Category: Office 365

News Informatique

Update to Quarantine retention period for Malware detections

Given feedback from customer on the need for an additional time to triage the emails or files that were quarantined as result of potential malware, Microsoft is increasing the retention period from 15 days to 30 days. When this will happen Standard Release: will begin rolling this out by end of July and expect to …

Upcoming behavior change to the “DoNotRewrite” List

With the deployment of the Tenant Allow/Block List, as being the single source of truth for Tenant Allows, other mechanisms for Tenant Allows are being removed. This will give SecOps teams one place to manage all Tenant Allows. Today, “DoNotRewrite” list is used to Skip wrapping URLs Detonation(SONAR) Verdicts. The intended purpose of “DoNotRewrite” is …

Change to soft-deleted period for inactive mailboxes

When all holds and retention policies are removed from an inactive mailbox, it becomes soft-deleted and remains in Exchange for a period of time to allow for recovery before permanent deletion. Based on customer feedback, and to maintain consistency with other solutions, Microsoft will be changing this period to 30 days (from current 183 days). …

[MDO] Password protected download of quarantined messages

With this change Microsoft is giving the ability to password protects items they download from quarantine. Microsoft wants users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools. When this …

Custom organization branding for quarantine notification

Microsoft will be adding capabilities to making it possible for Security Operations (SecOps) to customize end user quarantine notifications with their respective organization sender address and custom subject. When this will happen: Standard: will begin rolling out in late August and is expected to be complete by early September. Government: will begin rolling out in …

MDO – Introducing differentiated protection for priority accounts [General Availability]

The April 13, Microsoft announced general availability of differentiated protection for priority accounts, people like executives, leaders, managers, or other users who have access to sensitive, proprietary, or high priority information. With this release, users tagged as priority accounts will receive a higher level of protection against threats. Licences The Priority account protection feature is …

[MDO] Some cmdlets will be retired in May 2022

Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail will be retired Microsoft will be retiring the Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail cmdlet from Microsoft Defender for Office 365. Instead, Microsoft recommends the use of the Get-ContentMalwareMdoAggregateReport | Get-ContentMalwareMdoDetailReport cmdlet. Key points Timing: retirement will begin in early May and is expected to complete by mid-May Action: review and transition to the Get-ContentMalwareMdoAggregateReport …

Information barriers – management experience in Microsoft 365 compliance center [Public Preview]

Coming to public preview, you will soon see an updated user experience in the Information barriers solution within the Microsoft 365 compliance center. This update includes new landing pages for Segments and Policies. When this will happen: Rollout will begin in late November and is expected to be complete by late December. How this will affect …

New Conditions in Teams DLP [Public Preview]

Microsoft announced the public preview for 4 new conditions in Teams Data Loss Prevention(DLP) available through the Microsoft 365 Compliance Center.  These 4 conditions have already been available for Exchange DLP and are now available for Teams : Sender is  Recipient is  Sender domain is  Recipient domain is  With the availability of these conditions, customers can extend their existing Exchange policies to …

[MDO] Investigation updates for improved email threats and actions

Microsoft is improving Automated Investigation and Response (AIR) from Defender for Office365 The rollout of the updated email clustering will begin today, June 21st. Investigations will now only queue actions for approval when malicious emails are still in the mailbox (by using latest delivery location instead of original). Investigations only queue actions for malware or …

Microsoft Defender for Office 365: Introducing Advanced Delivery for Phishing Simulations and SecOps Mailboxes

Microsoft is introducing a new capability, Advanced Delivery, for the configuration of third-party phishing simulation campaigns and delivery of messages to security operations (SecOps) mailboxes. Admins will now be able to explicitly configure for the following scenarios and ensure messages configured as part of these scenarios are handled correctly across product experiences: Third-Party Phish simulation …

Microsoft Graph privacy controls to fully replace the classic Office Delve control in May

In August 2020, Microsoft announced that Microsoft Graph privacy controls would be available in the fourth quarter. These Microsoft Graph privacy controls allow administrators to more granularly configure the visibility of Graph-derived insights which includes documents and sites across Microsoft 365 apps and services. Microsoft also announced a six-month transition period before the new controls …

License check for Advanced eDiscovery

Starting April 16, 2021, all customers using Advanced eDiscovery must have the appropriate licensing in order to continue creating new cases in the solution.  You have to maintain an Advanced Compliance or E5 license. Key points: Timing: We will begin rolling this April 16, 2021 Action: review and ensure you have the appropriate licensing How …

New Endpoint DLP features [Public Preview]

Prerequisites Licensing Microsoft 365 E5 Microsoft 365 A5 (EDU) Microsoft 365 E5 compliance Microsoft 365 A5 compliance Microsoft 365 E5 information protection and governance Microsoft 365 A5 information protection and governance Hardware/software Your devices must be running Windows 10 x64 build 1809 or later. The device must have Antimalware Client Version is 4.18.2101.9 or later …

New features on ATP Safelinks

Microsoft add two new feature on ATP Safe Links : Display the organization branding on notification and warning pages Use custom notification ATP Safe Links branding is now rolling out for you! Check out your ATP Safe Links policy.

Teams DLP Playbook – Release

This document provides an overview of how enterprise customers can deploy Microsoft Teams-DLP for protecting sensitive information that is traversing with-in or outside of the organization. Unified DLP has integration with multiple workloads that help to protect customer data with a single policy. Teams-DLP is one of the workloads within the Unified-DLP console. This guide …

Publisher verification and app consent policies [General Availability]

With usage of cloud apps and the remote work, attackers leverage application-based attacks, such as consent phishing. Indeed, they try to to gain unwarranted access to valuable data in cloud services. General availability of publisher verification At the beginning of this month, Microsoft announced that publisher verification was generally available. This capability allows developers to add a …

Migrating from Exchange Transport Rules to Unified DLP

Microsoft shared a document that provides an overview of how enterprise customers can migrate their existing Exchange Transport Rules to Unified DLP portal. It walks through the different stages of migration and shows the effectiveness of the unified DLP portal as a single place to define all aspects of your DLP strategy. In summary, this …

Microsoft Endpoint Data Loss Prevention [Public Preview]

In order to accelerate the deployment of a comprehensive information protection strategy, Microsoft announcedb the public preview of Microsoft Endpoint Data Loss Prevention (DLP). Microsoft Information Protection (MIP) is a solution that understands and classifies data, keeps it protected, and prevents data loss across M365 apps, M365 services, third-party SaaS applications… Endpoint DLP now extends …

Office 365 ATP connector for Azure Sentinel [Public Preview]

Nice to see the Office 365 Advanced Threat Protection connector for Azure Sentinel ! Description Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Office 365 ATP alerts into Azure Sentinel, you can incorporate information about email- and URL-based threats into …