Microsoft 365 roadmap roundup – 8th November 2021

Use these buttons to switch between each product’s roadmap updates.

Microsoft Information Protection

Updates listed under this heading combines the following products: Azure Information Protection, 365 compliance center, Information Protection, Office 365 Advanced Threat Protection, Microsoft Defender, Microsoft Intune, Office 365 Data Loss Prevention and Security and Compliance center.

  • Launched (4)
  • Rolling out (0)
  • In development (38)


  • Microsoft Defender for Office 365: Redirecting users to Microsoft 365 Defender – Microsoft will begin automatically redirecting users accessing the security-related capabilities in the Office 365 Security and Compliance center (, to Microsoft 365 Defender ( Roadmap ID: 82107
  • Microsoft Defender for Office 365: DomainKeys Identified Mail (DKIM) support for Advanced Delivery – We’re adding support for DomainKeys Identified Mail (DKIM) domains to our advanced delivery feature, enabling administrators to use DKIM domains in addition to sending domains to configure their third-party phishing simulations. Roadmap ID: 82083
  • Advanced Audit: User searches – User search event, which is generated when a user search was performed on Exchange Online or SharePoint Online. This is valuable especially if a malicious actor accessed an account to search for sensitive material. By analyzing the search query, an investigator can understand the kind of content being searched for. Roadmap ID: 68806
  • Advanced Audit: Mail send events – Mail send event is generated when a user sends, replies to, or forwards an email. Whether the action was malicious or unintentional, this event can let investigators know what metadata was contained in the emails sent from a compromised account. Roadmap ID: 68807




Release – November 2021

  • 🆕 Microsoft 365 compliance center: Insider Risk Management analytics – The Microsoft 365 Insider Risk Management solution will now provide aggregated and anonymized analytics to help identify potential insider risk activity within the organization. This is currently available in public preview.  Roadmap ID:88528
  • 🆕 Microsoft 365 compliance center: Insider risk management – File exfiltration signals from Edge or Chrome browsers – This allows your organization to detect and act on browser exfiltration signals for all non-executable files viewed in Microsoft Edge and Google Chrome browsers. This is currently available in public preview.  Roadmap ID:88484
  • 🆕 Microsoft 365 compliance center: Advanced eDiscovery – Historical versions – Now eDiscovery admins can designate specific SharePoint Online or OneDrive for Business sites to enable for historical versions functionality. This capability will enable organizations to quickly search across not only the current version of documents, but all the versions of the document.   Roadmap ID:81898
  • 🆕 Microsoft 365 compliance center: Insider risk management – Integration with Microsoft Sentinel – New integration with Microsoft Sentinel provides the flexibility to collect, detect, and investigate insider risk activities within Microsoft Sentinel. This native connector allows for seamless import of alerts, which provides analysts with a single pane of glass to review alerts for insider risk in a broader organizational context.   Roadmap ID:82151
  • 🆕 Microsoft 365 compliance center: Insider risk management – Exfiltration signals from macOS – Endpoint exfiltration signals for Office, PDF, and CSV files from macOS endpoints.   Roadmap ID:82152
  • 🆕 Microsoft 365 compliance center: Insider risk management – Healthcare connector and policy template – New healthcare policy template with built-in indicators that leverages data from Epic and other electronic medical records (EMR) solutions – using our Data Connectors – to help healthcare companies identify potential insider risks related to patient data misuse.    Roadmap ID:82153
  • Microsoft Defender for Office 365: The Attack Simulation Training landing page is now customizable – We’re pleased to announce the availability of a new landing page experience that allows customers to easily tailor the landing page to suit the requirements of their enterprise and include their own branding. Roadmap ID:85642
  • Microsoft 365 compliance center: Information governance and records management: new retention engine for SharePoint Online (Government clouds) – Introduction of our new retention engine for SharePoint Online (SPO) to Government clouds, which addresses the challenges with large tenants or tenants that must process large volumes of data. This will also enhance reliability and SLAs for retention. Roadmap ID:85628
  • Microsoft Defender for Office 365: Updates to the common attachment filter in the anti-malware policy – We’re adding file types to the common attachment filter (default block list) of the Anti-malware policy with three new file types. Please refer to Message Center for the updated list. Roadmap ID:85611
  • Microsoft 365 compliance center: Communication Compliance integration with Power Automate – Communication Compliance integration with Power Automate allows organizations to configure Power Automate flows to automate tasks for Communication Compliance cases and users. Roadmap ID:85604
  • Microsoft Defender for Office 365: Enhancements to quarantine message preview – We’re changing the way users preview quarantined messages to provide additional security against embedded threats.  With this change some components in quarantined messages will be distorted and not displayed by default. To see the full contents of the message, users can choose to reveal the full message. Roadmap ID:82098
  • Microsoft Defender for Office 365: Updates to spam reporting – We’re working on creating consistent reporting experiences for customers, and as a result we’re deprecating the standalone spam detections report. A new Spam detections report view will now be available in the Threat Protection Status report. Roadmap ID:85561
  • Microsoft Defender for Office 365: Localization of end user spam notifications – We’re making it easier to send end user spam notifications to users in multiple languages. Instead of Admins choosing the specific language for quarantine notifications, spam notifications will be sent by default in the language assigned to the user’s mailbox. Roadmap ID:85562
  • Microsoft Defender for Office 365: Priority account filtering for quarantine – We’re including the priority account tag in the quarantine experience, allowing admins to prioritize their focus on the organization’s most targeted and most visible users. Roadmap ID:85563
  • Microsoft Compliance center: Additional third-party data connectors (Veritas) – Use data connectors to import and archive third-party data from social media platforms, instant messaging platforms, document collaboration platforms and more, to mailboxes in your Microsoft 365 organization where you can then apply various Microsoft 365 compliance solutions to the imported data. Roadmap ID:82038
  • Microsoft Compliance center: Information governance – Retention policies for Yammer – This update enables organizations to apply retention policies on Yammer messages. Roadmap ID:82055
  • Microsoft Cloud App Security: Cloud Access Security Broker for GCC – The Microsoft Cloud App Security (MCAS) offering for GCC is built on the Microsoft Azure Government Cloud and is designed to inter-operate with the Microsoft 365 GCC environment. Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that secures SaaS and multi-cloud solutions. Roadmap ID:82037
  • Microsoft Information Protection: Exact Data Match to support Customer Managed Key – Customers will be able to encrypt Exact Data Match (EDM) data using their own Customer Managed Key (CMK), further enhancing EDM data security. EDM content that is encrypted using the CMK includes the data file schemas, rule packages, and the salts, which are used in hashing the sensitive data being protected. Roadmap ID:81988
  • Microsoft Defender for Identity: Alert exclusion in Microsoft 365 security center – With the exclusion capability landing in Microsoft 365 security center for Defender for Identity, you can tune the alerts and filter the detections based on entities that matter to you. We are also improving the experience in the allow-list functionality, making sure you can allow entities across all detections as opposed to allowing them per detection. Roadmap ID:72203
  • Azure Active Directory: Access Tokens issued by Azure AD will have lifetime of 60-90 minutes. – Access Tokens issued by Azure AD will have default lifetime between 60-90 minutes. Roadmap ID:72190
  • Microsoft Information Protection: Configure external sharing for sensitivity labels in Teams and SharePoint sites – With this update, you can set controls on external sharing while configuring a Team or site protection policy. Roadmap ID:70735
  • Microsoft 365 compliance center: Information barriers for GCCH and DoD – Information barriers is a compliance feature to restrict communication and collaboration between two groups to avoid a conflict of interest from occurring in your organization. Roadmap ID:70729
  • Microsoft Defender for Identity: Administrative functions in Microsoft 365 security center – As part of the ongoing work to improve the experience of Security Operations professionals and consolidate the functionality of multiple portals into a single space that SecOps can interact with their threat and incident data, Defender for Identity’s administrative functions will be available to view and edit within the Microsoft 365 security center. Roadmap ID:68886
  • Microsoft Compliance Center: Expanded support to search and export items in SharePoint and OneDrive for Business Recycle Bin in Advanced eDiscovery – The eDiscovery and SharePoint Online teams are making architectural changes that will make the Recycle Bin (both first-stage and second-stage Recycle Bins) in SharePoint Online and OneDrive for Business searchable and exportable by eDiscovery Managers. That means organizations can search and export items in the Recycle Bin regardless of whether a site is on hold or not. Roadmap ID:67092
  • Microsoft Defender for Office 365: Request Release workflow – We’ve added a way for end users to triage quarantined phish messages. We’ve introduced an option to grant end users read-only access to the quarantine to view quarantined messages and request that an admin release messages to the inbox. Roadmap ID:62449
  • Microsoft Defender for Office 365: Quarantine – Custom Policy and Folder – Previously, quarantine behavior was configured through each individual filtering policy. To reduce complexity, we’ve moved new and existing quarantine parameters into a standalone Quarantine policy.  Roadmap ID:62450
  • Microsoft Defender for Office 365: Quarantine integration for user and admin submissions – With this change we’re giving admins the ability to allow senders for a specified period of time, right from the quarantine workflow. When releasing emails to end users, admins can now opt to remember this decision by creating an entry in the tenant allow/block list that corresponds to the indicator of compromise aligned with the message in question. Roadmap ID:82097
  • Microsoft Compliance center: Information Governance: Retention label deletion behavior change in SharePoint – Improved consistency of user experience between OneDrive and SharePoint, allowing users to “delete” files labeled with a retention label configured to “retain items for a specific period” as this operation is no longer blocked with an error message. When deleted, these files will still be preserved for compliance purposes by moving a copy of them to the “Preservation Hold Library” of the site where they can be accessed by eDiscovery and other compliance solutions. Roadmap ID:82063

Release – December 2021

  • 🆕 Azure Active Directory: Continuous Access Evaluation (CAE) – CAE (Continuous Access Evaluation) provides enhanced security and resilience by issuing long-lived tokens and being able to revoke user access in real-time when risk is introduced, such as when the user is terminated, or the user moves to an untrusted location.   Roadmap ID:82171
  • 🆕 Microsoft Defender for Office 365: Built-In Protection – We are introducing Built-In Protection for Microsoft Defender for Office 365 to automatically elevate all users within your organization to the base level of security protection. Built-In Protection will implement a low impact version of Safe Attachments and Safe Links, removing burden on admins to configure users with recommended security settings and policies. This new preset security policy will require no admin action and will be turned on by default for all new and existing customers. As a result, customers will be automatically protected from unintentional configuration gaps in their policies and experience overall improved protection against phish and malicious message delivery to end users.    Roadmap ID:72208
  • 🆕 Microsoft Information Protection: Apply default label policies to existing documents being edited – Users with default labeling policies will now support applying that default to any supported document they edit. Previously this only applied to new documents.   Roadmap ID:88515
  • Microsoft Defender for Identity: Native “response” actions – From this release SecOps will have the ability to directly lock the Active Directory account, or to prompt for the password to be reset, meaning more direct action can be taken when a user is compromised. Up until now, when a user is confirmed as compromised in Microsoft Defender for Identity, it’s the Azure Active Directory account that is effected via a conditional access rule. Roadmap ID:82077

Release – January 2022

  • 🆕 Microsoft Information Protection: Auto-labeling policies support overwriting manual label and encrypting mail received from any organization – New and existing Exchange auto-labeling policies can be configured to apply encryption to email received from outside the organization. In addition, policies can be configured to enforce classification on any email by replacing existing manual labels that have the same or lower label priority.   Roadmap ID:85668
  • Azure Active Directory:  Azure B2B integration with OneDrive and SharePoint – The Azure B2B Integration with OneDrive and SharePoint is now generally available. This integration is currently disabled by default but can be enabled using the SharePoint Online Management Shell.  Additional changes are coming to improve the experience. Roadmap ID:81955

Release – February 2022

  • Microsoft 365 Compliance center: Advanced eDiscovery: Release of Graph APIs – Script common eDiscovery actions using the Microsoft Graph REST APIs.  APIs include, but are not limited to: Case, Custodian, Search, Review Set and Export management.  The graph APIs will first be released to the Microsoft Graph beta endpoints, and then ultimately to production in the More Information link below.  APIs will show up in preview as they are completed and available in production after most common scenarios are completed. Roadmap ID:63068

Release – March 2022

  • 🆕 Microsoft Information Protection: Maintain label and protection when creating PDF files from Office apps – Labels and protection applied on Office documents will be persisted to the output file when converting to PDF in Word, Excel, and PowerPoint on PC, Mac, Web.   Roadmap ID:88516
  • 🆕 Microsoft Information Protection: Updated user experience for picking and seeing sensitivity labels in Office apps – Word, Excel, and PowerPoint apps provide a highly visible sensitivity label and easy-to-use interface for choosing labels. Includes label color defined in compliance portal.   Roadmap ID:88517
  • Microsoft 365 compliance center: Insider risk management – User activity reports – User activity reports allow you to examine activities for specific users for a defined time period without having to assign them temporarily or explicitly to an insider risk management policy. This is currently available in public preview.  Roadmap ID:88491


One thought on “Microsoft 365 roadmap roundup – 8th November 2021

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s