsoft Information Protection & Governance now supports 7 languages for the Threat, Targeted Harassment and Profanities classifiers – Trainable classifiers in Information Protection & Governance can now detect threat, targeted harassment, and profanities in the following languages: English, French, Spanish, German, Portuguese, Italian, Japanese, and Chinese. Roadmap ID: 70798
  • Microsoft 365 Compliance Center: New predictive coding module in Advanced eDiscovery – As part of this preview release, legal practitioners can organize content for review faster by going through training rounds of relevant and non-relevant content to iteratively train and tune the model performance by starting with as little as 50 items. This is an improvement from traditional models that require customers to train upwards of 10 times more documents to get started and see the output of the model. Roadmap ID: 70805
  • Microsoft 365 compliance center: Collection of Teams conversation as transcript in Advanced eDiscovery – eDiscovery managers will soon have the flexibility to collect Teams messages as transcript items. Transcripts will aggregate and thread messages in the same Teams conversations into a single HTML file that is available for review and export. Roadmap ID: 70812
  • Microsoft Information Protection: Auto-classification with sensitivity labels in SPO, EXO, OneDrive for DoD – Auto-classification with sensitivity labels in OneDrive, SharePoint Online, and Exchange Online will soon be available in DoD environments. Roadmap ID: 72192
  • Microsoft Compliance center: New named entities SITs and enhanced unified policy authoring templates (Public Preview) – Named entities are sensitive information types (SITs) that can’t easily be identified by a regular expression or a function; these include person names, physical addresses, and medical terms & conditions. This update adds 52 new SITs representing named entities, and 10 enhanced policy templates that can be used in solutions such as DLP and auto-labeling, and cover important regulations, such as US HIPAA and EU GDPR. Roadmap ID: 72194
  • Microsoft Defender for Endpoint: Network device discovery for Microsoft Defender for Endpoint – Network device discovery for Microsoft Defender for Endpoint enables organizations to discover and secure network devices. Once discovered Defender for Endpoint’s threat and vulnerability management capabilities will be able to provide security recommendations for network devices. Roadmap ID: 72209
  • Microsoft 365 Compliance center: Out-of-the-box assessments for non-M365 assets Introducing pre-configured templates that extend Compliance Manager capabilities beyond Microsoft 365 assets. Roadmap ID: 72223
  • Microsoft 365 compliance center: Communication Compliance can now leverage optical character recognition to extract and evaluate messages – Introducing the ability to extract printed or handwritten text from images using Azure’s Computer Vision Optical Character Recognition (OCR). Text extracted will then be evaluated against Communication Compliance policies conditions. Roadmap ID: 83702
  • Microsoft Information Protection: Auditing and Analytics in Office apps – Office apps (Word, Excel, PowerPoint, Outlook) will now send user label activity data to the Audit Log and Activity Explorer for admins to search and review. Roadmap ID: 83703
  • Microsoft 365 Compliance center: Communication Compliance discrimination classifier – The Discrimination classifier aims to detect and triage explicit discriminatory language. Roadmap ID: 81971
  • Microsoft Compliance center: New DLP alert management dashboard for gov clouds – A new data loss prevention (DLP) alert management experience within the Microsoft 365 compliance center will enable admins to review, investigate, and manage DLP policy match events, related content, and associated metadata, as well as edit alert configuration options as a part of the DLP policy authoring experience. Roadmap ID: 81980
  • Microsoft Defender for Office 365: Detonation Details for GCC and DoD environments – Detonation details will be exposed within the email entity page for malicious URLs and files which got detonated. These detonation details will contain detonation chain, summary, indicators of compromise, screenshots, and behaviour details. Roadmap ID: 81991
  • Microsoft Defender for Office 365: Email entity page for GCC and DoD environments – The email entity page will contain information in parity with existing email details flyout in protection.offfice.com from Threat Explorer, along with new information regarding authentication and detections, a revamped email preview capability for cloud mailbox emails, and detonation details for related files or URLs. Roadmap ID: 81992
  • Microsoft 365 compliance center: New Permissions management page – We’re adding a new Permissions page within the Microsoft 365 compliance center. Admins will be able to use this new page to view and assign user roles and create and modify custom role groups – activities currently managed within the legacy Office 365 Security & Compliance Center. Roadmap ID: 82005
  • Microsoft 365 compliance center: Communication Compliance now support 7 languages for the Threat, Targeted Harassment and Profanities classifiers – Communication Compliance can now detect threat, targeted harassment, and profanities in the following languages: English, French, Spanish, German, Portuguese, Italian, Japanese, and Chinese. Roadmap ID: 82006
  • Microsoft Defender for Office 365: Investigation updates for improved email threats and actions – We have new updates and improvements to the Automated Investigation and Response (AIR) playbooks to better capture the state of the emails and entities that are being investigated. Roadmap ID: 82056

Release – December 2021

  • Microsoft Defender for Identity: New Detection – Golden ticket using AES encryption – An alert already exists to detect instances where an attacker downgrades the encryption level of the ticket-granting ticket (TGT) field, but this new alert introduces detection capabilities for when an attacker uses the KRBTGT AES hash to generate the ticket. Roadmap ID: 68888

One thought on “Microsoft 365 roadmap roundup – 5th July 2021

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s