Office 365 | Thibault Chatiron

Microsoft Defender for Office 365: DMARC Policy Handling

In order to better protect our customers from exact domain spoofing attacks and improve deliverability of email, Microsoft is making changes to how we handle DMARC p=reject and p=quarantine. For the enterprise customers, Microsoft is making updates to how DMARC policy-based reject can be handled. This change will help Security Administrators be able to choose …

Microsoft Purview compliance portal: PDF files encrypted with sensitivity label can be searched and eDiscovered

Public preview alert. We have started rolling out support for labeled PDF files in SharePoint Online. SharePoint now supports search, eDiscovery, DLP for sensitivity label encrypted PDFs. The sensitivity column will start showing the label names for newly uploaded PDF files. When this will happen: Preview: This rollout is underway and expected to complete by …

Reminder: Microsoft Defender for Office Empowers End Users to Report Suspicious Messages in Microsoft Teams

The ability for Microsoft Teams users to report internalchats, channels and meeting conversations within Teams as a security risk will be turned ON by default. Security risk messages could include ones that contain phishing or spam or malicious content, such as phishing URL or malware file, spam content. To learn how end users can report, …

Use double-key encryption to protect your most sensitive files and emails in Microsoft 365 Apps

To protect your most sensitive content, users of Microsoft 365 Apps can now use Double Key Encryption (DKE) for files and emails using the built-in labeling client. With DKE, Microsoft stores one key in Microsoft Azure and you hold the other key, ensuring that only you can ever decrypt protected content, under all circumstances. Sensitivity labels configured …

OneDrive Sync Account Detection

In the past Windows Business users could add a consumer account to Windows to use within various apps. Users could use this Consumer account to configure syncing their OneDrive consumer files via the OneDrive sync client. This summer the OneDrive Sync client will start prompting Business users if they’d like to sync their Consumer files …

Update your custom detections to leverage new ActionTypes in DeviceNetworkEvents

On July 18, 2023, Microsoft will be retiring a subset of signatures found in the “NetworkSignaturesInspected” action type of Advanced Hunting. With the recent integration of Zeek providing advanced protocol parsing capabilities, which result in better visibility into full network sessions compared to the raw packet bytes found in the “NetworkSignaturesInspected” action type of Advanced …

Microsoft Teams: Set your Work Hours and Location

Set your work location for the day in Microsoft Teams so your team can learn about your availability for in-office and remote collaboration. When this will happen: Targeted Release and Preview: Microsoft has begun rollout and expect to complete rollout by late May. Standard Release: Microsoft expect to complete rollout by early August. How this …

Deploy new Microsoft Teams with Microsoft 365 apps

Starting in September 2023, Microsoft will begin including new Microsoft Teams as part of the new and existing installations of Microsoft 365 apps for Windows depending on the schedule provided in this post. Currently, users can install the new Teams by using the Try the new Teams toggle switch in classic Teams or having administrators …

Microsoft Defender for Office 365: Upcoming Changes to Intra-Org Messages

Microsoft will be updating the way intra-organizational SCL ratings are assigned for intra-organizational messages. When this will happen: Changes to logging intra-organizational messages will begin rolling out in early April and is expected to be complete by late June. How this will affect your organization: All intra-organizational messages are currently marked with SCL -1 (bypass …

Microsoft Purview Data Loss Prevention – DLP Policy tips revamp for Outlook for Windows

When this will happen: Rollout to Current Channel (preview) will begin in mid-March (previously early March) and is expected to be complete by early April (previously mid-March). Rollout to Current Channel will begin in early May (previously early April) and is expected to be complete by mid-May (previously late April). How this will affect your …

Customize login pages in Attack Simulation Training

Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan. As per the previous experience, users were directed to the Microsoft curated credential harvest login …

Cross-tenant User Data Migration [General Availability]

Historically, admins that needed to move mailboxes between Microsoft 365 tenants were required to export or offboard the mailbox to on-premises and then import or onboard the mailbox to a new tenant. Today, Microsoft is thrilled to announce that cross-tenant user data migration is now generally available. Specifically, the cross-tenant mailbox migration and cross-tenant OneDrive migration features previously in …

Update to Quarantine retention period for Malware detections

Given feedback from customer on the need for an additional time to triage the emails or files that were quarantined as result of potential malware, Microsoft is increasing the retention period from 15 days to 30 days. When this will happen Standard Release: will begin rolling this out by end of July and expect to …

Upcoming behavior change to the “DoNotRewrite” List

With the deployment of the Tenant Allow/Block List, as being the single source of truth for Tenant Allows, other mechanisms for Tenant Allows are being removed. This will give SecOps teams one place to manage all Tenant Allows. Today, “DoNotRewrite” list is used to Skip wrapping URLs Detonation(SONAR) Verdicts. The intended purpose of “DoNotRewrite” is …

Change to soft-deleted period for inactive mailboxes

When all holds and retention policies are removed from an inactive mailbox, it becomes soft-deleted and remains in Exchange for a period of time to allow for recovery before permanent deletion. Based on customer feedback, and to maintain consistency with other solutions, Microsoft will be changing this period to 30 days (from current 183 days). …

[MDO] Password protected download of quarantined messages

With this change Microsoft is giving the ability to password protects items they download from quarantine. Microsoft wants users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools. When this …

Custom organization branding for quarantine notification

Microsoft will be adding capabilities to making it possible for Security Operations (SecOps) to customize end user quarantine notifications with their respective organization sender address and custom subject. When this will happen: Standard: will begin rolling out in late August and is expected to be complete by early September. Government: will begin rolling out in …

MDO – Introducing differentiated protection for priority accounts [General Availability]

The April 13, Microsoft announced general availability of differentiated protection for priority accounts, people like executives, leaders, managers, or other users who have access to sensitive, proprietary, or high priority information. With this release, users tagged as priority accounts will receive a higher level of protection against threats. Licences The Priority account protection feature is …

[MDO] Some cmdlets will be retired in May 2022

Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail will be retired Microsoft will be retiring the Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail cmdlet from Microsoft Defender for Office 365. Instead, Microsoft recommends the use of the Get-ContentMalwareMdoAggregateReport | Get-ContentMalwareMdoDetailReport cmdlet. Key points Timing: retirement will begin in early May and is expected to complete by mid-May Action: review and transition to the Get-ContentMalwareMdoAggregateReport …

Information barriers – management experience in Microsoft 365 compliance center [Public Preview]

Coming to public preview, you will soon see an updated user experience in the Information barriers solution within the Microsoft 365 compliance center. This update includes new landing pages for Segments and Policies. When this will happen: Rollout will begin in late November and is expected to be complete by late December. How this will affect …

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
_clck	1 year	No description
_clsk	1 day	No description
ApplicationGatewayAffinityCORS	session	No description available.
CLID	1 year	No description
GoogleAdServingTest	session	No description
LiSESSIONID	session	No description available.
LithiumUserInfo	past	No description
LithiumUserSecure	past	No description
LithiumVisitor	1 year	No description available.
original_req_url	past	No description
SM	session	No description available.
SRM_B	1 year 24 days	No description available.

Category: Office 365

Microsoft Defender for Office 365: DMARC Policy Handling

Microsoft Purview compliance portal: PDF files encrypted with sensitivity label can be searched and eDiscovered

Reminder: Microsoft Defender for Office Empowers End Users to Report Suspicious Messages in Microsoft Teams

Use double-key encryption to protect your most sensitive files and emails in Microsoft 365 Apps

OneDrive Sync Account Detection

Update your custom detections to leverage new ActionTypes in DeviceNetworkEvents

Microsoft Teams: Set your Work Hours and Location

Deploy new Microsoft Teams with Microsoft 365 apps

Microsoft Defender for Office 365: Upcoming Changes to Intra-Org Messages

Microsoft Purview Data Loss Prevention – DLP Policy tips revamp for Outlook for Windows

Customize login pages in Attack Simulation Training

Cross-tenant User Data Migration [General Availability]

Update to Quarantine retention period for Malware detections

Upcoming behavior change to the “DoNotRewrite” List

Change to soft-deleted period for inactive mailboxes

[MDO] Password protected download of quarantined messages

Custom organization branding for quarantine notification

MDO – Introducing differentiated protection for priority accounts [General Availability]

[MDO] Some cmdlets will be retired in May 2022

Information barriers – management experience in Microsoft 365 compliance center [Public Preview]

Thibault CHÂTIRON

Follow Blog via Email

Recent Posts

Categories

Archives