March M365 updates

Published 28 March 2023

Cyber security is a hot topic and it would be remiss of us to not jump on the bandwagon.

Forbes ‘Cybersecurity in 2022’ article reveals that cybercriminals can penetrate 93% of company networks – cyberattacks have had a 50% increase across corporations, with the education/research sector attacked 75% more in 2021 than previous years. In comparison, the health industry saw a 71% increase and attempts against government agencies have had an increase of 47%.

In 2022, the Australian Cyber Security Centre have received a cybercrime report approximately every 7 minutes. The top 10 sectors (including local, state, and federal government agencies, healthcare, and education) accounted for approximately 75% of national cyber incidents. The average ransom pay-out for Australian businesses was $1.01 million.

With this in mind, and in light of the successful cyberattacks in Australia with highly publicised attacks in the telcom, banking and medical industries, this month’s top 10 updates focus on Microsoft solutions that can help your organisation stay protected. No matter how large or small your organisation, or what industry you specialise in – cyber security should be a top priority.

1. Microsoft Intune: Introducing the Microsoft Intune Suite

What’s new?

Meet the repackaged suite of advanced endpoint management solution for Microsoft Intune that allows for an improved, together product integration between end users, your IT department, and internal security operations.

Why is this important?

Announced in April 2022, Microsoft have released this newly released bundled suite just in time as cyber security comes under scrutiny as multiple Australian organisations have been attacked. With the commitment to “continue building end-to-end value” (Microsoft, 2023), one key benefit of utilising Microsoft Intune Suite is the uniform, consistent, and singular data stream that increase your organisation’s ability to assess, manage, and mitigate potential security risks across your work-approved devices. This suite brings together Remote Help, Endpoint Privilege Management, Microsoft Tunnel for Mobile App Management, advanced endpoint analytics capabilities, third party app management, and more.

Find out more about in Microsoft’s blog here. Learn about the different Intune subscriptions here.

When is it coming?

The new suite is now generally available.

2. Microsoft Purview: additional classifiers for Communication Compliance

What’s new?

Currently available in public preview, Microsoft is rolling out six new built-in trainable classifiers for the Communication Compliance to assist you in detecting various types of organisational policy violations across all communication channels.

Why is this important?

Using machine learning and keyword matching, this insider risk solution helps minimise communication risks by helping you and your team detect, capture, and act on potentially inappropriate messages that are sent within your organisation. Communication Compliance evaluates text and image-based messages in Microsoft including Teams, Yammer, Outlook, and third-party applications like WhatsApp. It searches for potential business policy violations including inappropriate sharing of sensitive information, threatening or harassing language as well as potential regulatory violations. There are role-based access controls are built-in and end user privacy is ensured when information is stored in the audit log. Employees also have the option to report messages.

There are currently 53 pre-trained global classifiers generally available in Communication Compliance. Find more information about these classifiers here.

When is it coming?

Currently in preview, general availability rollout of this update commences mid-March with expected completion by end of April 2023.

3. Microsoft Deference for Office 365: Introducing the Post-delivery Activities Report

What’s new?

The new feature will provide you with information on all things Zero Hour Auto-Purge (ZAP). From the report, you can view messages that were initially delivered but were later moved due to a threat.

Why is this important?

Even though the number of successful Business Email Compromise (BEC) reports have “declined slightly” to 1514 according to the ACSC, the national average loss per successful BEC is $64,000 with only a small portion of this money being rightfully returned.

ZAP acts on malicious messages after delivery when it receives signals from Microsoft graph security API. After identifying a malicious Indicator of Compromise (IoC), ZAP can find all messages in user mailboxes that contain the malicious IOC. From there, it will act on the message-based specific policy action that your organisation has outline to secure your employees and their inbox. And the best bit? No additional configuration is required to enable ZAP. Read more about ZAP here.

When is it coming?

Rollout commences early March with expected completion by late March 2023.

4. Microsoft 365: Basic Authentication retiring for Office Apps

What’s new?

Microsoft will be disabling Basic Authentication from Office Apps version 2209+ by April 2023.

Why is this important?

If your organisation currently has live on-prem servers (excluding Exchange Online and Exchange on-premises but deprecation will run soon), this update will affect you – you are strongly urged to enable multi-factor authentication. Microsoft has decided to deprecate this legacy authentication method in favour of its Modern Authentication.

Once the retirement has been completely rolled out, employees will be blocked from accessing information so it is essential to understand whether is will affect you by reading more here. If you’re on Exchange Online/Exchange on-prem, read more here.

When is it coming?

Retirement commenced at the beginning of this year with expected completion by late April 2023.

5. Azure Active Directory: Introducing the System preferred MFA method

What’s new?

This feature will allow Microsoft to decide and prompt which among the user’s registered methods should be prompted for second MFA.

Why is this important?

System-preferred MFA will prompt employees to sign-in their organisation’s tenant by using the most secure multi-factor authentication (MFA) method. With this feature, tenant Admins will be able to improve sign-in security and discourage less secure sign-in methods.

Note that this feature will be off by default for public preview – enable it by consenting to the ‘Policy.ReadWrite.AuthenticationMethod’ API in Microsoft Graph. However, once this feature is generally available, it will automatically be enabled. Learn what it means for the feature to by Microsoft managed here.

When is it coming?

Public preview rollout commenced 1 March 2023 with expected completion at the end of the month. General availability will roll out from April and expected to be fully rolled out (and automatically enabled) by July 2023.

6. Microsoft Teams: Explicit Recording Consent

What’s new?

Individual participant consent will be required when a Teams meeting is recorded.

Why is this important?

With this feature, a meeting participant’s audio, video, and screenshare/content-share will be disabled until they provide their consent when a meeting is being recorded. If they don’t provide their consent, the above features will not be captured in the meeting recording.

Explicit Recording Consent is off by default and is an IT admin policy-controlled feature. Admins can choose to enable the feature via PowerShell either for the entire tenant or for specific individuals based on their business needs.

Note: When the policy is applied, Teams meetings set up by these individuals will request explicit consent from all participants to be recorded.

There are four dependencies and limitations when enabling this feature:

1. The feature relies on Attendance Report; for customers who have disabled the Attendance Report, end users will not be able to enable their mic, camera, or screensharing/content-sharing when a recording is started. If you are unable to enable Attendance Report, we recommend waiting for a future update.
2. In meetings requiring explicit consent, users joining from unsupported endpoints, such as older client versions and CarPlay, will not be able to enable their mic, camera, or screenshare/content-sharing during recording.
3. Teams meeting rooms user and PSTN users can still get recording notifications as of today, but they cannot provide explicit recording consent, and their consent data will be logged as “not applicable” or “auto consent”.
4. To avoid disruptions for end-users, they should be using the most recent version of Teams.

When is it coming?

Rollout commence late March with expected completion by mid-April 2023.

7. Microsoft Endpoint Manager: Rebranding and new Url location

What’s new?

Microsoft Endpoint Manager admin center has been renamed to Microsoft Intune admin center. The new Url location is https://intune.microsoft.com.

Why is this important?

Microsoft plans to redirect the old/existing Url (https://endpoint.microsoft.com) to the new location in September 2023 however are encouraging users to move to new Url has part of the change activities for Endpoint Manager. Additional information can be found here.

When is it coming?

New URL and naming convention has taken place.

8. Microsoft Outlook: Extend Sensitivity Label to Meetings

What’s new?

This feature will provide users the capability to apply sensitivity labels to their meeting invites and protect them the same way as their email counterparts.

Why is this important?

With the increase in hybrid meetings and email-focussed cyberattacks, there has been growing concern from organisations regarding data loss that contains sensitive or even regulated data. Sensitivity labels for meetings ensures that the right level of protection and encryption is applied to a meeting. IT Admins can set default labels for all the meetings in their organisation or create labels for users to apply when they create a meeting. The meeting invite content (including the email body and its attachments) is protected through encryption based on the sensitivity label applied.

This feature will be available on Outlook Web; Outlook Win32; Outlook for Mac.

When is it coming?

Already in preview, standard rollout commences mid-March with an expected completion by mid-April 2023.

9. Microsoft SharePoint: Azure B2B Integration enabled by default

What’s new?

Are you thinking of joining the Microsoft ecosystem? Good news! From 31 March 2023, if you create a new Microsoft tenant, SharePoint and OneDrive will automatically be enabled with Azure B2B integration.

Why is this important?

Up until the end of March, IT Admins had to manually enable this integration. If it wasn’t enabled, what that meant what employees need to reshare (or manually download or migrate) any files that were previously shared with guests. Learn more about it here.

When is it coming?

Integration will be enabled by default effective 31 March 2023.

10. Microsoft Update Compliance: Deprecation of Update Compliance reports

What’s new?

Microsoft will be disabling Update Compliance reports effective 31 March 2023.

Why is this important?

If your organisation is currently using Microsoft Update Compliance, this update will affect you. Users are encouraged transition to the Windows Update for Business reports. The new report is a new experience, providing reporting for Quality updates, Feature updates, and Delivery optimisation. These features offer organisation and device-level reporting for security and feature update monitoring, as well as bandwidth savings for devices using Microsoft Connected Cache. Microsoft have provided the following email address in case you need support or assistance related to migration: wufbreportssupport@microsoft.com. Learn more about the new reporting here.

When is it coming?

Early action is recommended to prevent business disruptions.

(An exciting and positive!) Bonus.

You might have noticed that we are missing a huge component of the Microsoft 365 platform, Microsoft Viva – this is deliberate! There is just too much content to cover in ten updates. With the steady stream of new product releases, retirement plans for old products, and myriad of ‘best practice’ articles, the way forward can be confusing, daunting…and expensive. But, we know that Microsoft Viva is here to stay. That’s why we’ve started a new blog series that breaks down Viva into bite sizeable chunks – much like our monthly M365 blogs! Read our March Microsoft Viva updates blog here.

It’s no secret we are one of the best when it comes to understanding your needs and how the Microsoft platform can reconnect, reinvigorate, and strengthen employee experience. Curious to know how Microsoft Viva can fast track your organisation’s digital strategy? Contact us to see how we can help.