Microsoft 365 roadmap roundup – 2nd August 2021

Use these buttons to switch between each product’s roadmap updates.

Microsoft Information Protection

Updates listed under this heading combines the following products: Azure Information Protection, 365 compliance center, Information Protection, Office 365 Advanced Threat Protection, Microsoft Defender, Microsoft Intune, Office 365 Data Loss Prevention and Security and Compliance center.

  • Launched (8)
  • Rolling out (3)
  • In development (45)

🍾 LAUNCHED

  • Microsoft Defender for Office 365: Detonation details – Microsoft are working to reveal more of the details that led to a malicious verdict when URLs or files are detonated in Microsoft Defender for Office 365. Roadmap ID: 64570
  • Microsoft Information Protection: Data-at-Rest Encryption for Microsoft 365 in WWMT and GCC – Data at rest encryption for Microsoft 365 provides customer key based encryption across multiple M365 workloads. Tenant administrators can configure a single data encryption policy using customer managed keys and assign it to the tenant. Roadmap ID: 68869
  • Microsoft Defender for Identity: Detection improvement – Suspicious additions to sensitive groups – New logs are being added to the detection logic for what is “normal” in a particular environment. This will remove an initial dependency on establishing a baseline so that detection is available to use immediately for known sensitive groups. Roadmap ID: 68891
  • Microsoft 365 Compliance Center: Data loss prevention (DLP) data surfaced in Activity Explorer – DLP-related data sets which currently flow into Microsoft 365 Audit logs will now also surface within Activity Explorer under an activity called ‘DLP rule matched’. Roadmap ID: 70730
  • Microsoft Information Protection: New conditions for auto-labeling in Exchange Online – An auto-labeling policy can now apply a label to Exchange Online email based on sender, recipient, subject, or header matches without requiring a scan for sensitive content. Roadmap ID: 72225
  • Microsoft Information Protection: Auditing and Analytics in Office apps – Office apps (Word, Excel, PowerPoint, Outlook) will now send user label activity data to the Audit Log and Activity Explorer for admins to search and review. Roadmap ID: 83703
  • Microsoft 365 compliance center: Data loss prevention (DLP) data surfaced in Activity Explorer – DLP-related data sets which currently flow into Microsoft 365 Audit logs will now also surface within Activity Explorer under an activity called ‘DLP rule matched’. Roadmap ID: 82008
  • Microsoft Defender for Identity: New guide to configure security for internal organization identities and devices – In this step-by-step guide you’ll verify that you’ve satisfied all environment prerequisites, create a Defender for Identity instance, connect to Active Directory, and install your sensor. Roadmap ID: 82058

🚂 ROLLING OUT

  • Defender for Office 365: Updates to Management Activity API – We are introducing additional data within Email detection details like Authentication information, Override details, Additional Actions, Phish confidence level and other details for efficient investigation. Roadmap ID: 70744
  • Microsoft 365 compliance center: Data loss prevention (DLP) solution overview page – The DLP solution overview page will appear in the Microsoft 365 compliance center and house policy recommendation widgets and other actions and guidance related to your available DLP solutions. Roadmap ID: 83704
  • Microsoft Defender for Office 365: Investigation updates for improved email threats and actions – We have new updates and improvements to the Automated Investigation and Response (AIR) playbooks to better capture the state of the emails and entities that are being investigated. Roadmap ID: 82056

⌛ IN DEVELOPMENT

Release – August 2021

  • 🆕 Microsoft Cloud App Security: App governance add-on to Microsoft Cloud App Security – App governance add-on feature to Microsoft Cloud App Security is a security and policy management capability that customers can use to monitor and govern app behaviors and quickly identify, alert, and protect from risky behaviors with data, users, and apps. Roadmap ID: 82026
  • 🆕 Microsoft Defender for Office 365: Email summary panel – We launched a single, integrated view with the email entity page, and now we’re making it easier to see this information in multiple experiences. This feature release targets more consistency, and easier navigation, saving time and effort for the customers. Roadmap ID: 82101
  • Microsoft Defender for Office 365: Request Release workflow – We’ve added a way for end users to triage quarantined phish messages. Roadmap ID:62449
  • Microsoft Defender for Office 365: Quarantine – Custom Policy and Folder – Previously, quarantine behaviour was configured through each individual filtering policy. To reduce complexity, we’ve moved new and existing quarantine parameters into a standalone Quarantine policy. Roadmap ID: 62450
  • Microsoft Defender for Office 365: Safe Links Protection for Microsoft Teams – The power of Safe Links will now be available to protect users from malicious links sent via Microsoft Teams. Roadmap ID: 34298
  • Microsoft Defender for Endpoint: Web Content Filtering – Web content filtering is a feature in Microsoft Defender for Endpoint that enables security administrators to track and regulate access to websites based on specified content categories. Roadmap ID: 68851
  • Microsoft Defender for Identity: Administrative functions in Microsoft 365 security center – Defender for Identity’s administrative functions will be available to view and edit within the Microsoft 365 security center. Roadmap ID: 68886
  • Microsoft 365 compliance center: Increased set of first-party indicators for Insider Risk Management – The Microsoft 365 Insider Risk Management solution will now recognize an increase set of first party indicators, including Endpoint (Windows 10), Microsoft Teams, Azure Active Directory, SharePoint Online, and Microsoft Cloud Access Security. Roadmap ID: 68924
  • Microsoft Information Protection: AIP client and scanner data available in Audit and Activity explorer – Azure Information Protection (AIP) customers can now access data in Microsoft 365 compliance center Audit logs and Activity explorer, in addition to the AIP Analytics portal. This means that all data logged via AIP client and AIP scanner can be witnessed along with the rest of the Microsoft Information Protection (MIP) and Data Loss Prevention (DLP) data sets from native Office apps and other cloud resources. Roadmap ID: 70600
  • Microsoft Cloud App Security: MFA step-up auth – This feature enables enforcing of conditional access policies during a user session. Roadmap ID: 70603
  • Microsoft 365 compliance center: Insider Risk Management recognizes sensitivity label downgrade – Insider Risk Management will now be able to identify documents where the user successfully downgrades the sensitivity label applied on it. Roadmap ID: 70630
  • Microsoft 365 compliance center: Enhanced support for domains in Insider Risk Management – Insider Risk Management now support enhanced classification of unallowed, allowed, and third-party domains leveraging wildcards. Roadmap ID: 70631
  • Microsoft 365 compliance center: Insider Risk Management analytics – The Microsoft 365 Insider Risk Management solution will now provide aggregated and anonymized analytics to help identify potential insider risk activity within the organization. Roadmap ID: 70633
  • Microsoft 365 Compliance Center: Insider Risk Management supports fine-grained role-based access control – Insider Risk Management will now limit visibility of alerts and cases related to priority users to specific IRM Analysts or IRM Investigators. Roadmap ID: 70711
  • Microsoft 365 Compliance Center: Insider Risk Management supports native triggers – The Microsoft 365 Insider Risk Management solution will now leverage native triggers for Data Leak or Departing Employee Data Theft policy templates. Roadmap ID: 70712
  • Microsoft 365 Compliance Center: Insider Risk Management supports sequencing – Insider Risk Management will improve fidelity of detections by looking for sequences of events over time. Roadmap ID: 70713
  • Microsoft 365 Compliance Center: Enhanced user management in Insider Risk Management solution – We’re improving the experience around manually adding or removing users from Insider Risk Management policy scoring scope. Roadmap ID: 70715
  • Microsoft 365 compliance center | Advanced eDiscovery: Discover only the document version that has been shared – To help customers efficiently meet their regulatory obligations for discovery, Advanced eDiscovery plans to support the ability to discover the version of the document at the time that it was shared. This helps ensure that the correct document information is available to eDiscovery processes. Roadmap ID: 70718
  • Microsoft 365 Compliance Center: Information barriers for GCCH and DoD – Information barriers is a compliance feature to restrict communication and collaboration between two groups to avoid a conflict of interest from occurring in your organization. Roadmap ID: 70729
  • Microsoft Information Protection: Configure external sharing for sensitivity labels in Teams and SharePoint sites – With this update, you can set controls on external sharing while configuring a Team or site protection policy. For example you can set a very restrictive one for a Team or site labeled ‘confidential’—restricting sharing with people outside the organization or set a very relaxed one for a Team or site labeled ‘general’—allowing anyone with a link to access without requiring sign-in. Roadmap ID: 70735
  • Microsoft 365 compliance center: New Permissions management page – We’re adding a new Permissions page within the Microsoft 365 compliance center. Admins will be able to use this new page to view and assign user roles and create and modify custom role groups – activities currently managed within the legacy Office 365 Security & Compliance Center. Roadmap ID: 82005
  • Microsoft Defender for Office 365: Admin review and feedback – With the new admin review feature, your security team will be able to quickly review reported messages and choose appropriate responses, automatically sending predefined but customizable emails to your end users. Roadmap ID: 82025
  • Microsoft Information Protection: Exact Data Match to support Auto-labeling (client-side) – Organizations will be able to configure new or existing client-side Auto-labeling policies using Exact Data Match (EDM) Sensitive Information Types (SITs), enabling more fine-grained control over which sensitive content gets labeled. Roadmap ID: 82071
  • Microsoft Information Protection: Migrate legacy exchange DLP policies to the M365 compliance center – The Exchange DLP migration wizard will enable you to seamlessly migrate the exchange DLP policies managed in the exchange admin center to the compliance center. M365 compliance center provides access to advanced classification capabilities like EDM, ML etc. along with rich alerts, incident management features and more. Roadmap ID: 70790
  • Microsoft 365 Compliance Center: Microsoft Information Protection & Governance now supports 7 languages for the Threat, Targeted Harassment and Profanities classifiers – Trainable classifiers in Information Protection & Governance can now detect threat, targeted harassment, and profanities in the following languages: English, French, Spanish, German, Portuguese, Italian, Japanese, and Chinese. Roadmap ID: 70798
  • Microsoft 365 Compliance Center: New predictive coding module in Advanced eDiscovery – As part of this preview release, legal practitioners can organize content for review faster by going through training rounds of relevant and non-relevant content to iteratively train and tune the model performance by starting with as little as 50 items. This is an improvement from traditional models that require customers to train upwards of 10 times more documents to get started and see the output of the model. Roadmap ID: 70805
  • Microsoft 365 compliance center: Collection of Teams conversation as transcript in Advanced eDiscovery – eDiscovery managers will soon have the flexibility to collect Teams messages as transcript items. Transcripts will aggregate and thread messages in the same Teams conversations into a single HTML file that is available for review and export. Roadmap ID: 70812
  • Microsoft Compliance center: New named entities SITs and enhanced unified policy authoring templates (Public Preview) – Named entities are sensitive information types (SITs) that can’t easily be identified by a regular expression or a function; these include person names, physical addresses, and medical terms & conditions. This update adds 52 new SITs representing named entities, and 10 enhanced policy templates that can be used in solutions such as DLP and auto-labeling, and cover important regulations, such as US HIPAA and EU GDPR. Roadmap ID: 72194
  • Microsoft Defender for Identity: Alert exclusion in Microsoft 365 security center – One of the most widely used features relating to alerting in Defender for Identity is being able to tune them and make sure you are only alerted on what should be getting your attention. Roadmap ID: 72203
  • Microsoft Defender for Endpoint: Network device discovery for Microsoft Defender for Endpoint – Network device discovery for Microsoft Defender for Endpoint enables organizations to discover and secure network devices. Once discovered Defender for Endpoint’s threat and vulnerability management capabilities will be able to provide security recommendations for network devices. Roadmap ID: 72209
  • Microsoft 365 Compliance center: Continuous compliance assessments – Automated testing and documentation of scored actions in Compliance Manager with the ability to view or download evidence for an automatically scored action. Roadmap ID: 72222
  • Microsoft 365 compliance center: Communication Compliance can now leverage optical character recognition to extract and evaluate messages – Introducing the ability to extract printed or handwritten text from images using Azure’s Computer Vision Optical Character Recognition (OCR). Text extracted will then be evaluated against Communication Compliance policies conditions. Roadmap ID: 83702
  • Microsoft Compliance center: Insider Risk Management integration with Teams and Power Automate – Insider Risk Management integration with Microsoft Teams allows for richer collaboration across an organization. Additionally, integration with Power Automate allows organizations to configure Power Automate flows to automate tasks for Insider Risk Management cases and users. Roadmap ID: 83955
  • Microsoft Compliance center: Insider Risk Management: Intelligent detections – Domain settings – Intelligent detection domain settings help you define risk levels for activities to specific domains. By specifying domains in these settings, you can increase or decrease the risk scoring for activity that takes place with these domains. Roadmap ID: 83958
  • Microsoft Information Protection: Microsoft 365 Endpoint data loss prevention (DLP) for GCC – Endpoint DLP extends the activity monitoring and protection capabilities of DLP to sensitive items that are on Windows 10 devices. Once devices are onboarded into device management, the information about what users are doing with sensitive items is made visible in activity explorer and you can enforce protective actions on those items via DLP policies. Roadmap ID: 81973
  • Microsoft Information Protection: Microsoft 365 Endpoint data loss prevention (DLP) for GCC-H and DoD – Endpoint DLP extends the activity monitoring and protection capabilities of DLP to sensitive items that are on Windows 10 devices. Roadmap ID: 81974
  • Microsoft Information Protection: Exact Data Match to support Customer Managed Key – Customers will be able to encrypt Exact Data Match (EDM) data using their own Customer Managed Key (CMK), further enhancing EDM data security. Roadmap ID: 81988
  • Microsoft Cloud App Security: Cloud Access Security Broker for GCC – Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that secures SaaS and multi-cloud solutions. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Roadmap ID: 82037
  • Microsoft Compliance center: Additional third-party data connectors (Veritas) – Use data connectors to import and archive third-party data from social media platforms, instant messaging platforms, document collaboration platforms and more, to mailboxes in your Microsoft 365 organization where you can then apply various Microsoft 365 compliance solutions to the imported data. This helps you ensure that your organization’s non-Microsoft data is in compliance with the regulations and standards that affect your organization. There are more additional connectors to come from Veritas (formerly Globanet). Roadmap ID: 82038

Release – September 2021

  • Microsoft Information Protection: Data-at-Rest Encryption for Microsoft 365 in DoD and GCC-High – Data at rest encryption for Microsoft 365 provides customer key based encryption across multiple M365 workloads. Tenant administrators can configure a single data encryption policy using customer managed keys and assign it to the tenant. Roadmap ID: 68870
  • Microsoft Defender for Office 365: Detonation Details for GCC and DoD environments – Detonation details will be exposed within the email entity page for malicious URLs and files which got detonated. These detonation details will contain detonation chain, summary, indicators of compromise, screenshots, and behaviour details. Roadmap ID: 81991
  • Microsoft Defender for Office 365: Email entity page for GCC and DoD environments – The email entity page will contain information in parity with existing email details flyout in protection.offfice.com from Threat Explorer, along with new information regarding authentication and detections, a revamped email preview capability for cloud mailbox emails, and detonation details for related files or URLs. Roadmap ID: 81992

Release – November 2021

  • 🆕 Microsoft Information Protection: Granular conditional access policies via “Sensitivity Labels” for SharePoint Online sites – Admins will have the ability to use Azure AD conditional access policies to trigger multi-factor authentication (MFA), device and location policies on a specific SharePoint site collection based by simply attaching CA policies to a label. Roadmap ID: 82115

Release – December 2021

  • 🆕 Microsoft Information Protection: Granular conditional access policies via “Sensitivity Labels” for SharePoint Online sites for GCC -High and DoD – Admins will have the ability to use Azure AD conditional access policies to trigger multi-factor authentication (MFA), device and location policies on a specific SharePoint site collection based by simply attaching CA policies to a label. Roadmap ID: 85979
  • Advanced eDiscovery: support Teams reactions – Discover Teams reactions (heart, thumbs up, thumbs down, laugh, surprised, angry) in Advanced eDiscovery. Roadmap ID: 65130

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s