Microsoft 365 roadmap roundup – 5th September 2022

Use the links below to switch between each product’s roadmap updates:

Microsoft Information Protection

Microsoft Information Protection

Updates listed under this heading combines the following products: Azure Information Protection, Microsoft compliance center, Information Protection, Microsoft Defender, Microsoft Intune, Security & Compliance center and Cloud App Security:

  • Launched (3)
  • Rolling out (1)
  • In development (12)


  • Microsoft Defender for Office 365: Updates to the common attachment filter in the anti-malware policy – We are enhancing the common attachments filter (Anti-malware policy) to expand list of available file types and also manage custom file types in the portal. Roadmap ID:85611
  • Microsoft Defender for Office 365: Recipient Block using Tenant Allow/Block List Senders – Today the Tenant Allow Block List is used to prevent users from receiving email from select senders. However, users are still able to send emails to that same address or domain. With this new feature, the Tenant Allow Block List will be extended to prevent users from sending emails to addresses and domains that are added to the Allow/Block list. Roadmap ID:93363
  • Microsoft Defender for Office 365: Investigations triggered by manual actions – In order to provide the most accurate information in the Action center, we’re making a change that creates an investigation when manual actions are taken by admins. As we converge to the portal, this will ensure that all actions are shown in the converged action center. This Roadmap Item has been updated to align with new and updated timeline. Roadmap ID:70555


  • Microsoft 365 compliance center: Microsoft Purview | Data Lifecycle Management – Optimized behavior of deleted files with multiple versions in SharePoint (U.S. Government clouds)  – SharePoint Online items with multiple versions and a retention label now move to the Preservation Hold Library as a single file containing all versions when deleted.  Roadmap ID:93420


Release – September 2022

  • 🆕 Microsoft Defender for Office 365: URL and attachment allow & block via submissions for government clouds – In government clouds, we honor the data residency commitments aligned with these environments. As a result, submissions are not sent to Microsoft. Admins can still create allow or block rules in the tenant allow/block list for emails via admin email submission. With this change, customers in our government cloud environments will be able to create allow and block entries for URLs and attachments in the Tenant allow block list via admin URL and email attachment submission. The data submitted via the submissions experience will not leave the customer tenant just as is standard for admin email submissions. Roadmap ID:98132
  • 🆕 Microsoft Defender for Office 365: Automatic management of allow expiration for Tenant allow block list – Allows in the tenant allow block list typically expire after 30 days, meaning legitimate email can continue to be blocked. With this change, Microsoft will automatically extend or remove allow rules based on an assessment of the particular entity. Roadmap ID:98134
  • 🆕 Microsoft Defender for Office 365: Tenant blocks via admin submission – Security teams can now block sender email addresses, domains, URLs and email attachments while making admin submission for email, URL and file attachment respectively. Roadmap ID:98920
  • Microsoft 365 compliance center: Microsoft Purview | Endpoint DLP – Restrict egress activities when accessing sensitive websites in Microsoft Edge  – This capability allows restricting common egress activities as users navigate protected sites or access sensitive content via Microsoft Edge. With this new capability, organizations will be able to designate groups of protected sites and apply different restrictions; and monitor or restrict common egress activities when users visit protected sites with audit, block, and block override controls. Roadmap ID:93415
  • Microsoft Defender for Office 365: ZAP (zero-hour auto purge) alert enhancements – We are enhancing the successful ZAP (zero-hour auto purge) alert and introducing a new ZAP failure alert.   Roadmap ID:93206
  • Microsoft 365 compliance center: Microsoft Purview | Data loss prevention (DLP) support for trainable classifiers – Trainable classifiers can be added as a condition for data loss prevention (DLP) policies, and enhanced templates and default policies will leverage trainable classifiers. Additionally, classifier-related information and alerts will appear within Activity explorer. Roadmap ID:88937
  • Microsoft Information Protection: Microsoft Purview | Maintain label and protection when creating PDF files from Office apps – Labels and protection applied on Office documents will be persisted to the output file when converting to PDF in Word, Excel, and PowerPoint on PC.  Roadmap ID:88516

Release – October 2022

  • Microsoft Information Protection: Microsoft Purview | New Credential SITs – The addition of new Credential Sensitive Information Types (SITs) will allow your company to detect individual credential patterns (access keys, tokens, general passwords, etc.). Additionally, we will be offering a SIT which bundles all individual credential types for more holistic detection. Roadmap ID:88941
  • Microsoft 365 compliance center: Microsoft Purview | Endpoint DLP – Advanced classification scanning and protection (U.S. Government clouds) – Advanced classification scanning and protection allows the Microsoft 365 cloud-based data classification service to scan items, classify them, and return the results to the endpoint device. This enables admins to include more advanced classification techniques, such as exact data match, into data loss prevention policies. Admins will also have the flexibility to set a per-device bandwidth limit for a 24-hour period to regulate bandwidth usage.  Roadmap ID:93275

Release – November 2022

  • 🆕 Microsoft Defender for Identity: User page enhancements in Microsoft 365 Defender – The user page in Microsoft 365 Defender will be subject to a number of enhancements that will provide SecOps with a richer experience when viewing identity information in Microsoft 365 Defender. These include structure alignment to follow other entity pages in Microsoft 365 Defender, new side pane options like Location, Devices, Groups and Alerts, and clearer descriptions of user data on the main view, ensuring quicker identification of any given identity at a glance. Roadmap ID:98922  
  • Microsoft Purview compliance portal: Microsoft Priva for U.S. Government clouds – Microsoft Priva will be generally available to GCC, GCC High, and DoD customers. Currently, Microsoft Priva provides two products: Priva Privacy Risk Management helps organizations build a privacy-resilient workplace by identifying personal data and critical privacy risks around it, automating risk mitigation to prevent privacy incidents, and empowering employees to make smart data handling decisions. Priva Subject Rights Requests helps organizations manage requests at scale with the ability to automate data discovery and conflict detection, collaborate in a secure and efficient way, review and redact files in their native views, and integrate with in-house or partner-built privacy solutions. Roadmap ID:93263

Release – December 2022

  • 🆕 Microsoft Defender for Identity: User activity timeline in Microsoft 365 Defender – Using the activity timeline from the Microsoft Defender for Identity portal as inspiration, this release will provide a dedicated tab on the user page in Microsoft 365 Defender that contains a full user activity timeline, detailing all activities and alerts from relevant workloads, associate dot that identity. Roadmap ID:98921

    Leave a Reply

    Fill in your details below or click an icon to log in: Logo

    You are commenting using your account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Connecting to %s