SharePoint Stuff

Microsoft Purview

Updates listed under this heading combines the following products: Azure Information Protection, Microsoft compliance center, Information Protection, Microsoft Defender, Microsoft Intune, Security & Compliance center and Cloud App Security:

• Launched (1)
• Rolling out (1)
• In development (30)

🍾 LAUNCHED

• Microsoft Purview | Communication Compliance Recommended policy actions – Recommended policy actions help organizations discover trends that they may not be aware of, like harassment, threats or sharing of sensitive information. Insights for sensitive information types are surfaced automatically through the existing compliance portal data classification service while insights for machine learning classifiers require an organization to have already configured a policy in Communication Compliance. Insights for both sensitive information types and machine learning classifiers are designed to help organizations holistically set up parameters for internal governance by identifying potential areas of risk and determining the type and scope of communication policies to be configured. Recommended policy actions displays the aggregate number of matches per classification type, with none of the insights containing any personally identifiable information. Roadmap ID:93195

🚂 ROLLING OUT

• Microsoft Information Protection: Microsoft Purview | Application of a “default label” to an unlabeled file uploaded to a SharePoint Online document library – With this update, all newly uploaded documents to a document library can “inherit” the configured label for the document library (if not already labeled). Roadmap ID:85621

⌛ IN DEVELOPMENT

Rollout starts – April 2023

• 🆕 Microsoft Purview compliance portal: Data Loss Prevention – Decoupling the User Notifications and Policy Tips on Exchange DLP (U.S. Government clouds) – With this update you will be able to configure policy tips and email notifications in your Microsoft Purview Data Loss Prevention (DLP) policies for Exchange Online independently for more granular control. Roadmap ID:124780
• Microsoft Defender for Office 365: 100 Admin Submission at once – With this change, Admins can submit up to 100 emails from quarantine, Threat explorer and user report to Microsoft for analysis. Roadmap ID:115509
• Microsoft Purview compliance portal: Data Lifecycle Management – Cloud attachments support file versions shared as links – Previously, cloud attachments worked only for links shared using the attachments button in Outlook and Microsoft Teams. Now, cloud attachments will retain files shared as hyperlinks in the body of an email or Teams message. Roadmap ID:106098
• Microsoft Purview compliance portal:  eDiscovery Premium – Collections progress, statistics, and workflow enhancements (GCC, GCC-High) – Now eDiscovery admins can understand the progress of Collections, statistics on what content contributed to changes between estimated items with hits and actual collected items, as well as commit the collection directly from the estimate without navigating through the entire collection wizard. Roadmap ID:93381
• Microsoft Defender for Office 365: Within 4 hours option for notifications – We are adding a new Within 4 hours option to end user notifications, allowing users to be able to rely on prompt notification about quarantined items when appropriate.  With this feature users can be rest assured that they will be updated frequently once new items lands on their quarantine folder. Roadmap ID:93304
• Microsoft Purview compliance portal:  eDiscovery (Premium) – Discover only the document version that has been shared – Many customers often consider shared documents or cloud attachments as a form of communication, and therefore are required to preserve and make that content discoverable. While end users benefit from quickly sharing files for visibility and collaboration, this practice has been challenging for eDiscovery and legal professionals. To help customers efficiently meet their regulatory obligations for discovery, eDiscovery (Premium) plans to support the ability to discover the version of the document at the time that it was shared. This helps ensure that the correct document information is available to eDiscovery processes. Roadmap ID:70718
• Microsoft Purview compliance portal:  Data Lifecycle Management – Auto-labeling of cloud attachments – This update enables organizations to automatically apply retention labels to the version of files shared as cloud attachments, which are live links of SharePoint or OneDrive content that can be shared via emails or Teams messages. Roadmap ID:70580

Rollout starts – May 2023

• 🆕 Microsoft Purview compliance portal: Insider Risk Management – User management Start/Stop scoring users (U.S. Government clouds) – The “Start scoring activity for users” feature will move from the Users page to the Policies page. Admins can use “Start scoring activity for users” on the Policies tab to manually add a user (or users) to one or more insider risk policies for a specific amount of time, to start assigning risk scores to their activity without a detected indicator. Roadmap ID:124778
• 🆕 Microsoft Purview compliance portal: Information Protection – Extend sensitivity labels to meetings (U.S. Government clouds) – Extend sensitivity labels to Outlook appointments, invites, and Teams online meetings. Roadmap ID:117507
• 🆕 Microsoft Purview compliance portal: Data Lifecycle Management: New retention actions in Power Automate integration – We will release additional retention actions as part of the Power Automate integration with Microsoft Purview Records Management. You can now relabel a file or an email at the end of its retention period or apply a retention label to a file in SharePoint. You can also delete items in SharePoint, OneDrive, or Exchange with all executed retention actions recorded in the Microsoft Purview Audit log. Roadmap ID:117424

Rollout starts – June 2023

• 🆕 Microsoft Purview compliance portal: Data Loss Prevention – Apply Purview Message Encryption branding with DLP policy – Purview Messaging Encryption supports customized branding templates for encrypted mail sent to external recipients. The functionality is being brought to Data Loss Prevention from Exchange mail flow rule. In addition, DLP policies provide additional configuration to control whether Microsoft 365 external recipients will be able to view the encrypted mail inline using Outlook or the encrypted portal experience.  Roadmap ID:117489
• 🆕 Microsoft Purview compliance portal: Audit Search Graph API – Microsoft Graph offers a unified API endpoint for accessing data from multiple Microsoft cloud services in a single response. This feature allows our customers to programmatically access the new async Audit Search experience, which also provides improved reliability and search completeness, through Microsoft Graph API. Roadmap ID:117587
• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Alert triage experience (U.S. Government clouds) – This update introduces various improvements to the alert triage experience to accelerate time to action, including the ability to further drill into detected sequences within activity explorer, new alert filtering capabilities, and an enhanced user activity timeline view with a richer alert history. Roadmap ID:117601
• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Alert triage improvements – user context during alert review – While reviewing an alert, analysts and investigators can quickly reference more user context details, such as the detected event and the activities that generated the alert. These additional details can provide context that may be relevant to determining if an alert should be escalated for further investigation. Roadmap ID:117602
• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Cumulative exfiltration detection – Cumulative exfiltration detection helps identify data exfiltration risks when a user’s exfiltration activities across all egress channels over the past 30 days exceed organization or peer group norms. A risk score is assigned if the user’s cumulative exfiltration activity is unusual compared with others within the same organization or with the same role. Roadmap ID:117603
• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Enhancements to sequences for unallowed and allowed domains – With this update, sequence detection in Insider Risk Management will recognize both allowed and unallowed domains. Sequences that involve allowed domains will be excluded from being scored, and sequences that involve unallowed domains will receive higher risk scores. With this update, sequence detection in Insider Risk Management will recognize both allowed and unallowed domains. Sequences that involve allowed domains will be excluded from being scored, and sequences that involve unallowed domains will receive higher risk scores.Roadmap ID:117604
• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Enhanced alert experience – This update introduces enhancements to the alert overview page to provide explanation of why an alert was generated and to improve the ability to review the riskiest user activities in an alert. Roadmap ID:117605
• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Physical access indicators and connectors (U.S. Government clouds) – This feature allows admins to define priority physical assets. With priority physical assets enabled and the physical badging data connector configured, Insider Risk Management can correlate signals from an organization’s physical control and access systems with other user activities to help make more informed response decisions for alerts. Roadmap ID:117607
• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Policy customization from alert review experience – This feature allows admins to customize an Insider Risk Management policy and adjust policy thresholds from within the alert review experience instead of going through the policy configuration wizard, so customization decisions can be made in the context of alert review activities. Roadmap ID:117608
• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Sequence-as-a-policy trigger (U.S. Government clouds) – Admins can customize data leak policies to be detected when a user performs a sequence. For example, if admins select a sequence (such as download from Microsoft 365 location, obfuscate, exfiltrate, then delete), users who perform the sequence of activities will trigger the policy and the alert will show up in Insider Risk Management. Roadmap ID:124772
• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Sequences policy configuration enhancements – With this enhancement, admins can now select sequences in data leak and data theft policies without the requirement to select underlying individual indicators. This will allow admins to create more targeted policies with improved alert signals. Roadmap ID:124775
• 🆕 Microsoft Purview compliance portal: Data Loss Prevention – apply protection at the time of egress on endpoints – Extend protection to cold/unclassified files on endpoint devices by just-in-time protection at the time of egress. Roadmap ID:117493
• 🆕 Microsoft Defender for Office 365: Teams Security  – Microsoft Defender for Office 365 will provide protection and enhanced security operations (SecOps) experience for Microsoft Teams. These protection capabilities will include automatic remediation of malicious entities and support for end user reporting. In addition, Microsoft Teams specific attack insights will be included in the unified investigation and response experience in the Microsoft 365 Defender portal, for an optimized SecOps experience.   Roadmap ID:117595

Rollout starts – July 2023

• 🆕 Microsoft Purview compliance portal: Insider Risk Management – OCR support in Insider Risk Management – With this update, Insider Risk Management will support the scanning technique of Optical Character Recognition (OCR) to detect potentially risky activities that may lead to data security incidents related to images in SharePoint, Teams messages, and endpoints. Roadmap ID:117606
• 🆕 Microsoft Purview compliance portal: Data Loss Prevention – Optical character recognition (OCR) support for endpoint – With this update, you will be able to detect and protect sensitive content in images and subsequently apply DLP policies to prevent the exfiltration of that sensitive data on your Windows endpoint devices. This release supports key file types like JPG, JPEG, PNG, TIFF, BMP, and PDF (image only). Roadmap ID:106092

Rollout starts – September 2023

• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Saved views in activity explorer – During an alert investigation, analysts usually use various filters and columns in activity explorer to understand the risk activities that may lead to potential data security incidents. With this update, an Insider Risk Management analyst can quickly use a previously configured combination of filters and columns with one click. This can help analysts efficiently work through recurring activities without manually setting up filters every time. Roadmap ID:117609
• Microsoft Purview | Communication Compliance: Reporting improvements – Improvements in the message details reporting interface will help make it easier to create and download reports for specific users under scope of a policy, including number of alerts generated and remediation actions taken within a specified date range. Roadmap ID:98187

Rollout starts – February 2024

• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Static alert and case IDs – Insider Risk Management will provide static alert and case IDs to help admins track and communicate investigation progress with colleagues more easily. Roadmap ID:124777
• 🆕 Microsoft Purview compliance portal: Insider Risk Management – Granular exclusion – Granular exclusion allows admins to adjust and fine tune indicators according to organizational preferences to help tailor the detection of risks that may lead to a potential security incident. For example, admins can configure the indicator “sending email with attachments to recipients outside the organization” to only detect emails sent to personal domains (e.g., outlook.com). In that way, admins can reduce the number of false positives. Roadmap ID:124779

---