Microsoft 365 roadmap roundup – 6th December 2021

Use these buttons to switch between each product’s roadmap updates.

Microsoft Information Protection

Updates listed under this heading combines the following products: Azure Information Protection, 365 compliance center, Information Protection, Office 365 Advanced Threat Protection, Microsoft Defender, Microsoft Intune, Office 365 Data Loss Prevention and Security and Compliance center.

  • Launched (15)
  • Rolling out (6)
  • In development (43)

🍾 LAUNCHED

  • Microsoft 365 compliance center: Communication Compliance – Additional classifier language support – To expand the ability to detect policy violations in communications beyond English, French, Spanish, German, Portuguese, Italian, Japanese, and Chinese, Communication Compliance built-in classifiers (threat, harassment, and profanity) now support these additional four languages: Arabic, Dutch, Korean, and Chinese Traditional. Feature ID:85653
  • Microsoft 365 compliance center: Communication Compliance cross-tenant classifier feedback – Currently available in public preview, cross-tenant feedback enables customers to provide feedback on messages that were misclassified (such as false positives) by a Communication Compliance policy leveraging any of the classifiers. Feature ID:85655
  • Microsoft 365 compliance center: Insider risk management –  Device indicators – These include policy indicators for activities such as sharing files over the network or with devices. This is currently available in public preview. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to ensure user-level privacy. Feature ID:88490
  • Microsoft 365 compliance center: Insider risk management –  Native triggers for Azure AD account deletion – Automatically detect user account deletion in Azure Active Directory for your organization to start scoring for risk indicators in the Data theft by departing users policy template. This is currently available in public preview. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to ensure user-level privacy. Feature ID:88492
  • Microsoft Information Protection: Co-authoring on encrypted documents – Multiple authors can edit labeled and protected documents in Word, Excel, and PowerPoint simultaneously, frictionlessly, and with auto-save, as if they were regular documents. Feature ID:82113
  • Microsoft 365 compliance center: Insider Risk Management analytics – The Microsoft 365 Insider Risk Management solution will now provide aggregated and anonymized analytics to help identify potential insider risk activity within the organization. This is currently available in public preview. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to ensure user-level privacy. Feature ID:88528
  • Microsoft Information Protection: Power BI sensitivity label data in Activity Explorer – Power BI will now send sensitivity label activity data to Activity Explorer for admins to search and review along with the rest of the Microsoft Information Protection (MIP), Azure Information Protection (AIP), and Data Loss Prevention (DLP) data sets from native Office apps and other cloud resources. Feature ID:85685
  • Microsoft 365 compliance center: Insider risk management – File exfiltration signals from Edge or Chrome browsers – This allows your organization to detect and act on browser exfiltration signals for all non-executable files viewed in Microsoft Edge and Google Chrome browsers. This is currently available in public preview. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:88484
  • Microsoft 365 compliance center: Insider risk management – Policy health status – The policy health status gives you insights into any potential issues with your insider risk management policies. This is currently available in public preview. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:88485
  • Microsoft 365 compliance center: Insider risk management – “Watch the watchers” audit trail – The insider risk management audit log enables you to stay informed on the actions that were taken on insider risk management features. This is currently available in public preview. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:88486
  • Microsoft 365 compliance center: Insider risk management – Intelligent detections: Domain settings – You can specify domains in global settings which helps you to increase or decrease the risk scoring for activity that takes place with these domains. Additionally, you can use wildcards to help match variations of root domains or subdomains. This is currently available in public preview. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:88487
  • Microsoft 365 compliance center: Insider risk management –  Policy customization – You can now customize the thresholds for the policy indicators that influence an activity’s risk score, which in turn determines whether an alert’s severity is low, medium, or high. This is currently available in public preview. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:88488
  • Microsoft 365 compliance center: Insider risk management –  Enhancements to content explorer – The Microsoft 365 Insider risk management solution will have an improved performance and experience within the content explorer, including transparency of document loads and completeness. This is currently available in public preview. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:88489
  • Microsoft Compliance center: Ability to export Insider Risk Management alerts – Insider risk management alert information is exportable to security information and event management (SIEM) services via the Office 365 Management Activity API schema. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:82127
  • Microsoft 365 compliance center: Insider risk management – Integration with Microsoft Sentinel – New integration with Microsoft Sentinel provides the flexibility to collect, detect, and investigate insider risk activities within Microsoft Sentinel. This native connector allows for seamless import of alerts, which provides analysts with a single pane of glass to review alerts for insider risk in a broader organizational context. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:82151

🚂 ROLLING OUT

  • Microsoft 365 compliance center: Built-in filters in Activity explorer – We are releasing built-in filters for use within Activity explorer to allow easy access to the most used filters. Feature ID:82184
  • Microsoft 365 compliance center: Insider risk management – Healthcare connector and policy template – New healthcare policy template with built-in indicators that leverages data from Epic and other electronic medical records (EMR) solutions – using our Data Connectors – to help healthcare companies identify potential insider risks related to patient data misuse. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:82153
  • Microsoft 365 compliance center: Insider risk management – Triage and investigation improvements – Enhancements including historical insight for Exchange Online, ingest triggering events into Activity explorer. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:82142
  • Microsoft 365 compliance center: Insider risk management – Policy customization enhancements – Ability to fine-tune policies to trigger on precise exfiltration events. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:82143
  • Microsoft 365 Compliance center: Insider risk management – Guided onboarding experience: recommended actions – Recommended actions that an admin should take for a complete onboarding experience. In-product guided walkthrough on how to complete onboarding actions such as selecting indictors, setting up a policy, and how to investigate an alert. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:85576
  • Microsoft Compliance center: Information Governance: Retention label deletion behavior change in SharePoint – Improved consistency of user experience between OneDrive and SharePoint, allowing users to “delete” files labeled with a retention label configured to “retain items for a specific period” as this operation is no longer blocked with an error message. When deleted, these files will still be preserved for compliance purposes by moving a copy of them to the “Preservation Hold Library” of the site where they can be accessed by eDiscovery and other compliance solutions. Feature ID:82063

⌛ IN DEVELOPMENT

Release – December 2021

  • 🆕 Microsoft 365 compliance center: Power BI sensitivity label data in Activity Explorer (DoD) – Power BI will send sensitivity label activity data to Activity Explorer for admins to search and review along with the rest of the Microsoft Information Protection (MIP), Azure Information Protection (AIP), and Data Loss Prevention (DLP) data sets from native Office apps and other cloud resources. Feature ID:88530
  • 🆕 Microsoft Information Protection: AIP client and scanner data available in Audit and Activity explorer for Government customers – Azure Information Protection (AIP) customers can now access data in Microsoft 365 compliance center Audit logs and Activity explorer, in addition to the AIP Analytics portal. This means that all data logged via AIP client and AIP scanner can be witnessed along with the rest of the Microsoft Information Protection (MIP) and Data Loss Prevention (DLP) data sets from native Office apps and other cloud resources.  Feature ID:89777
  • 🆕 Microsoft Information Protection: Co-authoring on MIP-encrypted documents on Mobile (Preview) – Multiple authors can edit labeled and protected documents in Word, Excel, and PowerPoint simultaneously, frictionless, and with auto-save, as if they were regular documents.   Feature ID:88512
  • 🆕 Microsoft 365 compliance center: Insider risk management – Native triggers (New signals, indicator selection, customization, Activity explorer) (Preview) – You can choose to assign selected indicators as triggering events for a policy. This flexibility and customization help scope the policy to only the activities covered by the indicators. Also, you can customize thresholds for each triggering event. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security, and policy violations, and more. Feature ID:82198
  • Microsoft Defender for Office 365: Updates to Threat Explorer and Real-time Detections – We are working towards updating the user experience for Threat Explorer and Real-time detections. As part of this update, we will introduce enhancements like All Email view by Default for Explorer, toggling between chart or grid view, single click data export and more. There is no change in functionality when it comes to core experiences like filtering, export, and this is an update to the user experience. Feature ID:82192
  • Microsoft Information Protection: Extend sensitivity labels to assets in Azure with Microsoft Azure Purview – With Azure Purview, you can now extend the reach of your Microsoft Information Protection (MIP) sensitivity labels and the value from built-in sensitive information types to a much broader set of data locations and data types. Use existing sensitivity labels or create new sensitivity labels via the Microsoft 365 compliance center to extend security and compliance intent to data assets in Azure. Feature ID:85666
  • Microsoft Defender for Office 365: The Attack Simulation Training landing page is now customizable – We’re pleased to announce the availability of a new landing page experience that allows customers to easily tailor the landing page to suit the requirements of their enterprise and include their own branding. Feature ID:85642
  • Microsoft 365 compliance center: Information governance and records management: new retention engine for SharePoint Online (Government clouds) – Introduction of our new retention engine for SharePoint Online (SPO) to Government clouds, which addresses the challenges with large tenants or tenants that must process large volumes of data. This will also enhance reliability and SLAs for retention. Feature ID:85628
  • Microsoft Defender for Office 365: Updates to the common attachment filter in the anti-malware policy – We’re adding file types to the common attachment filter (default block list) of the Anti-malware policy with three new file types. Please refer to Message Center for the updated list. Feature ID:85611
  • Microsoft 365 compliance center: Communication Compliance integration with Power Automate – Communication Compliance integration with Power Automate allows organizations to configure Power Automate flows to automate tasks for Communication Compliance cases and users. Feature ID:85604
  • Microsoft 365 compliance center: Communication Compliance tagging improvements (Government clouds) – We are making tagging improvements based on feedback to improve investigation and remediation actions in Communication Compliance. We are adding column that will display the current tag applied, and we’ll provide the ability to unresolve a message so it can be triaged again by an investigator. Feature ID:85586
  • Microsoft Defender for Office 365: Enhancements to quarantine message preview – We’re changing the way users preview quarantined messages to provide additional security against embedded threats.  With this change some components in quarantined messages will be distorted and not displayed by default. To see the full contents of the message, users can choose to reveal the full message. Feature ID:82098
  • Microsoft Defender for Office 365: Updates to spam reporting – We’re working on creating consistent reporting experiences for customers, and as a result we’re deprecating the standalone spam detections report. A new Spam detections report view will now be available in the Threat Protection Status report. Feature ID:85561
  • Microsoft Defender for Office 365: Localization of end user spam notifications – We’re making it easier to send end user spam notifications to users in multiple languages. Instead of Admins choosing the specific language for quarantine notifications, spam notifications will be sent by default in the language assigned to the user’s mailbox. Feature ID:85562
  • Microsoft Defender for Office 365: Priority account filtering for quarantine – We’re including the priority account tag in the quarantine experience, allowing admins to prioritize their focus on the organization’s most targeted and most visible users. Feature ID:85563
  • Microsoft Defender for Office 365: Quarantine integration for user and admin submissions – With this change we’re giving admins the ability to allow senders for a specified period of time, right from the quarantine workflow. When releasing emails to end users, admins can now opt to remember this decision by creating an entry in the tenant allow/block list that corresponds to the indicator of compromise aligned with the message in question. Admins can now choose to allow or prevent users from submitting messages to Microsoft for analysis. Feature ID:82097
  • Microsoft Compliance center: Additional third-party data connectors (Veritas) – Use data connectors to import and archive third-party data from social media platforms, instant messaging platforms, document collaboration platforms and more, to mailboxes in your Microsoft 365 organization where you can then apply various Microsoft 365 compliance solutions to the imported data. This helps you ensure that your organization’s non-Microsoft data is in compliance with the regulations and standards that affect your organization. There are more additional connectors to come from Veritas (formerly Globanet). Feature ID:82038
  • Microsoft Cloud App Security: Cloud Access Security Broker for GCC – The Microsoft Cloud App Security (MCAS) offering for GCC is built on the Microsoft Azure Government Cloud and is designed to inter-operate with the Microsoft 365 GCC environment. Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that secures SaaS and multi-cloud solutions. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Feature ID:82037
  • Microsoft Defender for Office 365: Detonation Details for GCC and DoD environments – Detonation details will be exposed within the email entity page for malicious URLs and files which got detonated. These detonation details will contain detonation chain, summary, indicators of compromise, screenshots, and behavior details. Customers can now go through the detonation details and expand their scope of investigation. Feature ID:81991
  • Microsoft Defender for Office 365: Email entity page for GCC and DoD environments – The email entity page will contain information in parity with existing email details flyout in protection.offfice.com from Threat Explorer, along with new information regarding authentication and detections, a revamped email preview capability for cloud mailbox emails, and detonation details for related files or URLs. These updates eliminate the need to traverse multiple experiences to view email details.  The Email entity page brings a new look to your email investigations, designed to provide a 360-degree view of an email. Feature ID:81992
  • Microsoft Information Protection: Exact Data Match to support Customer Managed Key – Customers will be able to encrypt Exact Data Match (EDM) data using their own Customer Managed Key (CMK), further enhancing EDM data security. EDM content that is encrypted using the CMK includes the data file schemas, rule packages, and the salts, which are used in hashing the sensitive data being protected. Feature ID:81988
  • Microsoft Information Protection: Microsoft 365 Endpoint data loss prevention (DLP) for GCC-H and DoD – Currently available in public preview, Endpoint DLP extends the activity monitoring and protection capabilities of DLP to sensitive items that are on Windows 10 devices. Once devices are onboarded into device management, the information about what users are doing with sensitive items is made visible in activity explorer and you can enforce protective actions on those items via DLP policies. Feature ID:81974
  • Microsoft Information Protection: Microsoft 365 Endpoint data loss prevention (DLP) for GCC – Currently available in public preview, Endpoint DLP extends the activity monitoring and protection capabilities of DLP to sensitive items that are on Windows 10 devices. Once devices are onboarded into device management, the information about what users are doing with sensitive items is made visible in activity explorer and you can enforce protective actions on those items via DLP policies. Feature ID:81973
  • Microsoft 365 compliance center: Advanced Audit – Search term events in Exchange Online and SharePoint Online for DoD – Addition of Advanced Audit events that provide information on when and what a user searched for in Exchange Online and SharePoint Online. Feature ID:81969
  • Microsoft 365 compliance center: Automated testing and documentation of scored actions in Compliance Manager – Automated testing and documentation of scored actions in Compliance Manager with the ability to view or download evidence for an automatically scored action. Feature ID:72222
  • Microsoft Defender for Identity: Alert exclusion in Microsoft 365 security center – With the exclusion capability landing in Microsoft 365 security center for Defender for Identity, you can tune the alerts and filter the detections based on entities that matter to you. We are also improving the experience in the allow-list functionality, making sure you can allow entities across all detections as opposed to allowing them per detection. Feature ID:72203
  • Azure Active Directory: Access Tokens issued by Azure AD will have lifetime of 60-90 minutes – Access Tokens issued by Azure AD will have default lifetime between 60-90 minutes. Feature ID:72190
  • Microsoft Information Protection: Configure external sharing for sensitivity labels in Teams and SharePoint sites – With this update, you can set controls on external sharing while configuring a Team or site protection policy. For example you can set a very restrictive one for a Team or site labeled ‘confidential’—restricting sharing with people outside the organization or set a very relaxed one for a Team or site labeled ‘general’—allowing anyone with a link to access without requiring sign-in. Feature ID:70735
  • Microsoft 365 compliance center | Advanced eDiscovery: Discover only the document version that has been shared – Many customers often consider shared documents or cloud attachments as a form of communication, and therefore are required to preserve and make that content discoverable. While end users benefit from quickly sharing files for visibility and collaboration, this practice has been challenging for eDiscovery and legal professionals. Feature ID:70718
  • Microsoft 365 compliance center: Information barriers for GCCH and DoD – Information barriers is a compliance feature to restrict communication and collaboration between two groups to avoid a conflict of interest from occurring in your organization. Feature ID:70729
  • Microsoft Defender for Identity: Administrative functions in Microsoft 365 security center – As part of the ongoing work to improve the experience of Security Operations professionals and consolidate the functionality of multiple portals into a single space that SecOps can interact with their threat and incident data, Defender for Identity’s administrative functions will be available to view and edit within the Microsoft 365 security center. In this time frame, you can expect to see the following functions and features be made available in the Microsoft 365 security center: Defender for Identity onboarding, VPN configuration, email notifications, sensor deployment and sensor health, entity tagging and SIEM configuration. Feature ID:68886
  • Microsoft Defender for Office 365: Request Release workflow – We’ve added a way for end users to triage quarantined phish messages. We understand that managing false positives is important to ensuring email is delivered appropriately, and in the past, end users weren’t granted access to the quarantine to view messages. We’ve introduced an option to grant end users read-only access to the quarantine to view quarantined messages and request that an admin release messages to the inbox.  Feature ID:62449
  • Microsoft Defender for Office 365: Quarantine – Custom Policy and Folder – Previously, quarantine behavior was configured through each individual filtering policy. To reduce complexity, we’ve moved new and existing quarantine parameters into a standalone Quarantine policy.  Feature ID:62450
  • Microsoft Information Protection: Apply default label policies to existing documents being edited (Preview) – Users with default labeling policies will now support applying that default to any supported document they edit. Previously this only applied to new documents. Feature ID:88515

Release – January 2022

  • 🆕 Microsoft Information Protection: New roles and role groups for granular permissions management (Preview) – We’re releasing new roles and role groups to allow granular permissions to manage Information Protection and Data Loss Prevention (DLP) within the Microsoft 365 compliance center. Feature ID:88531
  • Microsoft 365 compliance center: Information governance – Adaptive retention policies – This update allows admins to create retention policies scoped to geography, department, or other user or site attribute. For example, admins can create a policy specifically for users in the UK’s human resources team by leveraging the adaptive policy scope. Feature ID:70578
  • Microsoft 365 compliance center: Information governance – Auto-labeling of cloud attachments – This update enables organizations to automatically apply retention labels to the version of files shared as cloud attachments, which are live links of SharePoint or OneDrive content that can be shared via emails or Teams messages. Feature ID:70580
  • Microsoft 365 compliance center: Communication Compliance integration with Power Automate for GCC High and DoD – Communication Compliance integration with Power Automate allows organizations to configure Power Automate flows to automate tasks for Communication Compliance cases and users. Feature ID:85606
  • Microsoft Compliance center: Information Governance: Optimized behavior of deleted files with multiple versions in SharePoint – SharePoint Online items with multiple versions and a retention label now move to the Preservation Hold Library as a single file containing all versions when deleted. Feature ID:82062

Release – February 2022

  • 🆕 Microsoft 365 compliance center: Insider Risk Management analytics for Government clouds – The Microsoft 365 Insider Risk Management solution will provide aggregated and anonymized analytics to help identify potential insider risk activity within the organization. This is currently available in public preview.  Feature ID:82129
  • 🆕 Microsoft 365 compliance center: AIP client and scanner data surfaced in Content explorer (Preview) – All files detected by the AIP_Onprem_scanner via the ‘Discover’ event will be showcased in the Content explorer under two new on-premises locations: File Share and SharePoint Server.   Feature ID:88529

Release – March 2022

  • Microsoft 365 compliance center: Insider risk management – User activity reports – User activity reports allow you to examine activities for specific users for a defined time period without having to assign them temporarily or explicitly to an insider risk management policy. This is currently available in public preview. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Feature ID:88491

Release – September 2022

  • Microsoft 365 compliance center: Communication Compliance analyze linked content from OneDrive and SharePoint online (Government clouds) – Communication compliance policies that detect violations in Microsoft Teams will now analyze the content of documents shared in chat for potential policy match. Feature ID:85587

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s