Category: Microsoft
Category Archives: Microsoft
Top Takeaways from Unlocking the Channel Opportunity: Strategies for Marketplace Success
If you missed the recent webinar on unlocking the channel opportunity strategies for marketplace success, don’t worry, we’ve got you covered! This session covered how to activate the Microsoft commercial marketplace for your go-to-market strategy and explored best practices for maximizing the marketplace opportunity, with an emphasis on collaborative selling with other partners. Here are some of the top takeaways from the presentation by Kristen Maddox and Jason Rook, from Microsoft’s marketplace team.
The cloud marketplace is a huge and growing opportunity for ISVs and partners, with an estimated value of $50 billion by 2025. Some of the drivers of this growth include the shift to modern procurement, the cost and efficiency benefits for ISVs and customers, and the ecosystem and co-selling advantages.
The marketplace helps ISVs reach every Microsoft customer, simplify sales by handling global commerce, and unlock growth by accessing the Microsoft partner and field ecosystem.
By publishing your app on the marketplace, you can expose it to millions of Microsoft customers who are looking for cloud solutions that work with Microsoft products and services.
By selling your app through the marketplace, you can leverage Microsoft’s billing and payment infrastructure, which supports over 140 markets and 17 currencies, and reduces your operational overhead and complexity.
By partnering with Microsoft, you can access the Microsoft partner ecosystem, which consists of over 400,000 partners who can resell, co-sell, or integrate your app with their solutions. You can also access the Microsoft field sellers, who are incentivized to co-sell your app with Microsoft products and services, and who can help you reach enterprise customers and close larger deals.
The marketplace also helps customers increase efficiency, buy confidently, and spend smarter by using their cloud commitments to purchase third-party solutions. Through marketplace, customers can:
Find and buy solutions that are compatible with their Microsoft cloud products and services, such as Azure, M365, or Teams, and that meet their business needs and industry standards.
Reduce the vendor onboarding and procurement processes by buying from Microsoft as a trusted provider and using their existing contracts and billing methods.
Leverage their Azure consumption commitments, which are pre-paid cloud spend that they agree to with Microsoft, to buy third-party solutions from the marketplace and get discounts or incentives.
Optimize their cloud spend by having better visibility and control over their usage and costs, and by choosing the best pricing and licensing options for their solutions.
There are three paths for ISVs to get their solutions to customers through the marketplace:
Direct is when the ISV publishes their solution and the customer buys it from the marketplace, either at list price or with a private offer.
Through CSP is when the ISV works with a cloud solution provider partner who sells their solution to SMB customers on a CSP contract, either at list price or with a private offer.
Through selling partner is when the ISV works with a partner who sells their solution to enterprise customers on an enterprise contract, with a multi-party private offer.
ISVs should leverage Marketplace Rewards, a free program that Microsoft offers to ISVs who publish their solutions on the marketplace. Key benefits include:
GTM support: This includes optimizing your product display page, getting featured on Microsoft marketing channels, and accessing best practices and guidance for marketplace success.
Azure sponsorship: This is a way to get Azure credits that you can use for your own development, testing, or demo purposes, or to offer to your customers as an incentive to close deals. You can unlock up to 100K in Azure sponsorship based on your marketplace sales.
Field webinars: This is an opportunity to present your solution to Microsoft field sellers who can help you co-sell and reach more customers. You can unlock a field webinar when you reach a certain level of marketplace sales and co-sell status.
Register to watch the recording! For more takeaways and more detailed info on those takeaways listed above, register to watch the recording.
Have follow up questions about this presentation’s content? Comment below to continue the conversation with our presenters, @KMCloudgirl and @jasonrook!
__________________________________________________________________________________________________________________________________________
Stay updated on upcoming marketplace community events: fill out this form. and we will email you with updates on new community events where you can participate in live Q&A with Microsoft!
Microsoft Tech Community – Latest Blogs –Read More
* DMC On Demand Tool * New Microsoft 365 Campaigns
Digital Marketing Content (DMC) OnDemand works as a personal digital marketing assistant and delivers fresh, relevant and customized content and share on social, email, website, or blog. It runs 3-to-12-week digital campaigns that include to-customer content and to-partner resources. This includes an interactive dashboard that will allow partners to track both campaign performance and leads generated in real time and to schedule campaigns in advance
NEW CAMPAIGNS
NOTE: To access localised versions, click the product area link, then select the language from the drop-down menu.
Product Area: Microsoft 365
Cloud Endpoints
Secure Productivity for Retail
Secure Productivity for Healthcare
MICROSOFT AI CLOUD PARTNER PROGRAM
The world and how we work are rapidly changing. The opportunities for Microsoft partners—whether you build and sell services, software solutions, or devices—are significant. The capabilities that are required by our customers are evolving, and our partner programs are changing to meet that demand.
The Microsoft AI Cloud Partner Program is focused on simplifying our programs, delivering greater customer value, investing in your growth in new ways, and recognizing how you deliver customer value. Check out links below to learn more:
Admins can sign-in to Partner Center to see how your organisation is progressing towards a Solutions Partner designation and see the associated benefits.
Go to Training Gallery & Microsoft docs to learn about the requirements needed to attain a Solutions Partner designation.
For more information visit the Microsoft partner website and Microsoft partner blog.
Create a logo using Logo Builder
PROGRAM & GETTING STARTED RESOURCES
If you’re still new to DMC, you can find program decks with links to recorded demos here. This collection of resources expands all of our digital services.
FEATURES & FUNCTIONALITY
If you’re just returning to DMC or just want a quick recap of the updates we’ve made, you can find them under ”Program Updates” of the Resources section in DMC, which can also be found by clicking the help icon on the top right.
In addition to English, the DMC user interface now supports additional languages. To update, go to your profile, click the edit button on the top right, and then select your preferred language from the drop down menu in the “your information” section.
CONNECT WITH US
If you’d like to speak with someone directly, please join our monthly office hours on January 4, 2024 (occurs the first Thursday of each month.) We offer morning and evening (PST) sessions to accommodate different time zones.
FEEDBACK AND SUPPORT
We’re always working on making DMC a better experience for you. If you have 5 minutes to review your current experience with DMC, we’d love to hear your thoughts. NOTE: All submissions are anonymous, so please reach out to us if you need support, or join our office hours the first Thursday of each month.
Microsoft Tech Community – Latest Blogs –Read More
Wired for Hybrid – What’s New in Azure Networking December 2023 edition
Hello Folks,
Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.
In this blog post, we’ll cover what’s new with Azure Networking in December 2023. In this blog post, we will cover the following announcements and how they can help you.
Enjoy!
Integration of Azure Monitor Agent support with Connection Monitor
Connection Monitor, a multi-agent monitoring solution, detects network connectivity and performance errors real time with aggregated packet loss and latency, localizes the problematic network component with end-to-end path visibility in unified topology and provides actionable insights to diagnose and troubleshoot the issues, thus reducing the overall Mean Time to Resolve network connectivity issues.
With Azure Monitor Agent, we aim to consolidate multi-monitoring agents into a single agent. This capability addresses connectivity monitoring logs and metrics data collection needs across Azure and ARC enabled on-premises machines, thus eliminating the overhead of management and enablement of multiple monitoring agents. Additionally, Azure Monitor Agent provides enhanced security and performance capabilities, effective cost savings & ease of troubleshooting with simpler management of data collection. With this support, the dependency on soon to be deprecated Log Analytics agent is eliminated, while increasing the coverage for on-premises machines with support for ARC enable endpoints.
The highlighted features of this new update are:
Connectivity monitoring support for ARC enabled on-premises endpoints as source as well as destination.
Simpler management of network monitoring extensions
One agent for monitoring Azure and non-Azure Arc endpoints
Enhanced security through Managed Identity and Azure Active Directory (Azure AD) tokens
The roadmap for the feature includes:
Portal support for auto-enablement of Azure Monitor Agent extension
Integrated support for enablement of Network Watcher extension with Azure Monitor Agent
Extended support across Azure resources beyond VM and VM scale set
Enhanced performance metrics with Throughput and Jitter UI support
Using a common port for public and private listeners
The support for configuring the same port number for public and private listeners on your Application Gateway is now generally available.
The provision enables you to easily use a single Application Gateway deployment to serve both internet-facing and internal clients. With this, you don’t need to use non-standard ports on listeners or customize the backend application. This feature is now generally available in all public regions, Azure China cloud regions, and Azure Government cloud regions.
An additional configuration may be needed for Inbound rules if you use Network Security Groups with your application gateway.
Rate-limit rules for Application Gateway Web Application Firewall
Rate-limit custom rules on Azure’s regional Web Application Firewall (WAF) running on Application Gateway are now available. Rate-limiting enables you to detect and block abnormally high levels of traffic destined for your application. By using rate limiting, you can mitigate many types of denial-of-service attacks, protect against clients that have accidentally been misconfigured to send large volumes of requests in a short time period, or control traffic rates to your site from specific geographies.
ExpressRoute Direct and Circuit in different subscriptions
ExpressRoute Direct customers will be able to manage network costs, connect ExpressRoute circuits from multiple subscriptions with one ExpressRoute direct Port resource, and isolate management of ExpressRoute Direct resource from your ExpressRoute circuits.
ExpressRoute Direct gives you the ability to connect directly into the Microsoft global network at peering locations strategically distributed around the world. ExpressRoute Direct provides dual 100-Gbps or 10-Gbps connectivity, that supports Active/Active connectivity at scale.
This requires an ExpressRoute Direct port and an ExpressRoute Circuit. Previously, ExpressRoute circuits and ExpressRoute Direct resources were created in one subscription, you then could connect their circuit to a Virtual Network resource that is located in a different subscription using an authorization.
With this feature today, you can create the Port and ExpressRoute circuit in different subscriptions redeeming the authorizations to create a circuit.
Resources
Azure ExpressRoute Overview: Connect over a private connection
Azure ExpressRoute: Configure ExpressRoute Direct using the Azure portal
Connect your on-premises network to the Microsoft global network by using ExpressRoute – Training
General availability: ExpressRoute as a Trusted Service
Express Route is now a Trusted Service in Azure. This means you can store your Media Access Control, or MACsec, secrets (Connectivity Association Key and Connectivity Association Key Name) in an Azure Key Vault with Firewall policies enabled. That way you can restrict public access to Keyvault yet allow Trusted services like ExpressRoute to access secrets, passwords, or keys stored in the Keyvault.
This continues with our push to make it easier for you to securely connect to Azure from your on-premises environment.
Resources
Trusted Services: Configure Azure Storage firewalls and virtual networks
Azure Virtual Network Manager Security Admin Rule generally available in select regions
With security admin rules & virtual network manager, you can centrally manage and apply security policies across your organization. Security admin rules applied through security configuration. This config can be applied to network groups containing any set of virtual networks in your organization.
Brings greater ability to manage org wide your security posture. Unlike NSGs, sec admin rules will be applied to any virtual network added to a network group w/ a sec configuration applied.
Resources
Security admin rules in Azure Virtual Network Manager
How to block network traffic with Azure Virtual Network Manager – Azure portal
Wired for Hybrid – Deep Dive 3 – Azure Virtual Network Manager
That’s it for this month. Happy Holidays!
Cheers
Pierre
Microsoft Tech Community – Latest Blogs –Read More
Register now for the upcoming Cloud Solution Provider H2 Acceleration Moment webcast!
Join us on January 18, 2024 (9 a.m. PST and 5 p.m. PST) for the Cloud Solution Provider H2 Acceleration Moment webcast. Microsoft executives Jared Spataro, CVP of Modern Work and Business Applications; Kevin Peesker, CVP SMC & Digital; and David Smith, VP of Global Channel Sales, will provide the latest product and marketing program updates and review new go-to-market investments to help CSP partners manage upcoming renewals and get customers AI ready.
Register today to reserve your spot and to get notified when session content is available on demand.
AM option: Thursday, January 18th 9am PST
PM option: Thursday, January 18th 5pm PST
Microsoft Tech Community – Latest Blogs –Read More
Microsoft Learn lanza nuevo contenido sobre IA Generativa para personas innovadoras
Generative AI para Innovadores
Los módulos son los siguientes:
Módulo de Learn
Resumen
Link
En este proyecto de desafío, usarás Bing Chat para realizar una sesión de ideación (brainstorming) y crear el resumen de una idea en una sola diapositiva, listo para su implementación. Este sería un gran proyecto de desafío para completar al comienzo de un hackathon.
https://aka.ms/genai-innovators/ideation
Reto: uso de la IA generativa para la creación de prototipos y MVP (Minimum Viable Product)
En este módulo, Bing Chat te guiara sobre cómo puedes crear prototipos o maquetas para tu idea y sobre cómo puedes implementar el proyecto.
https://aka.ms/genai-innovators/MVP
Reto – Utiliza la IA generativa para crear una modelo de negocio para tu startup.
En modulo, eres un Director de Estrategia (CSO) y asumes la tarea de crear una Estrategia/Modelo de Negocio utilizando la guía de Plantilla de Lienzo de Modelo de Negocio.
Pero no lo harás solo. Cocrearás esta visión con Inteligencia Artificial: juntos idearán, investigarán y prepararán todo para que tu startup este lista para el éxito.
https://aka.ms/genai-innovators/businessmodel
Complete hoy mismo uno de estos proyectos de desafío para obtener un certificado digital en Microsoft Learn!
¡Prepárate para el Imagine Cup 2024!
Completa estos módulos para convertir tus brillantes ideas en proyectos de Startup y prepararte para la competencia estudiantil Imagine Cup 2024. Los módulos también pueden ayudarte a prepararte para tu próximo hackathon, así que guárdalos y tenlos a mano para ayudarte a crear materiales de primera calidad para una próxima idea de hackathon y aumentar tus posibilidades de ganar.
Por último, ayúdanos a mejorar este contenido para ti.
Una vez que hayas completado estos módulos de aprendizaje, comparte en los comentarios las áreas en las que podemos mejorar y contenido adicional que te resultaría útil para comenzar tu viaje como emprendedor de IA.
Microsoft Tech Community – Latest Blogs –Read More
Microsoft 365 Lighthouse: 2023 Year in Review
As we wrap up 2023, we want to acknowledge our partners’ continued support and feedback for Microsoft 365 Lighthouse. Over 11k partners are now using Lighthouse to keep their customers healthy and secure, with nearly half of those partners coming on board in the last 12 months. Over this time, we delivered some of the most requested features, enabling our partners to deliver better services, improve their security standards, and improve engagement with their customers.
Let’s look at some of the highlights from the past year:
Broadened management capabilities to cover all Microsoft 365 customers. Lighthouse is no longer just for your Microsoft 365 Business Premium customers. One of the benefits of using Lighthouse is that it offers a multi-tenant view, enabling partners to switch between customer tenants they may be managing. Now that Lighthouse supports all commercial and educational customers, you can employ the same standardized process of managing your customers across all your customers.
AI-Driven Insights to support proactive account management. In July, we introduced Sales Advisor to Lighthouse, a new experience that helps partners anticipate their customers’ needs and discover the best ways to add value with the help of AI-driven customer insights and recommendations. With Sales Advisor we are bridging the gap between account managers and service technicians, giving you a 360° view of your customers’ state and health for holistic customer success.
Simplified permissions management. We streamlined delegated access permission management to support your transition from DAP to GDAP. With the new GDAP template automation, we made it easier for you to define the level of access you need to your customers’ data and follow your MSP best practices. You can now set up GDAP for any customer tenant without the need to re-run GDAP setup or take extra steps so you can continue to invest your time in keeping them secure.
Alerts and notifications to keep you informed. We’ve introduced the alerts and notifications capability, and since then, we’ve sent out over 2 million alerts to notify you of activities that can threaten the security of your customers. You can configure customized email alerts for delivery to your users, groups, or third-party ticketing system so that you can react quickly to risky users, active threats, and more. With the ability to configure alerts to your needs, we are making it easier to integrate and prioritize multi-tenant alerts into your everyday Professional Service Automation (PSA) and email workflow.
Powerful new features to create, deploy, and manage baselines:
Multi-tenant deployment insights. With multi-tenant view for baselines, you can understand how customers have been set up and continuously monitor the status to gain visibility on the progress tenants have made on the baseline. The single view informs you with insights across all tenants, users, and tasks regarding their deployment exceptions, regressions, and more to help you prioritize deployment activities.
Detect and remediate drift. Lighthouse continuously scans customer tenants to ensure they remain compliant so you can be alerted when a tenant drifts from your desired state. For example, when your tenant has turned off multi-factor authentication (MFA) as a requirement, you can efficiently and effectively restore the tenant back to a healthy, productive, and secure state.
Default & Custom Baselines. We improved default baselines to be more stringent and comprehensive than ever before by adding OneDrive sync configuration, enabling device health monitoring, and automation of Intune device enrollment. While default baselines provide best practice guidelines to keep your customers secure and productive, we understand every customer has unique needs. With the addition of custom baselines, you can now create your own baselines to accommodate customers with varying licensing needs, degrees of tenant maturity, and industry requirements, as well as support customers who have subscribed to different managed services offerings you provide.
Strengthened capabilities to protect customers:
Secure Score: We heard from partners like you that having have Secure Score visible in Lighthouse is important. You can understand the holistic security status of a customer selected on the Tenants page, such as their baseline, deployment status, and Secure score. With the integration of Secure Score, you can take action to complete a deployment plan that helps your managed tenants achieve a higher Secure Score and then jump to view Secure Score details in the Microsoft 365 Defender portal without having to re-enter credentials or re-select the customer thanks to our integration with 17 admin centers.
Vulnerability management: We brought more ways to help you proactively identify and build a secure foundation for device insights through Microsoft Defender Vulnerability Management. We give a high-level view of the exposure score across your tenants and show you recommendations on how to reduce specific tenant’s exposure to vulnerabilities.
Device security insights: You can quickly view the overall status, severity, and category of various security alerts in your tenants with summarized insights from Microsoft Defender for Business and Microsoft Defender for Endpoint, helping you to assess the big picture before drilling deep down into the full list of alerts.
Starting the year right with Lighthouse
In the past year, we have worked to empower you as our partners with innovative solutions to engage and manage your customers more effectively. As we move forward, we are committed to adding new capabilities that bring you the data and insights you need to help you be more productive while also growing your business.
Here’s a look at what you can expect to see in early 2024:
Upcoming Renewals: This last year, we surfaced over 1 million customer opportunities in Sales Advisor to help partners engage their customers more meaningfully. We’re taking this further by introducing the new Upcoming Renewals view. This view will help streamline the way you manage your customers’ renewals. Rolling out in late January, you’ll have access to new insights that will help you:
Quickly and easily track subscriptions approaching expiration within the next 90 days
Prioritize customer outreach by sorting or filtering on expiration date, seat size, product, and auto-renew status
Optimize the renewal conversation with contextual recommendations to support your customers’ continued success & growth
Screenshot of Upcoming renewals pageExpansion Opportunities: You will now see new expansion opportunities in Lighthouse, providing insights into growing customers who benefit from adding additional licenses. This is another way Lighthouse makes account management proactive and streamlined, helping you better anticipate your customer’s needs with AI-driven insights and recommendations.
Role-Based Access Controls: Manage partner tenant permissions through a simplified, role-based access control (RBAC) model. Lighthouse RBAC roles will allow administrators to define and enforce what users can see and change in Lighthouse. Administrators will also be able to manage user access to Sales Advisor directly from Lighthouse, helping to unlock AI-powered recommendations and insights with account managers.
Expanding default baselines: Building on the success of this year’s launch of default and custom baselines, we’re upping the game by restructuring and doubling the number of tasks in the default baseline, covering the full value of Microsoft 365 and raising the standard for tenant configurations that keeps your customers safe, secure, and productive. This enhancement will help boost your security posture, bringing a more comprehensive defense against potential vulnerabilities.
Screenshot of Default Baseline page with new categories and tasks
We are very excited about the future of Lighthouse, and we look forward to working with you in 2024 to make Lighthouse the best tool for managing and securing all your Microsoft 365 customers.
If you haven’t visited Lighthouse in a while, check out all the new features we’ve delivered in 2023. If you’re new to Lighthouse, add it to your partner tenant for free and get started today!
Want to learn more?
Read other blogs we wrote about Microsoft365 Lighthouse
Take a look at the full list of updates we made this year at What’s New in Microsoft 365 Lighthouse
Microsoft Tech Community – Latest Blogs –Read More
Windows Admin Center “Modernized Gateway” is now in Public Preview!
Today, we release an upgraded version of Windows Admin Center to public preview. This is in addition to our latest generally available release, Windows Admin Center version 2311. These two versions of Windows Admin Center can be installed side-by-side, allowing you to get a taste of what’s coming in Windows Admin Center without sacrificing your existing setups.
We’ve been working behind the scenes to ensure that Windows Admin Center is up-to-date, secure, and reliable. We suggest experienced users of Windows Admin Center and Windows Admin Center developers give this build a try. Read on to find out what the modernized gateway is and all the exciting new performance, extensibility, and security features we’re now leveraging!
What’s new in the modernized gateway
Upgrade to .NET Core
The Windows Admin Center frontend UI is built on Angular, which is in turn built on our shell. The shell hosts all the core services and most of our UI components, our solutions like server and cluster manager, and, on top of that, every extension that you use for server management.
Our front end interacts with our backend, which is also known as our gateway. The gateway hosts our authorization structure, our PS services, our gateway plug-ins, and plays a critical role in every single experience that you use in Windows Admin Center.
In this release, we’re upgrading our backend from the .NET 4.6.2 framework upgrade to .NET Core, bringing enhanced security and improved cryptography to our product. This also includes support for HTTP 2, reducing latency and enhancing the responsiveness of Windows Admin Center. Combined with improved performance, providing faster load times, you’ll be able to get your tasks done more quickly and efficiently.
Updated installer
While modernizing our gateway, we also made the installer more flexible by providing increased customization options including network access settings, selecting trusted hosts, providing a fully qualified domain name (FQDN) for your gateway machine, and more. For more details about the installer, read on to the Installing the modernized gateway section.
Settings update
As part of our gateway modernization effort, you may notice that your Windows Admin Center settings look a little bit different.
As we discussed in the 2211 Windows Admin Center release, we have deprecated the in-app update experience and have consequently removed the settings blade for Updates. Additionally, the Access and Shared Connections blades are now available on local gateway installations (also known as “desktop mode” in legacy gateway builds).
Multi-process, micro-service based
The modernized gateway also leverages microservice architecture. Prior to this upgrade, Windows Admin Center performed all tasks in a single process. With our new model, we start one process for Windows Admin Center on application startup that serves as a process manager. As you use Windows Admin Center, additional sub-processes are spun up to perform specific tasks.
Additionally, gateway plug-ins that are compatible with the modernized gateway will also run their own collection of sub-processes under the Windows Admin Center service manager to perform their functions.
Changing from a monolithic service to a microservice model helps our modernized gateway be more flexible, scalable, and resilient.
Kestrel HTTP web server
Previously, Windows Admin Center utilized Katana components, including a web server, on the backend. With the modernized gateway, we’ve shifted to an ASP.NET Core Kestrel web server.
Kestrel is the recommended web server for ASP.NET Core applications. Kestrel is:
High performing: Kestrel is optimized to handle a large number of concurrent connections efficiently.
Lightweight: Optimized for running in resource-constrained environments, such as containers and edge devices.
Security hardened: Kestrel supports HTTPS and is hardened against web server vulnerabilities.
Additionally, Kestrel supports the HTTP/2 web protocol, where previously we had only supported HTTP1.1 with the Katana components. The upgrade from HTTP1.1 to HTTP/2 brings reduced latency to our application as well as increased responsiveness through enhanced features like multiplexing and server push.
Switching to a Kestrel web server will also allow for Windows Admin Center to potentially enable cross-platform support in the future.
How does the modernized gateway impact my extension?
Gateway plug-in extensions will be the most impacted by the changes to our modernized gateway. Windows Admin Center gateway plug-ins enable API communication from the UI of your tool or solution to a target node. Windows Admin Center hosts a gateway service that relays commands and scripts from gateway plug-ins to be executed on target nodes. The gateway service can be extended to include custom gateway plug-ins that support protocols other than the default ones (PowerShell and WMI).
Because gateway plug-ins communicate with Windows Admin Center’s backend to enable API communication, gateway plug-in code may include components written with the .NET framework version 4.6.2, which will not function with .NET Core. This code needs to be updated to use the .NET Core framework.
Additionally, we’ve modified the way plug-ins work with our modernized gateway. Instead of developing a C# class which implements the IPlugIn interface from the Microsoft.ManagementExperience.FeatureInterfaces namespace to extend the gateway plug-in, extensions will now be written in the form of ASP.NET MVC controllers. These controllers have increased flexibility compared to the simple C# class and extensive documentation.
Learn more about gateway plug-in development in Windows Admin Center here.
What about my tool and/or solution extension?
Solution and tool extensions do not communicate with Windows Admin Center’s backend in-depth and should be minimally impacted by the modernized gateway. We strongly recommend testing your extension to ensure it continues to run smoothly on the new backend.
Installing the modernized gateway
With our modernized gateway, we’ve made changes to our installer to offer more flexibility to the user.
When running the installer, you will be presented with three different installation modes: express localhost setup, express remote setup, and custom setup.
Express setup options
Two of the three installation modes for the modernized gateway are express modes—express localhost setup and express remote setup.
Both express setup options do not allow for the configuration of the following features:
Login authentication mode
Host access network names
Internal and external network ports
Certificate type and thumbprint
Endpoint FQDN
Trusted hosts mode
WinRM over HTTPS
If you would like to configure any of these features, please use the custom setup option instead.
If you select the express localhost setup option, WAC will be accessible through port 6600 and will use internal ports 6601-6610.
If you select the express remote setup option, WAC will be accessible through port 443 and will use internal ports 6601-6610.
Custom setup
Selecting custom setup allows you to configure all Windows Admin Center setup options:
Network access – This page allows you to select how you will be using Windows Admin Center. You may choose to restrict WAC access to other users by selecting localhost access only or allow remote access through machine name of FQDN.
Port numbers – This page allows you to select the ports that will be reserved for Windows Admin Center. WAC uses one external port for its primary processes. Other processes use internal ports. There are two internal processes by default, but extensions may define their own services that will require port access. By default, the internal range is 10 ports.
Select TLS certificate – This page allows you to select Self-Signed certificates or an official TLS certificate that Windows Admin Center should use. Self-Signed certificates include Self-signed CA root certificates and TLS certificates that work with the latest Edge/Chrome browser.
Fully qualified domain name – This page allows you to provide a fully qualified domain name for network access. This name must match the name on the TLS certificate.
Trusted hosts – This page allows you to select which type of remote hosts you’d like to manage. You may choose to manage only trusted domain computers or allow access to non-domain joined machines.
WinRM over HTTPS – This page allows you to select whether to use HTTPS for WinRM communication. WinRM communicates over HTTP by default.
Troubleshooting installation
If your installation failed, or you’re having trouble opening WAC after install, you may need to uninstall and reinstall. This can also happen if you have an older version of a modernized gateway build installed, and you are trying to update to a newer version. To uninstall, follow the instructions in the Uninstalling and cleanup section of this document.
Uninstalling the modernized gateway
To uninstall the Windows Admin Center modernized gateway, perform one of the following actions:
In the Apps & Features page of your gateway machine settings, select Windows Admin Center (v2) Preview from the program list and then select uninstall.
Navigate to the folder where the Windows Admin Center modernized gateway is installed (default directory is C:ProgramDataMicrosoftWindowsStart MenuProgramsWindows Admin Center (v2)) and select “Uninstall Windows Admin Center (v2)”
Run C:Program FilesWindowsAdminCenterunins000.exe
Running the installer again will not result in an uninstall option at this time. To ensure your installation was removed successfully, check if a WindowsAdminCenter folder exists in C:ProgramData or C:Program Files. If it does not exist in either location, your application has been successfully uninstalled.
During the uninstallation process, everything put on the machine during installation will be removed, except for the Windows Admin Center modernized gateway .exe installer file. If you have another build of Windows Admin Center also installed at the time of your modernized gateway uninstallation, no files or properties of the other build will be touched during the uninstallation process. There are no interdependencies between the two installations.
FAQs
Q: Can you install a build of Windows Admin Center with the modernized gateway when you already have an existing build of Windows Admin Center installed?
A: Yes, you can install a modernized gateway build of Windows Admin Center side-by-side with a legacy gateway build as long as you do not choose the same ports for both installations.
Q: Can I change the ports my Windows Admin Center installation is using after install?
A: Yes, In the Program Files for Windows Admin Center, we’ve included a PowerShell module called Microsoft.WindowsAdminCenter.Configuration.psm1. This module allows you to modify your WAC configuration after installation and can be found in the PowerShellModules folder of your installation (C:Program FilesWindowsAdminCenterPowerShellModules by default).
To change the ports WAC is using, run the following command:
Set-WACHttpsPort -Wacport <port> -ServicePortRangeStart <port> -ServicePortRangeEnd <port>
Q: Changing the ports is great, but can I change other configuration settings after install?
A: Yes! You may use the PowerShell module Microsoft.WindowsAdminCenter.Configuration.psm1 to change your configuration settings. It can be found in the PowerShellModules folder of your installation.
Q: Why aren’t all these changes just in the 2311 release?
A: To ensure the best quality experience, we require customer and developer feedback before these changes are generally available.
Q: Are all the features in the 2311 release available in this build?
A: Yes! Read more about the Windows Admin Center 2311 release.
Known issues
The account for the PowerShell session in the PowerShell tool always defaults to the user signed into the Windows Admin Center gateway, even if different management credentials were specified when remoting to a connection.
The extension feed for the modernized gateway has not been configured. Extensions not included in the Windows Admin Center installer (including external partner extensions) will not be available unless you add an extension feed. Even with an added feed, the following extensions do not currently function with the modernized gateway:
Dell OpenManage
Lenovo XClarity Integrator
Fujitsu ServerView RAID
Fujitsu Software Infrastructure Manager (ISM)
Fujitsu ServerView Health
Pure Storage FlashArray
Download today!
We hope you enjoy this new, modern version of Windows Admin Center and the various new functionality in preview. Learn more and download today!
As always, thanks for your ongoing support, adoption, and feedback. Your contributions through user feedback continue to be vital and valuable to us, helping us prioritize and sequence our investments.
Windows Admin Center is continuously evolving and growing as a tool and a platform, and we are beyond thrilled to have you part of our journey.
Thank you,
Windows Admin Center Team (@servermgmt)
Microsoft Tech Community – Latest Blogs –Read More
Use Logic Apps to build intelligent OpenAI applications
Context
Interacting with data in enterprise applications is becoming increasingly prevalent. Developers are now frequently employing the RAG (Retrieval Augmented Generation) model for this purpose. This method integrates OpenAI with vector storage technologies like Cognitive Search, allowing users to converse in natural language with their enterprise data, regardless of its format. An example of this can be seen in a GitHub sample.
The codeful way today
Building such sophisticated applications typically involves a few key steps that require putting building blocks together. Primarily, it includes the creation of a dynamic ingestion pipeline and a chat interface capable of communicating with vector databases and Large Language Models (LLMs). Various components can be assembled to not only perform the data ingestion process but also to provide a robust backend for the chat interface. This backend facilitates the submission of prompts and generates dependable responses during interactions. However, managing and controlling all these elements in code can be quite challenging as is the case for most of the solutions out there.
Codeless approach via Logic Apps
The primary emphasis in this context is on the role of Logic Apps in simplifying backend management. Logic Apps offer pre-built connectors as building blocks, streamlining the backend process. This allows you to concentrate solely on sourcing the data and ensuring that when a prompt is received, the search yields the most current information. Let’s take this example sample used by Azure OpenAI + Cognitive Services.
We’re excited to introduce new service provider connectors for Azure Open AI and AI Search, designed to help developers create applications that ingest data and facilitate simple chat conversations.
To understand this better, let’s breakdown the backend logic into two key workflows:
Ingestion Workflow:
Developers can set up triggers to retrieve PDF files, either on recurrence or in response to specific events, such as the arrival of a new file in a chosen storage system like SharePoint or OneDrive. Here’s a simplified workflow process for how that ingestion may look like:
Data Acquisition: Retrieve data from any third-party storage system.
Data Tokenization: In this scenario, tokenizing a PDF document.
Embeddings Generation: Utilize Azure OpenAI to create embeddings.
Document Indexing: Index the document using AI Search.
By implementing this pattern with any data sources, developers can save considerable time and effort while building ingestion pipelines. This approach simplifies not just the coding aspect but also guarantees that your workflows have effective authentication, monitoring, and deployment processes in place. Essentially, it encapsulates all the advantages offered by the Logic App (Standard) as of today.
Chat Workflow:
As data continues to be ingested in vector databases, it should be easily searchable so that when a user asks a question, logic apps backend can process the prompt and generate a reliable response.
Here is how chat workflow may look like:
Prompt capture: Capturing JSON via HTTP request trigger
Model training: Adapting to sample responses (modeled on GitHub example)
Query generation: Crafting search queries for vector database
Embedding conversion: Transforming queries into vector embeddings
Vector search operation: Executing searches in the preferred database
Prompt creation and chat completion: Use straightforward JavaScript to build prompts and connect with the chat completion API, guaranteeing reliable responses in chat conversations.
Every step in the process, from generating embeddings and tokenizing to vector searching, not only promises swift performance due to the stateless workflow but also assures that the AI seamlessly extracts all crucial insights and information from your data files.
It goes without saying that in today’s fast-paced tech environment, conserving time and development resources in creating OpenAI applications is crucial. That is why we are thrilled to share this capability, streamlining the process for developers to build dynamic ingestion or chat workflows with just a few essential building blocks.
Try it out
The new in-App connectors are currently in Private Preview. Feel free to reach out to try this experience. We are planning to do a Public Preview in January 2024.
Microsoft Tech Community – Latest Blogs –Read More
Register now for the upcoming Cloud Solution Provider H2 Acceleration Moment webcast!
Join us on January 18, 2024 (9 a.m. PST and 5 p.m. PST) for the Cloud Solution Provider H2 Acceleration Moment webcast. Microsoft executives Jared Spataro, CVP of Modern Work and Business Applications; Kevin Peesker, CVP SMC & Digital; and David Smith, VP of Global Channel Sales, will provide the latest product and marketing program updates and review new go-to-market investments to help CSP partners manage upcoming renewals and get customers AI ready.
Register today to reserve your spot and to get notified when session content is available on demand.
AM option: Thursday, January 18th 9am PST
PM option: Thursday, January 18th 5pm PST
Microsoft Tech Community – Latest Blogs –Read More
Webhook message delivery failed with error: Microsoft Teams endpoint returned HTTP error 400
We have been using this incoming webhook from Zendesk to Teams and after a bunch of updates last week, they stopped working.
Error:
Webhook message delivery failed with error: Microsoft Teams endpoint returned HTTP error 400
We have been using this incoming webhook from Zendesk to Teams and after a bunch of updates last week, they stopped working. Error:Webhook message delivery failed with error: Microsoft Teams endpoint returned HTTP error 400 Read More
Transforming the iOS/iPadOS ADE experience in Microsoft Intune
In July of 2021, we announced that Running the Company Portal in Single App Mode until authentication is not a supported flow by Apple for iOS/iPadOS automated device enrollment (ADE). Since then, we’ve been hard at work to improve the ADE experience through the release of Setup Assistant with modern authentication, Just in Time (JIT) registration and compliance remediation, and the “Await until configuration” setting.
In the first half of calendar year 2024, we’re removing the ability and functionality for the “Run Company Portal in Single App Mode until authentication” setting. Devices will not be able to enroll through this method and you will not be able to save new enrollment profiles with this setting configured. If you haven’t already, we recommend moving your authentication method to Setup Assistant with modern authentication and leverage the new capabilities.
Stay tuned to this blog for updates on the timing of this change.
Improved and more secure iOS/iPadOS ADE experience
To replace this flow, we’ve been working on three new features to improve the iOS/iPadOS ADE experience for new and existing enrolled devices. Our focus has been on prioritizing security and enhancing both the user and admin experience.
Now that these features are all generally available, we recommend configuring them for the most secure and updated experience for ADE with user device affinity:
Select Setup Assistant with modern authentication as the authentication method in your enrollment profiles for enrolling devices with user affinity.
This authentication method allows your organization to require authentication with Entra ID as part of the out-of-box experience (OOBE) during enrollment with Setup Assistant, prior to users accessing the home screen. You’ll also have the option to require multi-factor authentication (MFA) depending on the settings in your Conditional Access policy.
Example of the “Management Settings” profile and User Affinity & Authentication Method settings in the Microsoft Intune admin center.
Ensure that the Await final configuration setting is set to Yes within your enrollment profiles.
Enable a more secure and locked experience at the end of Setup Assistant to ensure your most critical device configuration policies are installed on the device. Before the home screen loads, Setup Assistant pauses and lets Intune check in with the device. The device user experience locks while users await final configurations so that when they land on the home screen, the device is configured based on your organization’s policies.
Example of the “Await final configuration” toggle in the Microsoft Intune admin center.
Configure JIT registration and compliance remediation for your ADE devices.
With JIT (just in time) registration, the Company Portal requirement for Entra ID registration or compliance checking is no longer needed. By removing the Company Portal requirement, we eliminated extraneous steps, removed required app downloads that can’t be changed, and put an end to switching between apps to get the device compliant, thereby streamlining the user flow.
Any SSO-enabled (single sign-on) app can be used to complete Entra ID registration now, while seamlessly establishing SSO throughout the device. Additionally, JIT compliance remediation is the new embedded flow for users to see their compliance status and action steps right within the app that they’re completing JIT registration within. Check out the two demos showcasing this in the JIT blog post.
Example of the “Device features” settings for iOS/iPadOS in the Microsoft Intune admin center.
Combining these features provides the following benefits:
The device fully enrolls within Setup Assistant with optional MFA.
Critical device configuration policies are already preloaded on the device, so users can immediately access the home screen and become productive without any delays or interruptions.
Users can quickly start working by opening any single sign-on (SSO)-enabled app, which most users intuitively go to these apps to authenticate. This will complete both Microsoft Entra registration and establish SSO throughout the device. For the best experience, we recommend using the Microsoft Teams app.
Users can also become compliant with any necessary remediation steps embedded within the app they’re using to authenticate. There’s no need to switch between apps to complete compliance steps.
Profiles using Company Portal authentication method
With this change, devices assigned to an existing enrollment profile with the Company Portal authentication method and the “Run Company Portal in Single App Mode until authentication” setting is set to Yes will fail to enroll or re-enroll. They must be assigned an enrollment profile with a supported authentication method.
Example of the “Management Settings” profile settings with the “Run Company Portal in Single App Mode until authentication” in the Microsoft Intune admin center.
If the authentication method is Company Portal and the “Run Company Portal in Single App Mode until authentication” setting is set to No, the Company Portal won’t automatically download from the profile. To use this method, you will need to target the Company Portal app as required for ADE devices with the correct app configuration policy attached. Additionally, users will need to manually run the Company Portal and complete the enrollment and Microsoft Entra ID (formerly known as Azure Active Directory) registration steps.
For new profiles you won’t be able to save the enrollment profile if the “Run Company Portal in Single App Mode until authentication” setting is set to Yes. Although not recommended, new profiles can use the Company Portal authentication method by targeting ADE devices with the Company Portal app and an app configuration policy. Note: After support has ended, this setting will eventually be removed from the user interface.
If you have any questions, let us know by leaving a comment below or reaching out to us on X @IntuneSuppTeam.
Microsoft Tech Community – Latest Blogs –Read More
Microsoft 365 innovations for small and medium business in 2023
Brenna Robinson,
General Manager, Microsoft 365, Small and Medium Business
We’ve been busy building new products and features for Microsoft 365—all so you can be more productive, creative and grow your customer base. From enabling payments right in the Teams app to enhancing security for your small business, we’ve covered lots of areas this year—and hope to provide even more innovations in 2024!
Expand your business
Payment request in Microsoft Teams Payments
Microsoft Teams Payments app
In May, we added the Payments app to Microsoft Teams. Getting paid for appointments, classes, and webinars becomes much easier with the Payments app—letting you easily manage and collect your funds from inside a Teams meeting. To make the app a seamless experience, we partnered with leading players in the payments space—a necessary step, since Payments combines collaboration capabilities with ecommerce. The partner support from PayPal, and Stripe mean easier interactions with customers and faster payments for you.
Microsoft Teams
In November, we expanded our support for service-oriented small businesses by adding Microsoft Bookings to Microsoft Teams Essentials. Using the Bookings app your customers can easily book a meeting with you or one of your employees, freeing you up from the routine task of scheduling. The schedule synchs for all your Teams users and integrates seamlessly with Teams to enable virtual meetings, too.
Of all the apps in the Microsoft 365 portfolio, our customers consistently identify Teams as one of its most indispensable resources once they use it for the first time. If you’re not yet a Teams user, try Microsoft Teams Essentials now without commitment—it’s free for 30 days for all US customers.
We also made it easier for admins to set up Teams without having to navigate the Teams Admin Center or the Microsoft 365 Admin Center. There’s now an easy and intuitive Admin app inside Microsoft Teams that provides recommendations for your specific settings needs. You can enable or disable features or ask for Microsoft support all without leaving Teams. The app is automatically installed and available to admins in businesses with less than 25 users. This experience is being rolled out gradually to users. If you haven’t seen it yet, you can download in the Teams app store.
Unlock the power of Microsoft Teams by connecting with industry experts to get your questions answered about how to integrate Teams into your operations. Use the following links to learn more about each webinar and register.
North and South Americas, Europe time zones
January 16, 9:00 am PST: Protect and enhance meeting experience with Microsoft Teams Premium
January 17, 9:00 am PST: Empower your business with Microsoft Teams devices
January 18 9:00 am PST: Collaborate with enterprises using M365 MTO and MTMA
Boost your brand recognition
Clipchamp screenshot of video editing.
Microsoft Clipchamp
One of our exciting additions to the Microsoft 365 family in 2023 is the new Clipchamp video editor. If you’ve tried to use video editing software before and given up because the learning curve was too steep, then we challenge you to give Clipchamp a try. We designed Clipchamp with ease of use at the top of our priority list, but we didn’t skimp on functionality. It has all the basic editing tools you probably know, such as trimming, cropping, and speed control. But what sets Clipchamp apart is that you’ll be able to use these tools immediately without having to pore over manuals or deal with a lot of trial and error. Clipchamp lets you make high-quality recordings right out of the box. You’ll go from raw footage to a fully edited video smoothly and quickly. When you’re ready to level up your editing, there are more advanced features available like timeline editing and audio processing. Best of all the app is integrated with all your other Microsoft 365 apps and it will even auto-format your video for third-party delivery channels, including Facebook and YouTube.
Find out how to access Microsoft Clipchamp
Working even smarter and faster
Loop project home screenshot.
Microsoft Loop
Another exciting addition to the Microsoft 365 app family is Microsoft Loop. Think of it as an essential co-creation app, supercharged by AI. Loop keeps your work organized by bringing all the parts of your project together in one place—all while giving you and your team the flexibility to collaborate in your preferred app using Loop components. These are portable pieces of content that you can add to any other Microsoft 365 app, including Microsoft Outlook, Teams, and more. Once they’re added, they’ll keep all of your Loop updates synced inside your favorite app so there’s no need to learn another app. The Loop app is available for all Microsoft 365 Business Standard and Microsoft 365 Business Premium customers at no additional charge and you can add it on a mobile app for iOS or Android.
Microsoft Teams Phone
We’ve added useful new features to Microsoft Teams Phone. First, there’s shared calling, which allows admins to enable a group of licensed users to make and receive phone calls using a single number and calling plan. For example, a single phone number can be shared by all store personnel at a small hardware to be able to make outbound calls to customers and receive incoming calls to the same number.
We also included the reverse, namely a private line feature. This lets you set up a second phone number for a single user or group that bypasses any admins, assistants, or delegates. Think of it as a hotline for your most important calls. You can also receive alerts for protected voicemail (encrypted voicemails left by either internal or external callers.)
There’s also the new click-to-call feature, which makes it easy for customers to reach your sales and support teams directly from your web page or app. Developers can add, customize, and program the widget to connect customers to a specific Teams user, call queue, or auto attendant.
We want you to know about our promotional offer that includes both Microsoft Teams Essentials and Teams Phone with a choice of calling plans. Discover more online or visit your preferred reseller.
Join us for an engaging and informative webinar as we delve into the world of the Microsoft Teams Phone and discover how it can revolutionize communication and collaboration for Small and Medium-sized Businesses (SMBs).
January 15, 9:00 am PST: Grow your business with Microsoft Teams Phone (North and South Americas, Europe time zones)
Reliable security in Microsoft 365
Microsoft Defender for Business offerings.
Microsoft Defender for Business
Cyberattacks are constantly growing more sophisticated and your security needs to keep pace. Traditional security layers like antivirus and antimalware just aren’t enough, which is why we enhanced Microsoft Defender for Business throughout the year.
Defender for Business now has next-gen Defender Antivirus which not only protects against known threats, but also identifies and helps protect against emerging dangers. We’ve also added post-breach technologies such as Endpoint Detection and Response, and AI powered Automated Investigation and Remediation and Automatic Attack Disruption. These technologies both detect and respond to threats.
We’ve simplified mobile security so employees using Android or iOS devices can stay secure on the go without the need for add-ons or device management. Finally, the new monthly security reports in Defender for Business make it easier to gauge your business’ security status across the entire threat landscape, including access and identity, devices, information control and apps. They also provide recommendations for outstanding issues and closing any gaps that might still be open.
Find out more on the Microsoft security web page for small and medium business.
Microsoft 365 Business Premium brings the Office apps, Microsoft 365 services and Teams, with a comprehensive security suite to SMBs—offering protection across identity and access with Microsoft Entra ID Plan 1 (formerly Azure AD Premium Plan 1), endpoint security with Defender for Business, protection across email, Teams, OneDrive with Defender for Office 365, data protection with Azure Information protection and device management with Microsoft Intune.
Find out more about Microsoft 365 Business Premium
Always evolving
These are just a few of the new features and capabilities we added to the Microsoft 365 platform in 2023, and we’ve already got more in the works for 2024. We are committed to providing tools that help you move your business forward. Keep current on what’s coming to Microsoft 365, by visiting the Microsoft 365 Roadmap.
Resources
Find the right Microsoft 365 business plan for you.
Learn more about how to set up and use your Microsoft 365 subscription and find tips and templates to help you accomplish your business tasks.
Get free resources, tech training, and guidance to keep your business thriving and growing.
Partners can access training resources, customer decks and deployment checklists to do more with Microsoft 365.
1.
After your one-month free trial, you will be charged the applicable subscription fee. Credit card required. Cancel any time to stop future charges.
The discount offer is available to new and existing customers who license a 12-month Microsoft Teams Essentials and Microsoft Teams Phone bundle (with or without a Microsoft Teams calling plan) through Direct and CSP direct channels between July 17, 2023, and January 17, 2024. This promotion is valid in the United States, Canada, and the United Kingdom. This annual subscription automatically renews and is subject to recurring billing at the regular price and selected term. Customers can cancel at any time to stop future charges. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice.
82 percent of ransomware attacks target small businesses per The Devastating Impact of Ransomware Attacks on Small Businesses and cost of cybercrimes to small businesses reached $2.4 billion worldwide in 2021 per Accelerating Our Economy Through Better Security: Helping America’s Small Businesses Address Cyber Threats May 2, 2023.
Microsoft Tech Community – Latest Blogs –Read More
The role of modern devices in achieving human-centric security
With the rise of flexible work, employee devices and data are now the top targets of cybercriminals. According to the 2023 Verizon Data Breach Investigations Report, “Seventy-four percent of all breaches include the human element, with people being involved either through error, privilege misuse, use of stolen credentials, or social engineering.”[i]
Security professionals must design their programs to put human behavior at the center – in other words, making security “human-centric.” The goal is to eventually get to what Forrester refers to as “adaptive human protection,” which they define as “people, processes, and technologies working together to detect and anticipate human security behaviors and adjust policies, training, and technologies to protect humans in a way that requires minimal or no effort on their part.”[ii]
Let’s look at how a human-centric security model helps defend against three common attack methods.
Attack method #1: Multifactor authentication fatigue
One way attackers are targeting employees is through multifactor authentication (MFA) fatigue attacks. MFA fatigue attacks start with a threat actor stealing an employee’s username and password. The threat actor then spams (or “fatigues”) the user with MFA authorization requests until that person finally relents and approves one. It typically doesn’t take long to secure that approval. Microsoft’s studies show that one percent of users will accept a simple approval request for authentication on the first try.[iii]
To defend against MFA fatigue attacks (and theft of credentials in general), organizations should take a human-centric approach to authentication, rather than leaving authentication apps as the sole line of defense. To prevent unsafe practices like writing down passwords, reusing credentials, or approving spammed authentication requests, companies should ensure that devices and authentication applications have simple sign-in procedures that empower employees and remove complexities.
Attack method #2: Phishing
Another persistent threat to employees is phishing. From May 2022 to April 2023, Microsoft Digital Crimes Unit identified and deactivated 417,678 phishing URLs.[iv] Attackers use manipulation tactics like fear and urgency to convince the employee to take a desired action, such as clicking on a suspicious link in an email and entering their credentials on a spoofed page.
One of the biggest risks of a phishing attack is the installation of malware. Microsoft Security Threat Intelligence has seen more than 74 million devices with malware encounters in one month.[v] It just takes one risky action from an employee—downloading an unknown piece of software or a suspicious attachment—to open the door to an organization’s critical data and resources.
Mistakes happen, and attackers are persuasive. It’s unrealistic to assume an employee will never fall for a phishing lure, even with all the proper security awareness training. Instead, use a human-centric security approach to defend against phishing attacks. A device with strong data encryption and intelligent threat monitoring can help protect sensitive data and alert a company’s security team to possible intrusions into the network.
Attack method #3: Physical access
Even with robust security compliance training, unsecure behavior can still occur. Forrester’s 2022 Workforce Survey found that seven percent of surveyed global information workers say they sometimes ignore or go around their organization’s security policies.[vi] That can include behaviors like not locking a device before walking away or even leaving a device in an unsecure location where it could potentially be stolen.
To tackle these types of errors with a human-centric security model, organizations should opt for devices that have advanced features like a separate security layer for sensitive data that is tied to biometrics. Even if an attacker has physical access to the device, or even has a username and password, the sensitive secrets and data on the device are still secure.
Surface keeps people at the center of security
By using security controls built into Microsoft Surface devices, organizations can achieve a human-centric security model that helps protect against threats caused by people while creating a better experience for employees.
Microsoft Surface devices use passwordless authentication to keep the sign-in process simple and secure for employees. Organizations can minimize the risk of MFA fatigue attacks and credential theft, reduce helpdesk requests for frequent password resets, and shrink employee frustration with biometric sign-in using Windows Hello, available on select Surface devices—leading to happy humans across the organization, from IT to the user.
Meanwhile, Secure Boot and Firmware Attack Surface Reduction (FASR) protect the firmware from bootkit and rootkit-type malware infections. Secure Boot ensures an authentic version of Windows 11 starts and that the firmware is as genuine as it was when it left the factory, while FASR helps provide further firmware protection for our Secured-Core PCs. Virtualization-based security (VBS) and hypervisor code integrity (HVCI) provide further protection against both common and sophisticated malware by performing sensitive security operations in an isolated environment.
Surface devices also use BitLocker to secure and encrypt data on employee devices so organizations can protect business information even on lost and stolen devices. Additionally, the Surface Pro 9 with 5G comes with Microsoft Pluton, which helps reduce the attack surface and provides further protection of sensitive credentials.
Organizations can also proactively block threats with automatic firmware and software updates from Windows Update for Business on Surface devices. Automatic updates ensure that the device is always running the latest software, while minimizing downtime for employees so they can stay productive. They also minimize overhead for the IT team, further reducing the risk of updates not being applied in a timely manner. Microsoft Defender Antivirus is built into Surface devices to provide real-time, always-on virus protection. For an extra layer of security, IT teams can use Microsoft Defender for Endpoint[vii] to help prevent, detect, investigate, and respond to advanced threats, so that IT teams can feel more confident that users can’t engage in risky behavior.
Put humans at the center of your security model. Check out how Surface devices help organizations achieve human-centric security and defend against cyberattacks.
[i] “2023 Data Breach Investigations Report,” Verizon, 2023.
[ii] “The Future Of Security Awareness And Training,” Forrester Research, November 7, 2022.
[iii] “Defend your users from MFA fatigue attacks,” Microsoft Tech Community Blog, September 28, 2022.
[iv] “The Confidence Game: Cyber Signals May 2023 Report,” Microsoft Threat Intelligence, May 2023.
[v] “Global threat activity,” Microsoft Security Intelligence, September 2023.
[vi] “2022 Workforce Survey,” Forrester Research, 2022.
[vii] Sold separately.
Microsoft Tech Community – Latest Blogs –Read More
Looking for expanded documentation on Exchange objects
Probably a simple answer, at least I hope it is, but I’m looking for expanded documentation on Exchange objects as they appear in powershell.
For just one example: mailbox objects.
Of course I can pipe mailbox objects into | get-member to see what all the various properties of a mailbox object are, but I’d like to know more about what each of those properties MEANS, what Exchange “uses” it for, how it relates to other objects, etc. and be able to infer from that information why I might care?
For example, I’ve just discovered some mailboxes on my Exchange server (on prem) whose “ServerName” property refers to a long ago decomissioned server that I replaced with a differently named server (DAG is in play). So I’m curious about the usage of the ‘ServerName’ property in Exchange mailboxes. All the mailboxes are working fine (at least as far as I can see) so I don’t think I have a “problem” that needs to be solved. It just made me want to find detailed/expanded documentation about mailbox properties and methods, and for other object classes as well.
TIA
Robert
Probably a simple answer, at least I hope it is, but I’m looking for expanded documentation on Exchange objects as they appear in powershell.For just one example: mailbox objects. Of course I can pipe mailbox objects into | get-member to see what all the various properties of a mailbox object are, but I’d like to know more about what each of those properties MEANS, what Exchange “uses” it for, how it relates to other objects, etc. and be able to infer from that information why I might care? For example, I’ve just discovered some mailboxes on my Exchange server (on prem) whose “ServerName” property refers to a long ago decomissioned server that I replaced with a differently named server (DAG is in play). So I’m curious about the usage of the ‘ServerName’ property in Exchange mailboxes. All the mailboxes are working fine (at least as far as I can see) so I don’t think I have a “problem” that needs to be solved. It just made me want to find detailed/expanded documentation about mailbox properties and methods, and for other object classes as well.TIARobert Read More
Year in review: How Microsoft Copilot, Microsoft Teams, and our partners built a stronger ecosystem
As 2023 winds down, it’s incredible to reflect on all the progress we’ve made across the Microsoft 365 ecosystem this year. Above all, I want to thank our customers for trusting Microsoft Teams to be your tool and platform for collaboration and communication. I’m proud to report that tens of millions more people adopted Teams this year, including the new version released in October. Microsoft Teams now has over 320 million monthly active users.
I also want to share my deep gratitude with the independent software vendors (ISVs), system integrators, and enterprise developers who have partnered to help build our Teams ecosystem. Thanks to your investment, there are now more than 2,000 apps in the Teams store and over 145,000 custom line-of-business (LOB) apps built by enterprises.
This year’s biggest news was the introduction of Microsoft Copilot, your powerful new AI assistant for work. Microsoft Copilot for Microsoft 365 became generally available Nov.1, and we’re ensuring that your investment in Teams provides the foundation for Copilot extensibility, which allows you to augment Copilot with custom skills and bring its capabilities to your apps. Organizations with Copilot for Microsoft 365 can opt into the public preview for extensibility.
As we look forward, I want to share key resources we’ve created for ISVs and enterprise developers so that you can plan how you’ll harness the power of AI by extending Copilot. I also want to highlight a few fantastic Teams apps that can help enterprises improve their end-of-year operations, recognize outstanding employees, and kick off next year with renewed purpose.
Tips for extending Copilot for Microsoft 365 using Microsoft Graph connectors
In 2024, enterprise adoption of Copilot for Microsoft 365 will gain increasing momentum, and enterprise developers and ISVs must prepare accordingly. You can extend Copilot two ways: plugins and connectors. First, we’ll cover Microsoft Graph connectors, which bring information and content from external data sources into Microsoft Graph, enhancing the knowledge layer and grounding Copilot’s responses in more of your unique context. This extensibility option, which is generally available, also helps users discover more of your organization’s content across Microsoft 365 experiences, like Microsoft Search.
For example, in early spring 2024, Copilot users will be able to search for and summarize content from Lucidspark’s virtual whiteboards and Lucidchart’s intelligent diagramming, bringing natural language processing to a new level. Lucid will achieve that new capability by extending Copilot with Graph connectors, making it possible to reason over the various data properties in the whiteboard or diagram and answer complex user questions. Information such as the content of Lucid canvases, the date the Lucid document was created or modified, the author, and other relevant fields will be ingested via Graph connectors to surface rich insights to users. Content ingested from Graph connector data will be linked in Copilot’s references, allowing users to link back to the original Lucid whiteboard or diagram.
Visit Microsoft’s new developer portal to learn more about how to get started building Graph connectors, or check out this quick start guide. You can download solutions from the Sample Solution Gallery, and go to the Microsoft 365 Developer YouTube channel for videos on best practices. You can also review the list of all published Graph connectors that have been enabled for use with Copilot.
Tips for extending Copilot for Microsoft 365 with plugins
You can also extend Copilot using plugins. A powerful way to create a plugin is to use Teams message extensions, which can retrieve external data, analyze and summarize information, and allow users to take actions via Adaptive Cards in Teams. Developers can now create message extensions using Teams Toolkit for Visual Studio and Visual Studio Code. For existing message extensions, make sure app manifests are updated.
We have a wealth of resources to help developers build best-in-class plugins and successfully extend Copilot.
Follow our guide for building high-quality plugins.
Build plugins with low code, or create your own enterprise copilots, with Microsoft Copilot Studio.
Check out best practices for designing Adaptive Cards and Teams task modules to set the stage for great plugins.
Develop an expertise in prompt design and engineering to increase the accuracy of responses from large language models (LLMs).
Set up a dev environment by applying for the Microsoft 365 Developer Technology Adoption Program, which has a limited number of Copilot licenses available for ISVs to purchase in private preview.
How Teams AI library enables intelligent apps
Enterprises and ISVs can also begin their AI journey by using Teams AI library, in public developer preview, to streamline the development of intelligent apps using APIs, controls, and prebuilt code. Ramp, an ISV that automates finances and expense management, used the AI library to map user intent to actions inside the Ramp experience extremely quickly, without requiring custom prompt engineering or manual LLM calls. The API also makes it simple to add actions to Ramp’s Teams app with very little development effort.
The resulting integration with Teams removes friction from traditional financial workflows and unlocks significant productivity gains—ultimately making finance simpler and more efficient.
“Ramp is here to redefine the status quo and make finance simple, so businesses can focus on work that matters,” says Eric Glyman, CEO of Ramp. “Simplicity and ease-of-use are at the heart of what our customers love about Ramp—from intelligent routing for the right approvals, to automatically matching receipts to transactions, to maintaining effective controls. By seamlessly integrating with Teams, we make intelligent financial tools available where hundreds of millions of people do their best work every day.”
Ramp has also taken the next step by integrating with Copilot, providing each employee with a finance assistant that can complete expense workflows on their behalf, give instant insight into spending trends, and answer expense policy questions.
Teams apps to improve year-end activities and jumpstart 2024
With the year wrapping up, I’d also like to highlight some Teams apps that can improve recognition programs for outstanding employees in 2023 or help refine business operations for 2024, starting with another look at Ramp.
In addition to accelerating day-to-day tasks, Ramp’s integration with Copilot also fosters more strategic, data-backed thinking and decision-making. With deep insight into the financial inner workings of your business, the Ramp plugin is an invaluable partner to finance teams planning, tracking, and managing budgets as we approach 2024. For example, finance managers planning travel and entertainment budgets can use Ramp to understand how much their company spent on hotels last year and adjust their forecasts based on the data.
Achievers for Teams: Celebrate moments that matter
As the pace of work accelerates, Achievers for Teams helps customers simplify employee engagement by merging the employee experience into the daily flow of work, and by leveraging a tool that employees already use and love—Microsoft Teams. This extends the value of employee engagement strategies and increases a sense of belonging by embedding recognition opportunities throughout daily routines.
“The Achievers for Teams app allows us to bring recognition into the flow of an employee’s normal course of work,” says Michael Cohen, Chief Product Officer at Achievers. “With so many employees spending the bulk of their day in communications tools like Teams, the ability to send and receive recognition from within the application allows us to meet employees where they are and to encourage culture-building without ever leaving the Teams app.”
Organizations that have implemented the Achievers for Teams integration have seen significant increases in the number of recognitions sent and higher overall employee engagement versus those without the integration.
Enterprises can also use Achievers to amplify year-end recognition initiatives, utilizing key functions like celebrating moments that matter where and when they occur by sending social or points-based recognitions within Teams. Points-based recognitions are redeemable for rewards employees actually want. Achievers is an industry leader with a marketplace of over 3 million rewards and 2,500 global brands—with local fulfillment partners that ensure speedy and reliable delivery in over 190 countries, all backed by award-winning customer service.
BHN Rewards: Simplify worldwide gifting to incentivize employees
According to BHN’s 2022 Employee Incentives Report from NAPCO Research, 83 percent of employees say that getting rewards improves their productivity and loyalty. Gift cards and prepaid cards are the most requested option (cited by 90 percent).¹ BHN Rewards for Teams makes it easy to give employees what they want while also simplifying budget controls, international rewarding, and reward tracking.
Users can send rewards during live virtual meetings or in one-on-one chat messages, and the reward announcement can be easily shared to Teams channels as well. The option to deliver rewards publicly—even among remote, hybrid, and global teams—amplifies the impact because colleagues can see and comment on the recognition. Recipients can easily claim their digital gift card or prepaid card with just a few clicks.
With the exponential rise in remote employees and global workforces, delivering end-of-year staff appreciation gifts and honoring top performers has gotten more complicated for a lot of enterprise companies. But with BHN Rewards for Teams, those rewards can be sent on the spot during virtual department meetings or holiday gatherings, making them simple, meaningful, and effective worldwide.
Matter for Teams: Give customizable kudos to revolutionize recognition
Matter for Teams starts by creating a recognition habit called Feedback Friday, where employees are automatically encouraged and guided to provide kudos to their peers. Enterprises can utilize Matter’s templating system to create fully customizable kudos templates to match your company’s brand, company values, or special events. Matter’s rewards platform includes gift cards and donations from 1,500+ merchants in 80+ countries, and you can create your own company rewards store for items like merchandise or a PTO day.
“Matter for Teams has made employee recognition and rewards fun and easy to use right where you work,” says Matter CEO Brett Hellman. “Within weeks, 83 percent of employees actively engage in peer-to-peer recognition, all from automatic reminders. This uptake highlights Matter’s effectiveness in fostering a culture of appreciation. It’s not just about software; it’s about revolutionizing how we recognize and reward our teammates.”
Use Matter’s analytics tools to understand engagement and recognition patterns. This data can inform HR and management about the effectiveness of recognition strategies, employee morale, and areas needing improvement. When the year ends, you can use Matter’s powerful analytics to find which employees received the most recognition for a particular company value or theme and then reward these employees virtually in your Matter Teams channel or in real time.
Find out more about the apps highlighted above at the Achievers website, the BHN Rewards website, the Lucid website, the Matter website, and Ramp’s website and Teams integration site.
Maximize your investment in Copilot and Teams in 2024
Check out these resources for more on how to get started with Copilot and make the most of your investment in Teams apps:
Extend Copilot for Microsoft 365 by building Teams message extensions and Graph connectors.
Try Copilot Studio, an intuitive and low-code integrated design studio experience, to build plugins or your own enterprise copilots.
Access other Copilot resources like code samples and training videos on Microsoft Learn.
Build collaborative apps for Teams to give customers an experience they’ll love and provide the stepping stone for AI assistants that work alongside Copilot.
We love sharing partner success stories. If you have a story, please contact us.
¹2022 Employee Incentives Report, NAPCO Research and BHN. March 2023.
Microsoft Tech Community – Latest Blogs –Read More
Error Logs for Azure Database for MySQL – Flexible Server (Preview)
We’re thrilled to announce the public preview of the Error Logs feature for Azure Database for MySQL – Flexible Server! This feature empowers you to gain direct access to MySQL error logs, significantly enhancing your troubleshooting capabilities and providing transparency and independence in managing your database environment.
Note: The Server Logs feature, including Error Logs, is available for all new servers created after November 14th, 2023. For existing servers, this feature will be made available after their next scheduled maintenance estimated to be performed in January 2024.
Key Benefits
Key benefits associated with the Error Logs feature include:
Efficient troubleshooting: You can maintain MySQL error log files under Server Logs feature and download them for up to 7 days, enabling efficient issue identification and resolution.
Enhanced security: You can use Error Logs to proactively detect and respond to unauthorized access attempts, failed login attempts, and other security-related events.
Increased transparency: Enabling exposure of MySQL error logs in the Azure portal allows for a user-friendly interface to monitor your workload and troubleshoot issues.
Enabling the Error Logs feature:
To enable the Error Logs feature, perform the following simple steps:
In the Azure portal, navigate to your instance of Azure Database for MySQL – Flexible Server.
On the Monitoring tab, select Server Logs.
On the Server Logs page, select the Enable and Error Logs checkboxes, and then select Save.
Alternatively, you can enable Error Logs by configuring the following server parameters via the Azure portal or Azure CLI:
error_server_log_file: This server parameter, when set to ON, allows you to expose error logs as downloadable files from the Azure portal and Azure CLI.
log_output : Setting the value to FILE will enable the Server Logs feature on your MySQL flexible server.
Conclusion
Gain enhanced transparency, troubleshoot with ease, and proactively secure your database environment by leveraging the Error Logs feature. You can learn more about the feature, including limitations during public preview, in our service documentation.
We invite you to explore and provide your valuable feedback as we continue to refine this feature. If you have any questions or suggestions, feel free to leave a comment below or reach out to us at AskAzureDBforMySQL@service.microsoft.com.
Happy troubleshooting!
Microsoft Tech Community – Latest Blogs –Read More
msdb..backupfile table in SQL 2019
Hi,
I used to query msdb..backupfile table to get database file level backup size or backup page counts. But in SQL 2019 backup_size column or backup_page_count columns are either 0 or showing very less value as compared to actual data. Kindly advice if there has been any changes in these tables in SQL 2019 as in earlier version we could use this table to check database file growth but in SQL 2019 this data is not of relevance for DB files growth estimation.
Hi, I used to query msdb..backupfile table to get database file level backup size or backup page counts. But in SQL 2019 backup_size column or backup_page_count columns are either 0 or showing very less value as compared to actual data. Kindly advice if there has been any changes in these tables in SQL 2019 as in earlier version we could use this table to check database file growth but in SQL 2019 this data is not of relevance for DB files growth estimation. Read More
December 2023 – Microsoft 365 US Public Sector Roadmap Newsletter
Newsworthy Highlights
Preparing for Security Copilot in US Government Clouds
With the announcement of Security Copilot back in March, there has been a growing demand to understand and expand the role of machine learning (ML) in security. This demand is especially apparent in the US government space, where these advancements have a direct impact on national security.
Microsoft Collaboration Framework for the US Defense Industrial Base
For most organizations, managing users in a single tenant provides them with a unified view of resources and single set of policies and controls that enable a consistent user experience. Microsoft recommends a single tenant model when possible, and many of the cloud services are designed for a single tenant. However, a single tenant is not always possible. Multi-tenant organizations (MTO) may span two or more M365 and Entra ID tenants – resulting in unique cross-tenant collaboration and management requirements. In addition, external collaboration extends beyond the tenant to partners and other parties that are not under organizational control.
Microsoft 365 Government Community Call
Join Jay Leask and other members of the Government Community live on LinkedIn!
Where to Start with Microsoft Teams Apps in Gov Clouds
Customers in our Office 365 government clouds, GCC, GCCH, and DoD, are continuing to evolve how they do business in the hybrid workplace. As Microsoft Teams is the primary tool for communication and collaboration, customers are looking to improve productivity by integrating their business processes directly into Microsoft Teams via third-party party (3P) applications or line-of-business (LOB)/homegrown application integrations.
Microsoft 365 Government Adoption Resources
Empowering US public sector organizations to transition to Microsoft 365
What’s New in Microsoft Teams | Microsoft Ignite 2023
Teams Connect shared channels in GCCH & DoD – Work seamlessly and securely with those inside and outside your organization. With Microsoft Teams shared channels, multiple organizations can work together in a shared space – have conversations, schedule a meeting, share, and co-author files, and collaborate on apps, without ever switching tenants.
Release News
Teams
Audio Conferencing custom policies and multiple toll and toll-free dial-in phone numbers in meeting invites – GCCH & DoD November
Voice isolation in Microsoft Teams – GCC
One Time Passcode (OTP) for simplified setup of Teams Rooms on Windows – GCC
Manage Microsoft Surface Hub as a Teams Rooms on Windows device – GCC and GCCH
Exchange Online
Outlook: MIP Label Support for Events on Android
Auditing Deletions of Exchange Online Public Folders
FindTime add-in is being removed and replaced with Scheduling Poll
Purview
New Microsoft Graph APIs for retention labels in SharePoint and OneDrive
eDiscovery: New cmdlet for hold removal – GCC and GCCH
Enhancements to endpoint DLP for macOS
Policy conditions improvements are now rolled out to Public Preview
Manage Audit permissions from Purview Compliance Portal
References and Information Resources
Microsoft 365 Public Roadmap
This link is filtered to show GCC, GCC High and DOD specific items. For more general information uncheck these boxes under “Cloud Instance”.
Stay on top of Microsoft 365 changes
Here are a few ways that you can stay on top of the Office 365 updates in your organization.
Microsoft Tech Community for Public Sector
Your community for discussion surrounding the public sector, local and state governments.
Microsoft 365 for US Government Service Descriptions
· Office 365 Platform (GCC, GCCH, DoD)
· Office 365 U.S. Government GCC High endpoints
· Office 365 U.S. Government DoD endpoints
· Microsoft Purview (GCC, GCCH, DoD)
· Enterprise Mobility & Security (GCC, GCCH, DoD)
· Microsoft Defender for Endpoint (GCC, GCCH, DoD)
· Microsoft Defender for Cloud Apps Security (GCC, GCCH, DoD)
· Microsoft Defender for Identity Security (GCC, GCCH, DoD)
· Azure Information Protection Premium
· Exchange Online (GCC, GCCH, DoD)
· Office 365 Government (GCC, GCCH, DoD)
· Power Automate US Government (GCC, GCCH, DoD)
· Outlook Mobile (GCC, GCCH, DoD)
Be a Learn-it-All
Public Sector Center of Expertise
We bring together thought leadership and research relating to digital transformation and innovation in the public sector. We highlight the stories of public servants around the globe, while fostering a community of decision makers. Join us as we discover and share the learnings and achievements of public sector communities.
Microsoft Teams for US Government Adoption Guide
Message Center Highlights
SharePoint Online / OneDrive for Business
MC694651 — Graph Connector Content Results Experience Switches to Results Inline in All Vertical
30-60 Days
Microsoft 365 Roadmap ID 189062
You will soon see Graph Connector results merged inline in the All vertical on SharePoint (organization level) and Office.com. This means that your users will experience Graph Connector results seamlessly integrated with Microsoft content instead of the current result cluster experience which is bound to a fixed place in the middle of the page and has a maximum of two results from a single custom vertical.
With inline Connector results, your users can see as many relevant Connector results as retrieved and ranked for each individual query and determined by underlying AI-based search and ranking system. Users can also use the pagination elements at the bottom of the search result page to browse through results that can include connected content or use the Last Modified- and File Type-filters to refine their search for connected content.
When this will happen:
We will begin rollout in early December 2023 and expect to complete rollout by end of January 2024.
How this will affect your organization:
Migration:
In the admin center, you will see a new panel for managing connection results in the All vertical (Search & Intelligence > Customizations > Verticals > All > Manage connection results).
The Show results inline option will be selected by default, and all connections that are currently linked to an enabled vertical will be checked for All vertical participation.
What you need to do to prepare:
You can enable other connections too by going to the panel and selecting them from the list shown in the panel. You do not need to create a custom vertical for a connection to make it available it the All vertical.
If you are not satisfied with the experience and want to revert back to Result clusters, you can do so in the same Manage connection results panel.
Note: If you are using KQL queries on custom verticals, Show results in a cluster will be selected by default upon migration. This is because while result clusters bring content from custom verticals into the All vertical (and thus honor KQL queries), inline merged connector results do not honor vertical-specific KQLs and will show all items that are searchable for the user from the connected data source.
If you have any concerns, please reach out to MicrosoftGraphConnectorsFeedback@service.microsoft.com.
MC694376 — SharePoint Hub analytics in US Government Clouds
>60 Days
Microsoft 365 Roadmap ID 187092
With this update, existing SharePoint Hub analytics features will also be available to customers in US government clouds.
When this will happen:
Standard Release: We will begin rolling out in mid-December 2023, and will complete by late March 2024.
How this will affect your organization:
The new analytics functionality will be accessible through the “Site Usage” option for all sites associated with a hub site. Users who have access to hub analytics as mentioned in: View usage data for your SharePoint site will be able to see #Views, #Viewers, Avg time spent at a SharePoint Hub level. Additionally, these users will also see popular content in the last 7 days across the hub.
What you need to do to prepare:
You may consider updating your training and documentation as appropriate.
MC693865 — SharePoint Add-In retirement in Microsoft 365
>365 Days
Since the release of SharePoint Add-Ins in 2013, Microsoft has evolved SharePoint extensibility using SharePoint Framework (SPFx) enabling you to write applications that can be used in Microsoft SharePoint, Viva Connections and Microsoft Teams. With our continued investment in SharePoint Framework, Microsoft is retiring SharePoint Add-Ins.
Key Points:
Major: Retirement
Timeline:
Starting July 1st, 2024, SharePoint Add-Ins cannot be installed from the public marketplace, also referred to as store by existing tenants. Installation from a private tenant catalog stays possible.
Starting November 1st, 2024, new tenants will not be able use SharePoint Add-Ins, regardless of their origin (public marketplace, private tenant catalog).
Starting April 2nd, 2026, Microsoft will remove the ability use SharePoint Add-Ins for existing tenants.
Action: Review and assess impact
How this will affect your organization
If your organization still uses SharePoint Add-Ins, they will no longer function after April 2nd, 2026. We recommend customers to port their customizations to SharePoint Framework (SPFx) and ask their solution vendors for updated solutions.
What you need to do to prepare
You will want to notify your Add-In users and developers. Update your user training and prepare your help desk.
For admins
Use the Microsoft 365 Assessment tool to scan your tenants for SharePoint Add-In usage.
Review the guidance for migrating from SharePoint Add-Ins to SharePoint Framework.
There will not be an option to extend SharePoint Add-Ins beyond April 2nd 2026.
Learn more
Support update for the retirement of SharePoint Add-Ins in Microsoft 365.
MC693863 — Azure ACS retirement in Microsoft 365
>365 Days
Since the first use of Azure ACS (Access Control Services) by SharePoint in 2013, Microsoft has evolved the authorization and authentication options for SharePoint Online via Microsoft Entra ID (a.k.a. Azure AD). Using Microsoft Entra ID as auth platform for your SharePoint Online customizations will provide your applications the most secure, compliant and future proof model. With our continued investment in Microsoft Entra ID, Microsoft is retiring the use of Azure ACS as auth platform for SharePoint Online.
Key Points:
Major: Retirement
Timeline:
Starting November 1st, 2024, new tenants will not be able use Azure ACS.
Starting April 2nd, 2026, Microsoft will remove the ability use SharePoint ACS for existing tenants.
Action: Review and assess impact
How this will affect your organization
If your organization still uses Azure ACS to grant custom developed or third party applications access to SharePoint Online, they will no longer have access after April 2nd, 2026. We recommend customers to update their customizations to use Microsoft Entra ID and ask their solution vendors to do the same.
What you need to do to prepare
You will want to notify your Azure ACS users and developers. Update your user training and prepare your help desk.
For admins
Use the Microsoft 365 Assessment tool to scan your tenants for Azure ACS usage.
Review the guidance for migrating from Azure ACS to Microsoft Entra ID.
There will not be an option to extend Azure ACS usage for SharePoint Online beyond April 2nd 2026.
Learn more
Support update for the retirement of Azure ACS for SharePoint Online in Microsoft 365.
MC689500 — (Updated) OneDrive Open in App availablility
30-60 Days
Microsoft 365 Roadmap ID 124813
Updated November 17, 2023: We have updated the content below with additional information.
In the same way that you can open a Word, PowerPoint, or Excel file in their respective desktop apps, you can now open any file in its desktop app, edit it, and the changes will sync to OneDrive. From OneDrive’s My Files or Sharepoint’s Documents, users can now select Open In App to open a file in its native app.
Note: this feature is powered by OneDrive’s Sync Client – it requires having it installed on the user’s machine. In case it’s not running it will start it.
When this will happen:
Targeted Release: We will begin rolling out in mid-November 2023.
Standard Release: We will begin rolling out in early December 2023 and expect to complete by late January 2024.
How this will affect your organization:
Users can open any file in its desktop app, edit it, and the changes will sync to OneDrive.
Note: You may encounter unexpected behavior when opening a file that depends on other files. We recommend syncing the containing folder using Add shortcut and trying again.
What you need to do to prepare:
You may consider updating your training and documentation as appropriate.
MC686278 — (Updated) SharePoint: Out-of-the-box document library templates
Rolled Out
Microsoft 365 Roadmap ID 124879
Updated November 7, 2023: We have updated the content below with additional information.
We are bringing the goodness of templates to SharePoint document libraries. Creating document libraries will now be a breeze with our ready-made templates with scenario relevant structure, metadata, and content types – all to save you time and maintain broader consistency across your content management organization.
When this will happen:
Targeted Release: early November 2023
Standard Release: mid-November 2023
How this will affect your organization:
We are rolling out a brand-new Document library creation experience that will be available in two locations:
SharePoint Home > New > Document library
SharePoint Site > Site contents > New > Document library
With the new experience you will be able to create Document libraries in different ways:
Blank library: this experience will replicate the current library creation experience where a document library will be created with the basic columns of Name, Modified and Modified by.
From existing library: this experience will allow you to choose any document library from a site you have access to, and replicate the structure, formatting, metadata and content types in a new document library. [please note that data will not copy over, only the structure will]
From templates: we have three brand new templates for you: Media library, Invoices and Learning. Each template will come with a pre-defined schema, formatting, views etc. to kickstart your content management journey!
Flows packaged into the out-of-the-box-templates: the Media Library and Invoices templates also come with pre-packages Flows that can be skipped or completed depending on the user’s needs.
Disabling out-of-the-box templates
You can disable the out-of-the-box templates by running the following PowerShell command, while connected as a Global Administrator or SharePoint Administrator:
Set-SPOTenant -DisableModernListTemplateIds ‘<template ID>’
Where the template ID is:
Media library: 7fdc8cba-3e07-4851-a7ac-b747040ff1ce
Learning: 2a31cc9a-a7a2-4978-8104-6b7c0c0ff1ce
Invoices: cb3f4b1a-d4d8-40b3-a3e8-c39c470ff1ce
To re-enable a built-in template, use the parameter EnableModernListTemplateIds.
When all three templates are disabled, the creation dialog will look as follows to users:
What you need to do to prepare:
Consider educating users that there are now more ways to create a Document Library.
Power Platform
MC691817 — Power Platform admin center – Automatic deletion of inactive developer and Dataverse for Teams environments
<30 Days
We are introducing cleanup automation that will remove inactive Dataverse for Teams and developer environments from your tenant (e.g. entry points like the Power Apps Maker Portal and Power Platform admin center).
This change will begin rolling out in the first week of December 2023.
How does this affect me?
Inactive environments will be disabled after 90 days of inactivity. Once the environment has been disabled for 30 days, if no action is taken by admins, the environment will be deleted.
This cleanup will not affect any of your other Microsoft Teams resources (e.g. Teams, channels, SharePoint sites). This action only applies to Dataverse integrations.
What action do I need to take?
In preparation for this activity, please review your Dataverse for Teams and developer environments for activity and take action on any environments at risk for disablement that are required to remain active.
For more information, please contact Microsoft Support and review the following articles:
Automatic deletion of inactive Microsoft Dataverse for Teams environments
Definition of user activity
MC690931 — Important Security Update for Custom Connectors using OAuth 2.0 authentication
>60 Days
We have changed the way the Custom Connectors feature using OAuth 2.0 works in Microsoft Power Platform and Azure LogicApps. In addition to displaying an anti-phishing page for custom connectors that share a single redirect URI, we have rolled out a change where all newly created custom connectors will automatically have a per-connector redirect URI when selecting OAuth 2.0 as the authentication method. We have also deployed a change to allow you to modify existing custom connectors to use a per-connector redirect URI in the Custom Connector portal, under the Security tab.
What action do I need to take?
We recommend that you update your existing connectors that use OAuth 2.0 to authenticate to use a per-connector redirect URI to ensure the highest level of security and user experience.
If you created your custom connectors with the web interface, edit your custom connectors, navigate to the “Security” tab, and check the box “Update to unique redirect URL,” and save to enable the per-connector URI.
If you created your custom connectors with multi-auth using the command line interface (CLI) tool, you need to update your connector using the CLI tool to set “redirectMode”: “GlobalPerConnector”.
Once the custom connectors have been updated to use the per-connector URI (either through the setting in the Security tab or using CLI tool), you should remove the global redirect URI from your oauth2 apps, and add the newly generated unique redirect URL to your OAuth 2.0 apps.
We will also be enforcing this update for existing custom connectors starting February 17, 2024, and any custom connector that has not been updated to use a per-connector redirect URI will stop working for new connections and show an error message to the user.
If you have any questions or feedback, please contact custom support, and reference ICM414775535.
Microsoft Viva
MC695494 — Audit – New Microsoft Viva Engage Logs for Microsoft Purview Audit Standard Users
<30 Days
Microsoft 365 Roadmap ID 180741
Microsoft Purview is expanding access to wider cloud security events for Microsoft Viva Engage (formerly known as Yammer). As part of the changes, standard users of Purview Audit will begin to generate 6 new Microsoft Viva Engage events that were previously generated only for Audit Premium licensed users. The following events will now be provided for all Audit Standard users:
ThreadViewed
ThreadAccessFailure
MessageUpdated
FileAccessFailure
MessageCreation
GroupAccessFailure
When this will happen:
Rollout will begin in early December 2023 and is expected to be complete by late December 2023.
How this will affect your organization:
All Audit Standard users will begin to generate the following:
ThreadViewed
ThreadAccessFailure
MessageUpdated
FileAccessFailure
MessageCreation
GroupAccessFailure
What you need to do to prepare:
No special activation instructions for Microsoft Viva Engage event activation.
MC692757 — Viva in the left rail
<30 Days
The Viva Admin experience is moving from the Setup tab into the Settings tab in the left rail under “Viva”. It can now be found as below:
Previously the Viva Admin experience was found in the setup tab as seen below:
When this will happen:
Standard Release: We will begin rolling out late November 2023 and expect to complete by late December 2023.
How this will affect your organization:
There is no action change to for the organization or admins. There is a new location to access Viva Admin Experience.
What you need to do to prepare:
No action is required to prepare.
MC682303 — (Updated) People Search Card in Viva Connections
Rolled Out
Microsoft 365 Roadmap ID 173078
Updated November 7, 2023: We have updated the rollout timeline below. Thank you for your patience.
Viva Connections have a new card where admins now have the option to incorporate a new people search card for their organization. This card enables colleagues to effortlessly search for and communicate with one another within the organization using Teams chat and email.
When this will happen:
Standard Release: We will begin rolling out in late October and expect to complete by mid-November 2023 (previously early November).
How this will affect your organization:
This feature will not affect any existing functionality. It’s an additional card which organizations can choose to use.
What you need to do to prepare:
No configuration needed. Just add the card and your organization should be able to use it in Viva Connections across all devices.
MC676544 — (Updated) Viva Connections “Top News” Card Updated to Include More News Source Options
Rolled Out
Microsoft 365 Roadmap ID 173074
Updated November 7, 2023: We have updated the rollout timeline below. Thank you for your patience.
Improvements are coming to the Viva Connections Top News Card, which will be rebranded as the “News Card.” These enhancements will introduce greater configurability and the ability to create multiple News Card instances, while the default configuration will remain consistent with the Top News Card.
When this will happen:
We will begin rolling out in mid-October 2023 and expect to complete rollout by late November 2023 (previously late October).
How this will affect your organization:
News Source Customization: You can now tailor the News card to display news from specific sources or a list of chosen sites within your organization. This is in addition to the default configuration, which features only boosted news as earlier. This improvement enables you to focus on news relevant to specific areas of your organization, ensuring that your end users stay well-informed.
Multiple News Card Instances: The updated News card allows you to create multiple instances with different settings, letting you curate news experiences for various purposes within your organization. For example, you can have one card named “Top News” with the default configuration, a second card with a custom name that specifically displays HR news from relevant intranet/SharePoint sites, and a third card for “Leadership News,” etc.
What you need to do to prepare:
If you are an existing user of Top News card, it will continue to work as-is without any action required from your side. However, if you want to create multiple instances of the card with different news sources, you can do so with this update.
MC662248 — (Updated) Update Search Experience for Viva Connections
<30 Days
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
We are making some changes to the search experience in Viva Connections app to make it easier to search in Viva Connections.
When this will happen:
Standard Release: Rollout will begin in early August and is expected to be complete by late September.
GCC: Rollout will begin in late September and is expected to be complete by early October.
GCC High: Rollout will begin in early October and is expected to be complete by mid-December 2023 (previously late November 2023).
How this will affect your organization:
With the changes, when you use Viva Connections and click into the search box in Teams, you will start to see the text change to “Search in Viva Connections” (or the name you chose for your Viva Connections app). You will continue to get the same suggestions as before with chats, people, etc. and clicking these will continue to take you to the corresponding Teams experience.
As you type, you will notice that the search suggestions will show two new lines in the list that appears under the search box: first one (the default option) to search in Viva Connections, and the second one to search in the rest of Teams.
If you select enter (or choose the first suggestion), you will be taken to a workplace search experience similar to the one you might already experience on your intranet corporate portal. If you’d rather go to the search results page of Teams, choose the second suggestion.
What you need to do to prepare:
You may want to notify your users about this change in the search experience while in Viva Connections.
Note: These changes are rolling out first to the current version of Teams and will be coming to the “New Microsoft Teams App” in the coming months.
Microsoft Teams
MC695724 — Announcing general availability of the new Microsoft Teams app for virtual desktop infrastructure.
Rolled Out
Today, we’re announcing the general availability of the new Microsoft Teams app for Windows in virtual desktop infrastructure (VDI) environments.
When this will happen
New Teams is generally available our virtual desktop infrastructure (VDI) customers now.
How this will benefit your organization
Today, we’re excited to announce the general availability of new Teams for our Virtual Desktop Infrastructure (VDI) customers. New Teams now has full feature parity for almost all features in the classic Teams for VDI.
We announced the general availability of the new Teams desktop app for Windows and Mac on October 5, 2023. On the same date, we also announced the public preview of the new Teams app for Virtual Desktop Infrastructure (VDI). Read the message center post MC678853 for details of our public preview announcement.
How this will affect your organization:
The classic Teams in VDI will reach end of support on June 30th, 2024, after which users will not be able to use the classic Teams and will be asked to switch to new Teams app. Therefore, we recommend you update to new Teams today.
Our Citrix customers must add an additional registry key to the VDAs, see here for more information and the minimum versions needed.
Customers who use Azure Virtual Desktops, Windows 365, or VMware can keep the WebRTC Redirector Service and Horizon Agent as they are, as long as they meet the minimum version requirements listed here.
Administrators who have the ‘Use new Teams client’ setting in the Teams update policy set to ‘Not enabled’, please act and choose the correct value for this policy as explained here. For a better experience, we suggest choosing ‘New Teams as default’ or ‘Microsoft controlled’.
Classic Teams users in persistent VDI environments (with the per-user install) will be automatically updated to new Teams in the coming months. For non-persistent VDI environments, IT Admins would still have to update the golden or master image with the new Teams client, and either can have it run together with classic Teams so users can switch between them or fully uninstall classic Teams (known as rip and replace).
To learn more about how you can deploy new Teams in your organization, visit the new Teams VDI page.
MC695504 — Decorate your background in Teams Meetings (Premium)
30-60 Days
Microsoft 365 Roadmap ID 126123
Teams Premium users will be able to use “Decorate your background,” leveraging gen-AI to augment your real-life surroundings. It creates a personalized atmosphere for your video calls.
Users can access this feature in 2 ways:
Before a meeting starts on the pre-join screen, select Effects and Avatars > Video effects and select “Decorate” button, which will allow you to start generating new backgrounds.
During a meeting, you can select an animated background by clicking More > Effects and Avatars > “Decorate” button from backgrounds section.
When this will happen:
Targeted Release: We will begin rolling out early December 2023 and expect to complete by mid-December 2023.
Standard Release: We will begin rolling out early January 2024 and expect to complete by mid-January 2024.
How this will affect your organization:
“Decorate your space” transforms meeting background into something special, seamlessly blending with user’s real-life surrounding, creating a personalized atmosphere for video calls.
What you need to do to prepare:
You may consider updating your internal documentation to inform users that the feature is now available for Teams Premium users.
MC695502 — IntelliFrame experiences on new Teams app and Recognition expansion
30-60 Days
Microsoft 365 Roadmap ID 161427
This is a two-part update, with:
IntelliFrame experiences availability on new Teams app for Desktop,
Expanding recognition support to cover scenarios such as meeting invite forwarding and Teams meeting nudge among others (Please See below for details)
IntelliFrame experiences from Edge cameras like Yealink Smartvision 60 are currently available on Teams Desktop platform. With this update, we want to announce the availability of IntelliFrame on New Teams app.
Recognition expansion: This update applies to both existing and new Teams desktop app. Previously recognition was only supported when an organizer invited the meeting room with Intelligent camera connected. With this update, we are able to support the following scenarios.
Meeting forward (both one time and recurring meetings)
Teams nudge (using Roster>add participant)
Join by meeting ID (Using MTR to join a meeting by ID)
Also, under “Recognition” feature, we heard our users and renamed unrecognized users from “Guest” to “Participant”. Moving forward, with this update anyone who is unrecognized will see their name label as “Participant.”
When this will happen:
Standard Release: We will begin rolling out mid-January 2024 and expect to complete by late January 2024.
How this will affect your organization:
IntelliFrame support on new Teams app, so users switching to new Teams app will be able to experience IntelliFrame from the MTR connected Intelligent cameras.
With additional recognition scenarios, users will be able to see their name labels generated across majority of meeting scenarios, with exceptions like multi-tenant meetings which are not supported yet.
What you need to do to prepare:
You may consider updating your training and documentation as appropriate.
MC695497 — Improved Frontline Workers Availability Preferences
30-60 Days
Microsoft 365 Roadmap ID 156952
We’re excited to announce significant product upgrades focusing on enhanced FLW Availability Preferences.
Frontline workers often balance various personal commitments and specific work-time preferences. Through shifts, FLWs can establish availability preferences for calendar dates alongside recurring days. This feature streamlines shift assignments for frontline managers, who can seamlessly assign shifts by reviewing these availability preferences within the Shifts app.
When this will happen:
Standard Release: We will begin rolling out mid-January 2024 and expect to complete by late January 2024.
How this will affect your organization:
Frontline Workers can set availability by specific date in addition to recurring days. If specific dates coincide with recurring ones, they can override the recurring schedule. As dates expire, the system automatically removes them. Users also have the option to manually delete dates they no longer need.
What you need to do to prepare:
There is nothing you need to do to prepare for these changes unless you choose to notify your frontline workers about these updates.
MC695495 — Tasks in my area or department (a mobile Planner in Teams feature)
<30 Days
Microsoft 365 Roadmap ID 135561
In the Tasks by Planner and To Do app in Microsoft Teams, buckets are a common way to organize tasks into different areas of work.
The mobile experience for the Tasks app in Teams will soon be updated to make it easier to filter to a specific bucket or set of buckets so that you can focus on the tasks in your area. We expect this simple user experience change to provide greater focus and greater productivity, while maintaining the familiar look and feel throughout the Tasks app.
Note: This change is specific to the Tasks by Planner and To Do app in Teams mobile.
When this will happen:
We will begin rollout in early December 2023 and complete by late December 2023.
How this will affect your organization:
Users of the Tasks by Planner and To Do app in Teams will see an updated experience when viewing a shared plan. It will make it easy to set a bucket filter to focus on tasks in their area or department.
What you need to do to prepare:
You may consider updating your training and documentation as appropriate.
MC695491 — Microsoft Teams: Assign staff and Duration for On-demand virtual appointments
30-60 Days
Microsoft 365 Roadmap ID 186560
The Virtual Appointments app provides a central hub for all your virtual appointments needs in Microsoft Teams. The app enables a seamless end-to-end experience for business-to-customer engagements.
On-demand virtual appointments enable customers and clients to meet with a staff member of a business without booking a schedule in advance
You can now enhance the efficiency of On-demand appointments by assigning specific duration and staff members to handle On-demand services. This will ensure that when an On-demand appointment is received, the designated staff member is promptly notified to attend to the appointment from the virtual appointments app.
When this will happen:
We will begin rolling out in early January 2024 and complete by late January 2024.
How this will affect your organization:
With Teams premium license, users can assign staff and duration to On-demand services.
What you need to do to prepare:
Add virtual appointments app to Teams left rail so users can access the app with ease.
Communicate to users how to utilize On-demand appointments to allow customers to meet with the organization without booking a schedule in advance.
Learn more about Teams Premium
MC694644 — Tags management settings now include option to exclude / include guests
<30 Days
We are introducing guest setting option in Tag management settings.
When this will happen:
Standard Release: We will begin rolling out early December 2023 and expect to complete by mid-December 2023.
How this will affect your organization:
In addition to the existing settings:
“Microsoft default”
“Team owners only”
“Team owners and members”
We are adding another option in the settings:
“Team owners, members and guests”
What you need to do to prepare:
If you do not wish for guests to be able to manage tags, no action is needed.
If you wish to allow guests to manage tags, as tenant Admin, please change your tag management settings to your “Team owners, members and guests” option setting.
Here are the steps you can take:
Sign into Microsoft Teams admin center at https://admin.teams.microsoft.com if you are a Teams admin.
In the left navigation pane under Teams section, select Teams settings.
Under Tagging section, select “Team owners, members and guests” option for “Who can manage tags.”
MC694389 — Listen to Multiple Channels on Teams Walkie Talkie
<30 Days
Microsoft 365 Roadmap ID 161725
With listen to multiple channels, users can now automatically listen to incoming transmission from their favorite channels one at a time.
When this will happen:
Standard Release: We will begin rolling out early December and expect to complete by mid-December 2023.
How this will affect your organization:
Users will now have the option to automatically hear incoming transmission from any of their pinned favorite channels. One by one, with the listen to multiple channels feature, without the need to switch channels manually.
What you need to do to prepare:
No action is expected from tenant admins at this time to enable the feature. Tenant admins should inform their users in their organization of this update. For additional information, please visit this documentation.
MC692466 — Remove Activity Feed Item in New Teams
>60 Days
Microsoft 365 Roadmap ID 181794
This feature will enable Teams users to delete/remove items from activity feed.
The Remove functionality can be found under the ellipsis menu in the activity feed:
After an activity feed item is removed, the user is informed through a toast notification.
When this will happen:
Targeted Release: We will begin rolling out mid-December 2023 and expect to complete by late December 2023.
Standard Release: We will begin rolling out early February 2024 and expect to complete by mid-February 2024.
How this will affect your organization:
There are no tenant level settings. Defaults will not change.
What you need to do to prepare:
You may want to notify your users about this change and update any relevant documentation as appropriate.
MC692025 — Microsoft Teams: Domain-specific search
<30 Days
Microsoft 365 Roadmap ID 181285
Users will be able to narrow down their search results and find what they are looking for faster. Get more precise search results by picking up a specific domain like files, group chat or Teams. You can find domain specific results by typing a person’s name also.
When this will happen:
Standard Release: We will begin rolling out early December 2023 and expect to complete by mid-December 2023.
How this will affect your organization:
The users in your organization will now be able to search faster in the Microsoft Teams. They can get more precise search results by picking up a specific domain like files, group chat or Teams. They can also find domain specific results by typing a person’s name.
What you need to do to prepare:
There’s not much preparation needed. You can simply let your colleagues know to use domain scoping for quicker searches in Microsoft Teams.
MC692021 — Microsoft Teams – Teams app on Teams Rooms on Android and paired Touch Consoles to be updated in sync
30-60 Days
Microsoft 365 Roadmap ID 174344
With this feature, the Teams app updates will happen in sync for Microsoft Teams Rooms (Android) and their paired touch consoles. This will be applicable for both manual and automatic updates done from Teams admin center.
When this will happen:
Standard Release: We will begin rolling out early December 2023 and expect to complete by early January 2024.
How this will affect your organization:
When this feature is rolled out to Teams admin center, the Teams app updates done for paired Microsoft Teams Rooms – Android (MTRoA) and their paired touch consoles will happen in sync. This feature is aimed at reducing efforts for admins and keeping the devices on same versions for a streamlined Teams experience.
For manual updates:
Currently, Teams device administrators have to schedule Teams app updates separately for MTRoA and touch consoles even if they are paired.
With this feature, whenever an update is being done for an MTRoA or a Touch console, the paired device will also be updated.
For automatic updates:
Automatic updates for MTRoA and their paired consoles will also happen in sync.
Automatic updates rollout according to the timeline dictated by the Update phases. Touch consoles will be updated according to the update phase of their paired MTRoA. So, there will be no impact if both devices are in the same phase. If they are in different phases, the MTRoA phase will take precedence.
Conditions for updates to happen together:
If MTRoA and the paired touch console(s) are on the same version and have an update available, they will both be updated in sync when one of them is updated.
If MTRoA and the paired touch console(s)are on different versions:
Manual updates: Administrators should ensure that the device(s) on the lower version are brought to parity for the devices to be updated in sync to the new version.
Automatic updates: The device(s) on the lower version will be first brought to parity automatically. Once the devices are on the same version, they will be updated to the new version together. In this scenario, the move to the new version may be delayed as the parity updates will happen first. This will be done to minimize conflicts between MTRoA and the paired console(s).
Tracking update status:
Administrators can track the status of these update operations from the ‘History’ section in the device page. Details for each operation will be shown in the relevant row, including if the operation was carried out for a paired device. Additional details for the operation are available on selecting the operation status.
What you need to do to prepare:
The administrators will not need to do anything to prepare. The changes will take effect automatically. The feature will have impact only when the Teams app is updated for MTRoA devices or touch consoles, either by the administrators or through automatic updates.
If the organization does not have any MTRoA devices in their inventory, they will not be impacted by this feature.
MC690922 — (Updated) Microsoft Teams: Updates to in-call user experience.
30-60 Days
Microsoft 365 Roadmap ID 141204
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
Microsoft Teams is making updates to in-call user experience on the mobile App. The Transfer, Share and Hold options will now be on the call stage. These updates will make it easier for users to access calling capabilities, redesigning user experience during calls.
When this will happen:
Standard Release: We will begin rolling out early January 2024 (previously early December) and expect to complete by late January 2024 (previously late December).
How this will affect your organization:
This update will only affect the calling user experience on Mobile App. Feature capabilities will remain the same.
What you need to do to prepare:
Update your version of the app.
MC690921 — Microsoft Teams Voice isolation
>60 Days
Microsoft 365 Roadmap ID 125387
With “Voice isolation”, you can enjoy clear and uninterrupted calls or meetings, no matter where you are. This feature uses AI to filter out all background noise, including other people’s voices. By leveraging your voice profile, this advance noise suppression capability ensures only the user’s voice is transmitted. Whether you are in a busy office, a noisy cafe, or a crowded airport, you can communicate with confidence and clarity. “Voice isolation” is powered by our advanced deep learning, speech services, and audio processing technology, and it shows our dedication to solving user problems with AI and enhancing audio quality and experience.
When this will happen:
Targeted Release: We will begin rolling out mid-January 2024 and expect to complete by mid-February 2024.
Standard Release: We will begin rolling out mid-February 2024 and expect to complete by late February 2024.
How this will affect your organization:
The Voice isolation feature will be enabled by default for your organization. End-users will need to enroll their voice profile via the Recognition tab under the Teams Global Device settings to enable the Voice isolation feature to have better audio input quality.
If you want to disable this feature for your organization, you will need to do so via PowerShell: Set-CsTeamsMeetingPolicy
What you need to do to prepare:
You should consider communicating this with your users and update training and documentation as appropriate.
MC690920 — New Shared display mode for BYOD meeting rooms
>60 Days
Microsoft 365 Roadmap ID 184363
The new Shared display mode provides users the ability to extend their Teams meeting via a pop-out view-only version of the stage onto the TV screen in BYOD meeting rooms. This mode ensures the meeting content is always extended to the front of the room for others to see. This gives the host of the room the peace of mind their desktop is for their viewing only, giving them the flexibility to multi-task or work privately on their host desktop.
When this will happen:
Targeted Release: We will begin rolling out early January 2024 and expect to complete by late January 2024.
Standard Release: We will begin rolling out late January 2024 and expect to complete by early February 2024.
How this will affect your organization:
Once this feature is fully rolled out, Users can go into the Room audio option on the pre-join screen and select the
Connected device shown. Once that is done, they can join the meeting as they normally would, and the Shared display mode will show up.
What you need to do to prepare:
You may consider updating your training and documentation as appropriate.
MC690612 — Teams Phone and Teams Rooms licenses in device store
<30 Days
Microsoft 365 Roadmap ID 180902
Teams certified devices enable equitable meetings and calling across spaces with inclusive, familiar, and high-quality audio and video, optimized for your organizational needs. Currently, the device store in the Microsoft Teams admin center enables IT admins to browse and purchase Teams certified devices. This feature update will enable global administrators to discover, try, and buy Teams Phone and Teams Rooms licenses from the device store in the Teams admin center.
When this will happen:
Standard Release: We will begin rolling out in late November and expect to complete the rollout by early December.
How this will affect your organization:
This new feature will appear in Teams admin center > Devices > Store and will allow global administrators to learn more about available licenses for Teams Rooms & Teams Phone and purchase them using the same payment and billing information setup in Microsoft 365 admin center.
Only global admins will have access to this feature, other admin roles will not see this feature in the Teams admin center. It does not impact end-users using the Teams app.
What you need to do to prepare:
You do not need to do anything to prepare. The feature is limited to the Teams admin center and can be accessed by ‘Global Administrators’ only.
MC690607 — (Updated) App name change for the Tasks by Planner and To Do app in Microsoft Teams to Microsoft Planner
TBD
Updated November 27, 2023: We have made the decision not to proceed with this change at this time. We will communicate via Message center when we are ready to proceed. Thank you for your patience.
We are updating the app name for the “Tasks by Planner and To Do” app in Microsoft Teams to “Planner” – all existing app functionality will remain the same.
When this will happen:
We will communicate via Message center when we are ready to proceed.
How this will affect your organization:
We are updating the app name for the “Tasks by Planner and To Do” app in Microsoft Teams to “Planner” – all existing app functionality will remain the same.
We don’t expect this change to impact any current user scenarios or functionality.
The name change is in preparation of the new Planner app in Microsoft Teams arriving in early 2024. The new Planner app will bring together your to-dos, plans, and projects into a single unified experience which is simple, flexible, scalable, and intelligent. You can find out more information here: https://aka.ms/thenewplanner
What you need to do to prepare:
Your organization should update any internal documentation which references the previous app name “Tasks by Planner and To Do” to use the new app name “Planner”.
Please review the linked announcement above in preparation to update any internal documentation to reflect the new Planner app experience arriving in early 2024.
MC690180 — Additional Teams Meeting Templates Added to Outlook Teams Add-In
<30 Days
Microsoft 365 Roadmap ID 181621
Virtual appointment, Webinar, and Town hall are Teams meeting templates that are accessible via the ‘New meeting’ dropdown menu in Teams Calendar App. We are now expanding how you can access these meeting templates by adding them to the meeting templates menu in the Outlook Windows client in the Teams Meeting Add-In. When in Outlook Calendar, select the dropdown menu next to the Teams meeting Add-In button to see the list of meeting templates now available. When a meeting template has been selected, the Teams App will open via a deeplink and directly open the meeting template scheduling form.
When this will happen:
Standard Release: We will begin rolling out early December and expect to complete by mid-December 2023.
How this will affect your organization:
This will add another entry point for users to access the virtual appointment, webinar, and town hall meeting templates from. The meeting templates menu in the Teams Add-In in Outlook Windows is already available, and this will be aa set of templates now added to that menu to achieve the same template availability of Teams.
What you need to do to prepare:
If you want to make any changes to who in your organization can access the virtual appointment, webinar, or town hall meeting templates, refer to the following instructions:
Manage meeting templates in Microsoft Teams
Plan for Teams webinars
Plan for Teams town halls
MC689501 — (Updated) Together mode and content share layout improvement
>60 Days
Microsoft 365 Roadmap ID 181615
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
With the new layout, Together mode will be displayed under the shared content. The users will be able to see the participants in Together mode and shared content simultaneously in a completely new way. Full Together mode experience is available including raised hands, reactions and name labels.
When this will happen:
Targeted Release: We will begin rolling out early January 2024 (previously early December) and expect to complete by mid-January 2024 (previously mid-December)
Standard Release: We will begin rolling out mid-January 2024 and expect to complete by late January 2024.
GCC-H and DoD: We will begin rolling out late January 2024 and expect to complete by late February 2024.
How this will affect your organization:
Together mode and shared content now offer a more natural experience.
What you need to do to prepare:
You may consider updating your documentation for users.
MC689496 — Microsoft Teams: Meeting chat invitations from unmanaged users
<30 Days
When using external access for Teams, users receiving a meeting chat invitation from an unmanaged Teams user will be prompted with the option to acknowledge or leave the meeting chat.
When this will happen:
Standard Release: We will begin rolling out early December 2023 and expect to complete by late December 2023.
How this will affect your organization:
There are no admin controls related to this feature. Users will see an invitation screen when added to a meeting chat by an external unmanaged Teams user. At this point, they can choose to acknowledge the invitation or leave the meeting chat. Users continue to have the option to block and unblock external unmanaged Teams users.
Users will not see this update if external access with unmanaged Teams users is disabled or if incoming chats from unmanaged Teams users are disabled.
Review this doc to understand external access settings with unmanaged Teams users.
What you need to do to prepare:
If external access with unmanaged Teams users is enabled, consider notifying your users of this update.
MC688627 — Microsoft Teams: New settings available for your frontline manager in Shifts app
<30 Days
Microsoft 365 Roadmap ID 179786
We are thrilled to announce exciting product enhancements on our Shifts settings page design to empower your organization through frontline managers to decide what capabilities their team can leverage from Shifts.
When this will happen:
We will begin rolling out in late November and expect to complete by early December 2023.
How this will affect your organization:
Our key capabilities in Shifts are open shifts, swap shifts requests, offer shifts requests, time off requests and timeclock. Until now, frontline managers were only ability to configure open shifts and timeclock through our in-app settings. However, we are expanding the capabilities to allow frontline managers to configure (enable or disable) the remaining:
Swap shifts requests – If turned on, employees can swap their shifts with another one from a co-workers within the team. As a manager, you are able to approve or reject their requests.
Offer shifts requests – If turned on, employees can offer their shifts to another co-workers within the team. As a manager, you are able to approve or reject their requests.
Time off requests – If turned on, employees can request for time off within the team. As a manager, you are able to approve or reject their requests.
Please refer to our end-user documentation to learn more about the settings in Shifts.
What you need to do to prepare:
There is nothing you need to do to prepare for these changes, besides you may want to notify your frontline manager about these updates.
MC688109 — Co-organizer experience updates in Teams Webinars and Townhalls
>60 Days
Microsoft 365 Roadmap ID 168524
Scheduling, setting up, and managing an event is not a simple task. Which is why we allow co-organizer to be added to the event so they can work alongside or on behalf of the organizer. So far co-organizers were able to set up event theming, manage registration, meeting options, view reports and more but were not able to edit event details like title, date/time, description, event group; nor publish or cancel event. Now they can! Co-organizer can edit event details, publish, and cancel the event like the organizer can. So once the co-organizer is added they will have full parity of experience as organizer and control/manage/edit event.
When this will happen:
Targeted release: We will begin rolling out mid-January 2024 and expect to complete by late January 2024.
Standard release: We will begin rolling out early February 2024 and expect to complete by late February 2024.
How this will affect your organization:
When co-organizer opens the event scheduling page, they should have the ability to edit the details page, publish, and cancel the event.
What you need to do to prepare:
Nothing required to prepare.
MC687848 — Microsoft Teams: Improved View Switcher for Teams Rooms on Android
30-60 Days
Microsoft 365 Roadmap ID 159128
The latest version of Teams Rooms on Android Update 3 (2023) includes improved view switcher and front of room display controls.
When this will happen:
Standard Release: We will begin rolling out in early January 2023 and expect to complete rollout by mid-January 2024.
How this will affect your organization:
The updated interface for the Teams Rooms on Android View Switcher menu provides end users with more control of the front of room display(s) during a meeting and enables customizations including visibility of the meeting chat and which meeting component is displayed on the left and right panel for Front Row. IT admins can configure the default number of panels and default components on panel(s) using the local device setting.
What you need to do to prepare:
Please notify your users about this new experience and update your training and documentation as appropriate.
MC687806 — Update: Microsoft Teams Shared Device License on Mobile App for Android
Rolled Out
Microsoft 365 Roadmap ID 126706
We wanted to share an update on the previous Message center post (MC662254) we sent around support for Teams Shared Device License on Android Mobile. We are glad to announce that support for Teams Shared Device License on Android Mobile is generally available now on Teams mobile version >= 2023143401. Only Calling and Walkie Talkie apps are supported when the Android mobile application is signed into an account with Teams Shared Device license. To access other apps on Teams Android mobile including chats and channels, please assign eligible licenses to the account and remove the Teams Shared Device License.
For more information, please visit Set up an Android mobile phone as a common area phone.
—Original message (MC662254) below for reference—-
We are pleased to announce that we will soon support the Microsoft Teams Shared Device license on the Teams Android mobile application. The Teams Shared Device license offers a shared identity-based , common area phone experience, including basic and advanced calling, people search, voicemail and walkie talkie.
When this will happen:
Standard Release: Rollout will begin in late August 2023 and is expected to be complete by early September 2023.
GCC: Rollout will begin in late August 2023 and is expected to be complete by early September 2023.
How this will affect your organization:
This feature will enable Android phones to be set up as shared devices. Walkie Talkie, call queues, auto attendants, cloud voicemail, call park and all other calling features currently supported on common area phones will be available through the Teams Android app.
What you need to do to prepare:
We will share an update once we start rolling out the feature to all customers. Please ensure your Teams Android mobile application is updated with the latest version after the feature is released. No further action is required from your end currently. For more information, please visit this documentation.
MC687791 — Custom Backgrounds for Announcement Posts in Channels
<30 Days
Microsoft 365 Roadmap ID 183785
Microsoft Teams users will soon be able to create custom backgrounds for their Announcement posts with the generative AI power of Microsoft Designer. For organizations with Teams Premium, users will have access to DALL-E, a text to image generator, which they can use for their backgrounds. This release of Custom Backgrounds for Announcement Posts will be rolling out across Microsoft Teams Desktop and Web for Channels 2.0 in English – US markets only. In line with current announcement behavior, Mobile will only support the consumption of custom backgrounds. Feature is disabled for EDU tenants while the team implements a policy setting.
When this will happen:
Targeted Release: We will begin rolling out early November and expect to complete by mid-November 2023.
Standard Release: We will begin rolling out late November and expect to complete by early December 2023.
How this will affect your organization:
Before, in Channels 1.0, users struggled to “find the right picture,” to “find images that work correctly with banner sizing so it takes ages,” etc.
Now, whether users have their own image or an idea in mind, or absolutely nothing at all, they can create rich, engaging backgrounds for their announcement posts through the generative AI power of Microsoft Designer. A few clicks is all it takes–let the imagination run wild!
You can find the entry point icon to the Designer integration at the bottom right corner of the announcement.
The Designer Mini Dialog is where all the magic happens. You can write a description, upload an image, generate an image using DALL-E, or click one of the examples we have provided for you to start.
When you click on “Generate image,” you’ll be able to create an image from a text description to include in your announcement background.
Once you have selected a background you like, you’ll see the option to press “Customize” or “Done.” “Done” inserts the background into your Announcement while “Customize” launches the Microsoft Designer App where you can further customize your background.
The Designer App provides flexibility and endless power for you to create exactly what you want.
What you need to do to prepare:
You may want to notify your users about this new capability to better express themselves and engage their audience in their Announcements. Additionally, due to the inevitable generative AI learning curve, you may want to provide additional training/documentation as you see fit. You can also lead by example and show your users what’s possible.
While we work on making a policy setting available to tenants, this feature will be enabled by default (except in EDU). If there are concerns, please contact support.
We can’t wait to see what announcement backgrounds you and your team come up with.
MC687206 — (Updated) Microsoft Teams: Private Line
>60 Days
Microsoft 365 Roadmap ID 181616
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
We are introducing a new calling feature. With private line, users will be able to have a private second phone number that they can make available to a select set of callers to call them directly, bypassing delegates, admins, or assistants. Inbound calls to the private line will be distinguished by a unique notification and ringtone. The private line will support incoming calls only.
When this will happen:
Standard Release and GCC: We will begin rolling out mid-February 2024 (previously early December) and expect to complete by late February 2024 (previously mid-December).
GCC High and DoD: We will begin rolling out in mid-March 2024 (previously early January) and expect to complete by late April 2024 (previously early February).
How this will affect your organization:
You will have the ability to designate a phone number as a private line for users to take private line calls.
What you need to do to prepare:
Nothing you need to do to prepare. Once the feature has rolled out, you will be able to set up private line for users.
MC686281 — (Updated) New Gallery in Teams Meetings
>60 Days
Microsoft 365 Roadmap ID 118467
Updated November 27, 2023: We have updated the content below with additional information.
We are introducing a revamped version of the gallery in Teams meetings and calls. The new gallery will be the default view when users join their meetings, so that they can use it without the need of taking an action.
When this will happen:
Targeted Release: We will begin rolling out early January 2024 (previously early December) and expect to complete by mid-January 2024 (previously mid-December).
Production and GCC: We will begin rolling out mid-January 2024 (previously early January) and expect to complete by late January 2024 (previously mid-January).
GCC High: We will begin rolling late January 2024 (previously mid-January) and expect to complete by early February 2024 (previously late January).
DoD: We will begin rolling out late January 2024 and expect to complete by early February 2024.
How this will affect your organization:
This new version introduces a series of changes to help users in their meetings:
16:9 aspect ratio participant tiles for more predictability. A consistent aspect ratio maintains a more predictable experience when users turn their videos on or off. It also provides more visibility into users’ body language and hand gestures.
An audio-video mixed gallery for a more inclusive representation. Audio and video users share now the same space by default.
Meeting rooms are displayed larger than individual participants. In certain meeting sizes, we display Microsoft Teams Rooms video in a larger size than the rest of the participants to give an equivalent weight to participants joining from a meeting room. Non-Teams rooms joining Teams meeting via Direct Guest Join will remain the same tile size as today.
You appear next to the rest of the participants. Your own tile will now be included next to the rest of the participants.
Customization of the gallery. Users can adapt the gallery to their needs or preferences. The customization options include:
Gallery size: Users can choose the maximum number of tiles that will be represented per page. The entry point for this action is available through the meeting toolbar: “View” > “Change gallery size”.
Placement of your own tile: For users who prefer to keep themselves separated from the rest of the participants. If chosen, the self-tile will be placed in an area separate from the rest of the participants. The entry point for this action is available through the meeting toolbar: “View” > “More options” > “Remove me from gallery”.
Prioritizing videos: For users who want to give a higher weight to participants with their video on. If chosen, video participants will be displayed more prominently than audio participants. The entry point for this action is available through the meeting toolbar: “View” > “Prioritize video”.
Meeting room tile size: Users can decide if they want to resize the meeting room tile to the same size as the rest of the participants. The entry point for this action is available in the contextual menu of the room tile.
What you need to do to prepare:
Please notify your users about this change and update any training documentation, as appropriate.
MC684220 — (Updated) Creation of Default Notes tab in new standard channels in Teams
30-60 Days
Microsoft 365 Roadmap ID 180484
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
As communicated in MC496248 (January ’23) Microsoft Teams users will soon get a “Notes” tab, powered by OneNote, added by default on the tabs bar across the top on creation of new standard channels for note-taking capabilities. Earlier this capability was powered by Wiki, which is set to retire from Teams based on the announcement, MC496248, published in January.
When this will happen:
This will start rolling out by early December 2023 (previously mid-November) and expect to complete by mid-January 2024 (previously late November).
How this will affect your organization:
With this release, users will see a tab called “Notes” which is powered by OneNote, when they create a new standard channel in Teams. We’ll leverage the default OneNote notebook created at a team level for this purpose. When a new standard channel is created within the team, a new section will be created with the same as channel dedicated for notetaking within this channel.
OneNote is the Microsoft 365 app for notetaking that offers that offers:
Easy collaboration across the team
View all channel notes in a team in one place organized within a single notebook
Rich editing with typing, ink annotations, highlighting, file attachments, etc.
Easy recall & search for channel notes within OneNote on any platform
What you need to do to prepare:
If your organization has not enabled OneNote you can review this documentation: Deployment guide for OneNote
FAQs
How can I access the content captured for all channels in Notes tab?
All members in a team will be able to access the content captured in Notes tab across all standard channels within that team by clicking on the Show navigation
icon on left.
How can I add back Notes tab to a channel if it is accidentally removed?
Please note that Notes tab by default is only supported in standard channels at the moment. If your standard channel used to have a Notes tab, you can add it back.
In Teams, go to the channel you want to add the Notes tab again.
In the tabs bar across the top, select Add a tab
. The Add a tab window will open.
Select the OneNote tile. The OneNote window will open.
Select the “Default team notebook” for your team, then select Save.
A tab with the team notebook name will be added in the tabs bar across the top. Right-click the tab to rename it to “Notes”.
Go to the Notes tab and select the show navigation icon. Create a new section in this notebook and give it the same name as the Teams channel.
Note: Having a dedicated section for each channel will help avoid confusion for others who access the notebook.
In the section, create a page, name it, and start taking notes.
Why is Teams retiring wiki?
Please read the details on Wiki retirement in MC496248 (January ’23).
Known limitation:
OneNote notes only display in Default (Light) and High contrast mode.
MC683923 — (Updated) Nightly Reboot Window for Microsoft Teams Rooms on Android
<30 Days
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
With the Microsoft Teams Rooms on Android update U2B, a nightly reboot maintenance window feature is being introduced.
By default, devices taking update will have a daily reboot window from 1AM-3AM in their time zone. The reboot only occurs if the device isn’t being used and if the device fails to reboot in the window, the reboot will occur the during the following window. Customers will also have the option to turn off the reboot window or change the timing for the reboot window.
By introducing nightly reboots, Microsoft Teams Rooms on Android devices will benefit from improved reliability and recovery from some potential issues like memory leaks, pairing loss and network connectivity problems.
When this will happen:
Preview: We will begin rolling out late November 2023 (previously late October
Standard Release: We will begin rolling out mid-December 2023 (previously mid-November) and expect to complete by late December 2023 (previously late November)
How this will affect your organization:
Devices running Microsoft Teams Rooms on Android will automatically reboot each night unless the maintenance window is turned off by the admin.
MC683659 — (Updated) Microsoft Teams: Additional manager-controlled privacy settings in Shifts
Rolled Out
Microsoft 365 Roadmap ID 152119
Updated November 16, 2023: We have updated the content below with additional information.
We are thrilled to announce exciting product enhancements on frontline managers-controlled privacy settings for frontline workers.
When this will happen:
We will roll out in November 2023.
How this will affect your organization:
Frontline managers now have the power to manage shift information visibility for their employees through the newly available privacy controls in Shifts settings.
Here’s what this feature includes:
Limited Past Views: Managers can restrict how far back frontline workers can view their co-workers’ schedules, ensuring historical data privacy.
Generic Time Off View: Frontline workers can see their co-workers’ time off in a generic way, without viewing the specific reasons and notes.
Limited Shift Details: Managers can limit the level of detail frontline workers can access about their co-workers’ schedules, excluding sensitive information like Shift notes, activities and break durations.
What you need to do to prepare:
There is nothing you need to do to prepare for these changes, besides you may want to notify your frontline managers about these updates.
MC682302 — (Updated) Microsoft Teams: Excel import enhancements in Shifts app
<30 Days
Microsoft 365 Roadmap ID 169705
Updated November 27, 2023: We have updated the content below with additional information. Thank you for your patience.
We are thrilled to announce exciting product enhancements to our import and export Excel experiences in Shifts designed to empower frontline managers to achieve more.
Here’s what this feature includes:
Import a schedule includes time off and open shifts:
Frontline managers can import assigned shifts, time offs and open shifts through the same Excel file into Shifts. There will be different worksheets for those 3 entities that managers will require to fill in according to what is wished to be imported.
To respect Shifts settings, open shifts won’t be synced to Shifts calendar when imported through Excel whenever the open shift setting is disabled for a team.
‘Export in a format that can be imported’ includes open shifts and time-offs:
Frontline managers can export, for a specific period, a schedule that might include assigned shifts, time offs and open shifts.
When this will happen:
We will begin rolling out mid-November 2023 and expect to complete by mid-December 2023.
How this will affect your organization:
Import and export time offs and open shifts using Excel.
Until now, Frontline managers have only been able to import assigned shifts from Excel into Shifts. Now, we have expanded the supported entities by providing managers with more flexibility when creating schedules. This feature launch is being carried out in multiple phases.
Here’s what this feature includes:
Import a schedule includes time off and open shifts:
Frontline managers can import assigned shifts, time offs and open shifts through the same Excel file into Shifts. There will be different worksheets for those 3 entities that managers will require to fill in according to what is wished to be imported.
To respect Shifts settings, open shifts won’t be synced to Shifts calendar when imported through Excel whenever the open shift setting is disabled for a team.
Prevent duplication of groups:
Frontline managers can select groups in the import sample file from a pre-populated list with the existing available schedule groups in the team.
‘Export in a format that can be imported’ includes open shifts and time-offs:
Frontline managers can export, for a specific period, a schedule that might include assigned shifts, time offs and open shifts.
What you need to do to prepare:
There is nothing you need to do to prepare for these changes, besides you may want to notify your frontline manager about these updates.
MC679738 — (Updated) Microsoft Teams: Automatic Updates for the Teams app on Android-based Teams Devices
>60 Days
Microsoft 365 Roadmap ID 163598
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
Android-based Teams devices will start receiving automatic updates for Teams app, in addition to firmware.
When this will happen:
Rollout will begin in late October 2023 and is expected to be complete by mid-February 2024 (previously early November).
How this will affect your organization:
The Android-based Teams devices (Teams Rooms on Android, Teams Phones, Panels, and Displays) will start receiving automatic updates of the Teams app. The overall internal guardrails and features to manage the updates remain similar to those for automatic firmware updates. Administrators can find them on pages under Teams devices in Teams admin center.
The following capabilities can be used to manage these updates:
Update phases can be found after selecting the Update option after selecting a device.
You can assign devices to these phases and the updates will rollout adhering to these. You can select multiple devices and assign a phase to them together as well.
These phase timelines are different from those for Firmware auto-updates. Since the Teams app versions contain smaller changes and are released much more frequently, the rollout is much faster.
For Teams app automatic updates
Validation phase – Updates start as soon as a new version is published.
General phase – Updates start only 15 days after a new version is published.
Final phase – Updates start only 45 days after a new version is published.
‘Software auto-update‘ column in the device inventory table will indicate the phase assigned to the device. You can select the phase to quickly navigate to the Update section.
‘Software auto-update‘ widget on device inventory pages shows any active updates that are going on and details for them.
Temporarily Pause (and Resume) auto-updates – under the Actions menu
Selecting Pause stops all auto-updates for the tenants for 15 days. If an automatic update is already scheduled, it will be cancelled.
If selected, the auto-updates are paused for all the Android-based devices in the tenant.
Admin can also choose to resume the auto-updates before the 15 days elapse.
Manual updates are not impacted by this.
Software versions released by Microsoft are marked as “Verified by Microsoft“.
Preview versions will be marked as ‘Microsoft Preview’. Automatic updates do not update devices to these versions.
Refer to Update Microsoft Teams devices remotely for more details about auto-updates.
What you need to do to prepare:
Before this change takes effect, administrators should ensure that their devices are assigned the Update Phase of their choice. When this change takes effect, auto-updates will start happening following the configured update phases. In case you need to validate something on the devices, you can choose to pause the auto-updates temporarily.
MC679736 — (Updated) Microsoft Teams: Branded Meetings – Join Launcher Screen with Brand Image and Logo Support (Premium)
>60 Days
Microsoft 365 Roadmap ID 164081
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
The Teams Join Launcher web page will now support the brand logo and brand image uploaded for branded meetings. This is a Teams Premium feature.
When this will happen:
Standard Release: We will begin rolling out mid-February 2024 (previously early December) and expect to complete by late February 2024 (previously mid-December).
What you need to do to prepare:
Please note – for tenants that have already uploaded and are using custom branded meetings, you may need to re-upload your images in order to support this new feature. Please see the Custom Meeting Branding support documentation for details.
MC677231 — (Updated) Microsoft Teams: Engagement Information in Teams Attendance Report (Premium)
<30 Days
Microsoft 365 Roadmap ID 162171
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
The new engagement information will enable organizers to view meeting engagement data such as total reactions, raised hands, cameras turned on, and more in the “Attendance” tab after a meeting or webinar.
When this will happen:
Targeted Release: We will begin rolling out in early October 2023 and expect to complete rollout by late October 2023 (previously mid-October).
Standard Release: We will begin rolling out in early November 2023 (previously late October) and expect to complete rollout by mid-December 2023 (previously mid-November).
How this will affect your organization:
If your tenant turns ON the Attendance Report, organizers will see engagement information in the “Attendance” tab in calendar or meeting chat. Information will include count of reactions, raised hands, unmutes and cameras turned on at meeting level and attendee level.
What you need to do to prepare:
If you need engagement information in Attendance Report, please make sure the “Attendance Report” policy is turned ON by both the admin and the organizer.
Note: If the end user opts out of the Attendance Report in Teams settings, then the user’s engagement information will not be shown in the Attendance Report.
MC675813 — (Updated) Simplifying Meeting Join Experiences on Teams Mobile
30-60 Days
Microsoft 365 Roadmap ID 146741
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
We are improving the meeting join experience on Teams Mobile (iOS / Android) in several ways:
Streamlining the meeting join process by reducing the number of steps it takes to join the meeting, particularly for users joining from externally of the organization.
Users who join without signing in will now have the capability to preset and preview video / audio settings prior to joining the meeting.
Simplifying the join process for users with multiple accounts by improving the account switching user experience.
When this will happen:
Standard Release: We will begin rolling out mid-October 2023 and expect to complete by mid-January 2024 (previously mid-November).
How this will affect your organization:
Mobile users will see an improved and refreshed experience when joining meetings.
What you need to do to prepare:
No action required – this is a user experience update.
MC675812 — (Updated) SMS Text Notifications in Virtual Appointment Teams Meeting Template – Expansion to UK + Canada (Premium)
30-60 Days
Updated November 7, 2023: We have updated the rollout timeline below. Thank you for your patience.
Teams Premium users in the United Kingdom and Canada will soon have the ability to send SMS text notifications about a meeting in the Virtual Appointment Teams Meeting template. This Premium feature will be available to all users that have a Teams Premium license and access to the Virtual Appointment Teams Meeting Template.
When this will happen:
Public Preview: We will begin rolling out in early November 2023 and expect to complete rollout by mid-November 2023.
New Teams – Standard release: We will begin rolling out in early December 2023 and expect to complete rollout by mid-December 2023.
Classic Teams – Standard release: We will begin rolling out in mid-January 2024 and expect to complete rollout by late January 2024.
How this will affect your organization:
When released, all users within your organization that are eligible will see the SMS text notification feature within the Virtual Appointment Teams Meeting template. Eligible users are users that have a Teams Premium license, access to the Virtual Appointment Teams Meeting Template, and access to the SMS notification feature.
Improve the meeting experience of external guests by ensuring they stay up to date on the details of their virtual appointment and can join from anywhere. When scheduling a virtual appointment, the meeting organizer will be able to input the external guest’s phone number. The external guest will receive an SMS text message that provides details of their appointment (date/time) and a meeting join link so they can easily join the meeting from a mobile browser. They will receive a text message if the date or time of the meeting changes, if the meeting is cancelled, and will receive a reminder 15 minutes before the appointment. The user can opt out to all text messages for all meetings from the Virtual Appointment Teams Meeting Template by replying ‘STOP’ to the text message. They can opt back in at any time by replying ‘START’.
What you need to do to prepare:
If you do not want users within your tenant to be able to access the SMS text notification feature in the Virtual Appointment Teams Meeting Template, you can implement a user-level policy via PowerShell to restrict access to this feature.
Use the Get-CsTeamsVirtualAppointmentsPolicy cmdlet to fetch policy instances of TeamsVirtualAppointmentsPolicy. Each policy object contains a property called EnableSmsNotifications. This property specifies whether your users can choose to send SMS text notifications to external guests in meetings that they schedule using a virtual appointment meeting template. If EnableSmsNotifications is set to Disabled/False, then the user(s) with the policy set will not see the SMS notification feature or phone number field in the Virtual Appointment Teams Meeting Template.
Please refer to relevant documentation on configuring this setting here. We also recommend updating any end user documentation in your organization related to the Virtual Appointment Teams Meeting Template.
MC675503 — (Updated) Meeting Protection Support for Teams Rooms on Android
30-60 Days
Microsoft 365 Roadmap ID 161423
Updated November 7, 2023: We have updated the rollout timeline below as well as the content. Thank you for your patience.
The latest version of Teams Rooms on Android Update 3 (2023) includes the meeting protection support – End-to-end Encryption for meetings and Sensitivity labels.
When this will happen:
We will begin rolling out in early January 2024 (previously mid-December) and expect to complete rollout by mid-January 2024 (previously mid-December).
How this will affect your organization:
Teams Rooms on Android devices applies the Teams Premium meeting security features including end-to-end encryption and sensitivity labels if the meeting organizer has them turned ON.
Note: Features need to be activated through the Meeting options in Teams Calendar or Outlook on desktop or mobile devices. To enable the features a Teams premium license may be required.
If End-to-end Encryption is enabled, the Teams Rooms on Android will display a shield with a lock icon next to the view switcher. This icon includes a 20-digit group key that can be verified with other meeting participants. If a Teams meeting is set with a Sensitivity Label, room users will be informed that the label has been applied when clicking the shield with a lock icon.
Note: Together mode and Large Gallery are not available during End-to-end Encrypted Meetings, but meeting chat is permitted.
What you need to do to prepare:
Please notify your users about this new experience and update your training and documentation as appropriate.
MC675501 — (Updated) Microsoft Teams: Watermark support for recording playback (Premium)
>60 Days
Microsoft 365 Roadmap ID 137654
Updated November 2, 2023: We have updated the rollout timeline below. Thank you for your patience.
Recording can now be enabled for watermarked meetings (Watermark feature requires a Teams Premium license). An email ID will be displayed as the watermark during the meeting recording playback. Once a meeting has concluded, users can access the recorded content on both web and mobile platforms to watch the recording with watermarking.
When this will happen:
Targeted release: We will begin rolling out in early January 2024 and expect to complete by mid-January 2024.
Standard release: We will begin rolling out in mid-January 2024 and expect to complete by late January 2024.
GCC-H and DoD: We will begin rolling out in mid-February 2024 and expect to complete by late February 2024.
How this will affect your organization:
IT admins can now encourage meeting hosts to enable recording for watermarked meetings. The recording playback will be watermarked with the participants’ email ID to avoid information leakage and add a layer of protection.
What you need to do to prepare:
You may need to update the documentation for your users to mention the existence of this feature.
In a watermarked meeting, the meeting organizer and the co-organizer can now start recording by clicking on the “start recording” button.
Once the meeting/recording has ended, participants can retrieve the link in the meeting chat and open the recording on the web.
When the recording is opened on the web, they will see their individual email ID as the watermark on the meeting.
When a meeting is recorded by the organizer, it will be saved onto their SharePoint and be able to download since they are the owner of the recording.
The download option is only for the person who recorded the meeting (file owner). The owner can provide access to the other person.
On the recording, it will add the email ID of the user who clicked on the recording file to watch the recording playback in the browser.
The owner of the file will see their own email ID all over the recording.
As a participant/other viewer of the file, if I watch the recording on the web, I would see my email ID all over the recording.
You can find more details about Watermark in Teams Premium in this documentation: Watermark for Teams meetings.
MC675500 — (Updated) Teams Panels Recognized and Visible in Teams Rooms Pro Management Portal
<30 Days
Microsoft 365 Roadmap ID 164490
Updated November 7, 2023: We have updated the rollout timeline below. Thank you for your patience.
We are pleased to announce that Teams Panels will soon appear and be supported in the Teams Rooms Pro Management Portal. Panels will start to appear under the Rooms and Inventory pages. The device health signals, and management functionality will be similar to what is offered on Teams Rooms on Android devices.
When this will happen:
Rollout is expected to start in mid-November 2023 (previously early November) and is expected to be complete by early December 2023 (previously late November).
How this will affect your organization:
On the Rooms page, you will have the ability to see the status of the Panel, the IP address, serial number, and app and firmware version. You can remotely restart the device, add it to a Group, or record an issue. You can also view the current configuration profile, the update history, and search for and apply a profile. If you want to change a configuration profile or make a new one, you will need to use the Teams Admin Center.
On the Inventory page, you will be able to see Panels at a room level. The device type listed will depend on whether the Panel is sharing its resource account with another device. Regardless, after clicking on the room and then the ‘Inventory’ page, you will be able to see the Panel listed as a device.
What you need to do to prepare:
No update is required.
MC675281 — (Updated) Generate unique join links for external presenters so they can easily join events
<30 Days
Microsoft 365 Roadmap ID 123149
Updated November 7, 2023: We have updated the rollout timeline below. Thank you for your patience.
Organizers can set up events and effortlessly add external presenters, who will receive exclusive Teams join links. These links enable external presenters to directly enter the event, eliminating the need for organizers to manually admit them from the event lobby or modify their event role during the session. This creates a hassle-free event experience for organizers and presenters!
External Presenters are considered people outside of your organization, including guests (AAD/B2B/non-AAD), federated, unfederated, and anonymous users (non-AAD).
This feature is available for webinars only. This is not a Teams Premium feature.
When this will happen:
Standard Release: We will begin rolling out late October and expect to complete by early November.
GCC: We will begin rolling out late November 2023 (previously late October) and expect to complete by late December 2023 (previously early November).
How this will affect your organization:
We suggest updating your internal documentation to include this new feature.
What you need to do to prepare:
This feature will appear on the webinar scheduling forms when it’s fully rolled out.
MC674419 — (Updated) Retire Microsoft Teams Single-window UI in VDI for your organization
30-60 Days
Updated November 27, 2023: We have updated the message with additional information. Thank you for your patience.
We will be retiring the Single Window UI feature from Microsoft Teams when optimized for VDI beginning January 31st 2024. Instead we recommend the utilization of Multi Window UI (also known as the new meeting experience), which is where we will continue to invest our development resources.
The Multi-window capability provides users with the option to pop out chats, meetings, calls, or documents into separate windows to help streamline their workflow while their call or meeting is in progress.
Accessing Teams and chats will be possible while keeping the popped-out call or meeting window visible – whether that’s on the same screen as the main Teams client or on a secondary display.
It also brings new experiences to VDI such as ‘Call Me’, Background Blurring and Effects, Large Gallery, Together mode, Transcriptions and more.
Additionally, meeting and call controls such as mute, video, chat, leave, and more are now located at the top of the meeting window so that they are always available and never block the underlying content.
With Single-window, Microsoft Teams UI behaved like a ‘single pane of glass’, and if users tried to multi-task for example by clicking on a chat while there was a call in progress, this would trigger the appearance of a floating window in the UI (see picture below, bottom left).
In addition, the pre-join meeting experience would display the peripherals and audio options on the bottom, under the self-preview (see picture below, top left).
Once the user joins a meeting, the meeting and call controls bar is docked at the bottom/center of the UI.
When this will happen:
We’ll be gradually rolling this retirement out to customers in late January and complete this by January 31st, 2024.
How this will affect your organization:
You are receiving this message because our reporting indicates one or more users in your organization are using Single Window UI in Teams.
This mode is present when users are running old versions of the VDI stack, or the Teams client (older than 1.5.00.11865).
Minimum version requirement for Multi Window:
Citrix:
Citrix VDA 1912 CU6 LTSR
Citrix VDA 2203
Citrix VDA 2212 CR
Citrix Workspace app for Windows 2203
Linux 2207 and Mac 2302
ChromeOS 2301
VMware:
VMware Horizon Agent 2203
Azure Virtual Desktops or Windows 365:
RD Client Windows 1.2.1755
RD Client Mac 10.7.7
WebRTC Redirector Service 1.1.2110.16001
Recommended versions:
Citrix: Latest Current Releases for Workspace app and VDA. Or latest CUs for LTSRs.
VMware: Latest Horizon Agent
AVD/W365: Latest RD Clients in Public release, and latest WebRTC Redirector Service.
Microsoft recommends updating to the new Teams client, which is currently in public preview for VDI. (The new Teams clients only supports Multi-Window)
Impact to users:
Users will no longer be able to use audio, video or screensharing in optimized mode for VDI when using Microsoft Teams in virtual desktops when this change is implemented.
Instead, users will be in fallback mode (non-optimized, a.k.a server-side rendering), and while they will be able to use multimedia features, these will incur in higher VM resource consumption like CPU, RAM and Network traffic).
The classic Teams desktop client in Single Window mode will be out of support.
What you need to do to prepare:
To avoid work disruptions, we recommend you either:
Update your VDI Infrastructure and Microsoft Teams versions to the minimum level supporting Multi-window
Use Microsoft Teams in non-optimized mode (a.k.a server-side rendering, incurring higher VM resource consumption like CPU, RAM and Network traffic). For instructions on how to disable optimization, check your VDI Vendor’s documentation (AVD/W365, Citrix, VMware)
MC673714 — (Updated) Microsoft 365 admin center: New Premium Teams Usage Report
>60 Days
Microsoft 365 Roadmap ID 163426
Updated November 29, 2023: We have updated the rollout timeline below and provided additonal information. Thank you for your patience.
A new product usage report will be available within Microsoft 365 admin center usage reports to help Admins understand how Microsoft Teams Premium is being used within their organization by daily active users, features, and by paid and trial license types.
Teams Premium usage reports will include daily active users of all up all Teams Premium features and active users per feature under meeting protection, meeting personalization, meeting intelligence, virtual events and advanced webinars pillars, and user level usage of each feature so that you know how people are utilizing Teams Premium licenses and how the adoption and engagement is in the organization. The report displays trends over the last 7/30/90/180 days.
When this will happen:
Standard release. The rolling out time is pushed to calendar year 2024 Q2 and we will provide more concrete release time via Message center.
How this will affect your organization:
Admins with the correct permissions will soon have access to new usage reports for Teams Premium.
What you need to do to prepare:
To access the new reports, go to Reports -> Usage -> Teams Premium.
For more information regarding these reports, please review the following documentation.
MC671824 — (Updated) Power Automate app changing name to “Workflows” within Microsoft Teams
<30 Days
Microsoft 365 Roadmap ID 131294
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
To provide a unified workflow experience within Microsoft Teams we will be merging the existing Workflows app with the Power Automate app. With this merger the Power Automate app will be changing its name to “Workflows”.
There will be no change to user experience within the app. Users will still be able to manage all their flows within the app along with browsing workflow templates or creating a new flow from scratch. Whether you have existing workflows in the Power Automate app or the Workflows app your workflows will persist in the new unified app. Users will still be able to configure new workflows through the various app entry points (tab, bot, message extension, message action, personal app).
When this will happen:
Targeted Release: We will begin rolling out early October 2023 (previously mid-September) and expect to complete by mid-October 2023 (previously late September).
Standard Release: We will begin rolling out mid-October 2023 (previously late September) and expect to complete by early November 2023 (previously early October).
GCC Release: We will begin rolling out early November and expect to complete by mid-December 2023 (previously early November).
How this will affect your organization:
Power Automate app will be changing its name to “Workflows”.
The app will be pre-installed for all Teams users when this merger is released. If users had uninstalled this app previously it will show for them again and they will need to uninstall.
Teams Admin Center: If admins previously disabled the Power Automate app it will still remain disabled after the merger. However, if admins had previously disabled the old Workflow app, since that app no longer exists, they will need to go back into TAC and disable the new Workflows app.
What you need to do to prepare:
Consider bringing awareness to your users about this change if your tenant uses the Power Automate app within Microsoft Teams.
MC661825 — (Updated) Microsoft Teams: On-Demand Recording Feature in Webinars
<30 Days
Microsoft 365 Roadmap ID 123052
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
Organizers can soon publish the recording of their webinars and automatically send an update to their attendees, in which they will receive a link to watch the on-demand recording hosted on their event page.
When this will happen:
We will begin rolling out in late September 2023 (previously late August) and expect to complete rollout by mid-December 2023 (previously late November).
How this will affect your organization:
The organizer would have the ability to pre-approve the recording prior to publishing it for attendees to view. This provides the opportunity for the organizer to either publish the default recorded event or upload their own custom video from their personal OneDrive.
Additionally, the organizer can also customize and preview the attendee notification prior to sending it out. Once sent, the attendees would then receive a link in their event invite and email to watch the on-demand recording on the event page.
What you need to do to prepare:
Tenant admins may need to apply the following policy changes to allow publishing of recordings:
Policy property will be under: CSTeamsEventsPolicy
Policy Property name: AllowedWebinarTypesForRecordingPublish
Policy Values:
None
InviteOnly
EveryoneInCompanyIncludingGuests
Everyone
MC661224 — (Updated) Channel meeting invitation | Allow organizer to send a channel meeting invite to everyone in team
30-60 Days
Microsoft 365 Roadmap ID 142405
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
Channel meeting invitations will now allow channel meeting organizers the ability to share invites on personal calendars of all channel members.
When this will happen:
Standard Release: We will begin rolling out in mid-September 2023 (previously late August) and expect completion by late January 2024 (previously late October).
How this will affect your organization:
Often, channel meetings get missed since users are not appropriately notified about them. With the added enhancement, meeting organizers can turn a toggle button on the scheduling form when scheduling a channel meeting. Once the toggle is turned on and meeting is saved, all channel members will be notified of the meeting on their main work calendar.
What you need to do to prepare:
There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate.
MC649917 — (Updated) Microsoft Teams: Stream Preview and Playback in Teams Chat and Channels
<30 Days
Microsoft 365 Roadmap ID 127596
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
Users can preview and play Stream videos directly in Teams Chat and Channel without having to open them in a browser and going to Stream.
When this will happen:
We will begin rolling out in late July 2023 and is expect to complete rollout by mid-December 2023 (previously mid-November).
How this will affect your organization:
Stream videos that are saved in OneDrive and SharePoint are now embedded in chat and channels enabling users to preview and play them directly in Teams without the need to open a browser window.
What you need to do to prepare:
There is nothing required from you at this time. You may want to notify your users and update any relevant training documentation as appropriate.
MC602596 — (Updated) Microsoft Teams Panels Update
>60 Days
Microsoft 365 Roadmap ID 129366
Updated November 16, 2023: We have updated the rollout timeline below. Thank you for your patience.
With this update, Teams Panels will support reserving a room using a QR code. This feature lets Microsoft Teams users book a room for meetings now, in the future, or add the room to an existing meeting by scanning a QR code on the scheduling panel and using the Teams app on their Android or iOS mobile phones.
All Teams Panels will have a QR code shown in the top left of the home screen. Panels users can either schedule a new meeting with the room pre-populated for them or easily see the room’s availability for their meetings and book the room with one click.
When this will happen:
Rollout is complete for GCC and Worldwide. GCC High is expected to complete by end of March 2024.
How this will affect your organization:
In order to access this feature, be sure to have the most up-to-date release of Teams Panels from Teams Admin Center, a Teams Rooms Pro or Teams Shared Devices license assigned to the account on the Panel, and check that your users have access to the latest version of the Teams app on their mobile phones.
Please note the following:
External tenants are currently not able to use this feature.
This feature will ship default “ON”.
You can disable this feature on Teams Panels under Settings > Device settings > Teams Admin Settings > Meetings.
To reserve the room:
Users need to scan the QR code using their mobile phone.
In the Teams app on their mobile phone, users should select if they’d like to ‘Schedule a new meeting’ or ‘Reserve for existing meeting’.
If the user schedules a new meeting, the room will be auto added as the location of the meeting. Users can then fill out the other meeting details.
If the user selects to reserve the room for an existing meeting that is happening between now and midnight the next day, they will be able to see whether the room is available or booked at those times and can reserve with one click.
What you need to do to prepare:
To prepare for this incoming feature, we strongly recommend communicating this new feature to your users and share instructions if needed.
A recommended scanner for this feature is the mobile system/OS scanner on mobile phones. However, for Android, the scanning may not work if your users have both work and personal profiles on their Android phones. In this case, users will need to add mobile system/OS scanner in the work profile. To do that, follow the steps below:
In Intune go to Apps -> Android and add
Select Android enterprise system app
Enter type of Android phone and Google and paste OS camera package name
Assign to user / group of users
In order to use this feature, make sure Teams Panels is on 1449/1.0.97.2023080401. iOS mobile phones will need to be on 5.15.0 or higher, and Android mobile phones will need to be on 1416/1.0.0.2023153001 or higher.
For more information, please see: What’s new in Microsoft Teams devices – Microsoft Support
MC579612 — (Updated) Admin Policy for Collaborative Annotations
<30 Days
This change is associated with Microsoft 365 Roadmap ID 92502
Updated November 16, 2023: We have updated the rollout timeline below. Thank you for your patience.
With privacy and security restrictions, we have implemented a user-level IT admin policy for admins to choose whether some or all users in the company can use Collaborative Annotations. Currently, there is a way to turn Annotations ON or OFF through cmdlet Set-SPOTenant-IsWBFluidEnabled, this will also influence Whiteboard.
When this will happen:
We will begin rolling out in early August 2023 and expect to complete rollout by early December 2023 (previously late October 2023).
How this will affect your organization:
IT admins will be able to turn ON or OFF Collaborative Annotations from the Teams admin center in Meetings –> Meeting policies.
What you need to do to prepare:
There is nothing you need to do to prepare.
MC578280 — (Updated) Animated Backgrounds in Teams Meetings
30-60 Days
Microsoft 365 Roadmap ID 122513
Updated November 30, 2023: We have updated the timeline below. Thank you for your patience.
The animated background feature in Teams Meetings allows users to replace their existing background with a dynamic animation for a more immersive virtual environment. It offers various options to enhance meeting experience with creativity and personalization according to users’ preferences. Currently, only pre-defined backgrounds from Microsoft are supported. Animated backgrounds are identified by the small video icon in the bottom-left corner of the preview picture.
When this will happen:
Targeted Release: We will begin rolling out in mid-June and expect to complete rollout by late June.
Public Preview: We will begin rolling out in mid-June and expect to complete rollout by late June.
Standard Release and GCC: We will begin rolling out in early July and expect to complete rollout by mid-September 2023 (previously late July).
GCC-High and DoD: We will begin rolling out in late September and expect to complete rollout by mid-January 2024 (previously late October).
How this will affect your organization:
Users can go to the pre-join screen before the meeting start > Effects and Avatars > Video effects and select a new animated background. Animated backgrounds can be identified by the little video symbol in the bottom left corner of the preview picture.
Users can also change animated backgrounds when they start a meeting and go to More in meeting toolbar > Effects and Avatars > Select an animated background.
Animated backgrounds are not available on low-end devices and require at least 8 GB RAM, CPU with 4 logical processors.
Only pre-defined backgrounds from Microsoft are currently supported.
Using more video filters might slow down background animation, in case of high machine workload.
What you need to do to prepare:
No preparation is needed. You may want to update your training materials indicating that animated backgrounds are now supported Teams meetings.
MC561700 — (Updated) Microsoft Teams: App Suggestions by Task in In-Context Stores
>60 Days
Microsoft 365 Roadmap ID 122527
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
Users think about which tasks they need to complete, such as creating a survey, inside Microsoft Teams. Soon, app suggestions will be organized by tasks that the apps support as opposed to conventional categories (productivity, project management). As a result, the new categorization will reduce the amount of time users need to spend learning about these apps – helping them to work more effectively.
When this will happen:
Standard: Rollout will begin in early March 2024 (previously early November) and is expected to be complete by early April 2024 (previously late November).
GCC: Rollout will begin in early April 2024 (previously early November) and is expected to be complete by early May 2024 (previously late November).
GCC High: Rollout will begin in early May 2024 (previously early January) and is expected to be complete by early June 2024 (previously mid-January).
How this will affect your organization:
The task-based app suggestions will be added to the Tabs, Messaging Extension, and Bots in-context Stores.
What you need to do to prepare:
There is no action required at this time. You may want to notify your users of this update.
MC561188 — (Updated) Microsoft Teams: Set your Work Hours and Location
>60 Days
Microsoft 365 Roadmap ID 125375
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
Set your work location for the day in Microsoft Teams so your team can learn about your availability for in-office and remote collaboration.
When this will happen:
Targeted Release and Preview: We have begun rollout and expect to complete rollout by late May.
Standard Release: We will begin rolling out in early June 2023 and expect to complete rollout by late January 2024 (previously early November).
How this will affect your organization:
We are highlighting Microsoft 365 features that will bring transparency and focus on where you and your colleagues are working: work hours and location. These features will appear in Outlook on the web and Teams and bring the flexibility of enabling users to share where they are working. You’re already accustomed to managing and sharing your schedule in Outlook and Teams. With these additional features, Microsoft 365 is now location-aware – giving more information to you and colleagues to work better together.
Microsoft 365 already helps you manage and share your work schedule and availability. The work hours and location features allow you to specify more details about your work schedule and preferences, like from where you’re working (remotely or in office) and whether you work different hours on different days.
Teams gives you the flexibility to easily change the location for that day, without impacting the rest of your week. For example, after a few hours in the office, you decide to finish up your work from home. To change your location from Teams, simply click on your profile on the top right corner of the Teams window, view your account settings menu and change your work location for that day.
You can also update your location from any device with Teams. If you want to quickly look up where someone is working from, you can view their location in their profile card next to their availability.
What you need to do to prepare:
There is no action required from you at this time. You may want to notify your users of this update.
MC561186 — (Updated) Microsoft Teams: Block Meeting Chat Access in External, Non-Trusted Meeting Joins
<30 Days
Microsoft 365 Roadmap ID 123975
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
Microsoft Teams IT Admins will soon be able to block internal users from accessing chats when these users join meetings organized on external non-trusted tenants, including cross-cloud join. This release of Microsoft Teams’ new meeting chat setting will be rolling out across MS Teams Desktop, Mobile and Web and will provide a new way for tenants to manage users’ chat access in meetings hosted on external non-trusted tenants.
When will this happen:
Targeted Release: We will begin rollout in early July and expect to complete rollout by mid-July.
GA: We will begin rollout in mid-July and expect to complete rollout by late July.
GCC: We will begin rollout in early August and expect to complete rollout by mid-August.
GCCH: We will begin rollout in mid-August and expect to complete rollout by late August.
DoD: We will begin rollout in mid-September and expect to complete rollout by mid-December 2023 (previously early November).
How this will affect your organization:
IT Admins can modify this setting for internal users from the Teams Admin Center under External Meeting Chat or from PowerShell under AllowExternalNonTrustedMeetingChat. Internal users who have External Meeting Chat as OFF from the Admin Center or AllowExternalNonTrustedMeetingChat as False from the PowerShell will not have read or write chat access in meetings hosted on external non-trusted tenants on any Teams platforms.
What you need to do to prepare:
You may want to notify your users about this new setting and the potential effect on their chat access when joining external meetings.
MC550081 — (Updated) Microsoft Teams: New Channels Experience
>60 Days
Microsoft 365 Roadmap ID 91683
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
A new channels experience in Microsoft Teams has been built with an intuitive design that allows teams to focus and stay on tasks, bring everyone up to speed, and actively engage in real-time. The following features will be rolling out:
The compose box and recent posts will appear at the bottom (previously top) of the channel by default. Users can configure channels to show new posts at the top via the more options … menu the top of the channel. It’ll now be much easier to start a new post, keep up with the latest conversations and participate – giving users the confidence that they’ve not missed anything.
Every post is now a true conversation that users can focus on. Users can navigate to a conversation view that makes the discussion more engaging and synchronous, just like a chat. Users can also pop out the post, keep an eye on the discussion, while continuing to work on other topics.
A streamlined information pane will include all the important contextual information like channel’s members and pinned posts so new team members can quickly on-board and for all members to find the information they need, right in the channel.
Pin posts to make it easy for everyone to know what’s important in the channel and quickly reference it.
Simplified badging is making it easier for users to understand when there are new unread activities in teams. In addition, the simplified design helps users focus on the specific channels which requires the most attention, like channels in which the user was @mentioned.
When this will happen:
Targeted Release: Started rolling out in May and is expected to complete in late August 2023 (previously early July). Complete
Standard: We will begin rollout in early October 2023 (previously mid-September) and expect to complete rollout by late October 2023 (previously mid-August). Complete
GCC, GCC High, and DoD: We will begin rollout in mid-December 2023 and complete in early February 2024.
How this will affect your organization:
Users in your organization will not need to make any changes and will get the new channels experience by default.
What you need to do to prepare:
Admins will not need to make any changes.
MC513664 — (Updated) Suggested Files in 1:1 Chats
TBD
Microsoft 365 Roadmap ID 95065
Updated November 27, 2023: We have updated this message to reflect this feature will only be available in the new Teams experience.
As an extension of Suggested Replies in 1:1 chats, you can now easily save time when you need to send a file in a chat by tapping on a “Share file” suggestion. This feature will only be available in the new Teams experience.
When this will happen:
Standard Release: We will begin rolling this out late November 2023 (previously early July) and expect to complete by mid-December 2023.
Government Clouds: We will not be rolling this feature out at this time. We will communicate via Message center when we are ready to proceed.
How this will affect your organization:
Once available, users will be able to tap on a “Share file” action in chat whenever intent is detected to send a file.
What you need to do to prepare:
This feature ships default on; review Manage messaging policies in Teams.
If you wish to disable this feature in your tenant, please disable the Suggested Replies setting that is found in Messaging Policies.
Users also have a setting within the app so they can disable the feature.
MC494734 — (Updated) Teams update: Expanded view of the profile card in Teams
30-60 Days
Microsoft 365 Roadmap ID 109526
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
Beginning in March, users in your organization will be able to use expanded views of the profile card in Teams. The expanded view is already available in Outlook and includes more information, like an overview of the profile, contact information, organizational chart, and LinkedIn tab.
When will this happen:
We will begin rolling out this feature in late May (previously late April) and expect to complete the rollout in mid-January 2024 (previously early November).
What you need to do to prepare:
No preparation is needed for this change. For more information about what users can see on profile cards, see Profile cards in Microsoft 365.
Intune
MC690594 — Update devices to renew enrollment certificates
>60 Days
Previously communicated in MC650410, devices enrolled in Intune will require the following updates to ensure certificate renewal continues to work as expected:
Windows: Install the January 2023 or newer cumulative update on supported versions of Windows 10 and Windows 11 (KB5019275).
Android: For the following enrollment methods, devices will need to update to the latest Company Portal version (minimum v5.0.5800):
Android Enterprise personally owned devices with a work profile
Android device administrator
iOS/iPadOS: For devices enrolled with Apple User Enrollment, update operating system to 16.2 or later. Once updated, we recommend users initiating a sync from the Company Portal to ensure the device is online and unlocked. Note: This is not a change to the minimum supported iOS/iPadOS versions in Intune. Devices can continue to enroll on supported versions.
We will begin rolling out this change for Windows and iOS/iPadOS devices on February 15, 2024. For Android devices, this is expected to begin in the second half of 2024.
How this affects my organization:
Our telemetry indicates you have at least one device that has not met these requirements and could be impacted if the certificate expires after this change.
User impact: If devices do not meet these requirements, they might be unable to renew their enrollment certificates and users will lose access to your organization’s resources. Users would then need to re-enroll.
What you need to do to prepare:
Notify your users to update their device based on the requirements above. You can check which devices have expired certificates by using this PowerShell script: Managed Device Certificate Expiry Report
MC688107 — Plan for Change: Removal of several Microsoft Graph Beta API’s for Intune device configuration reports
>60 Days
Starting in February 2024, the following Microsoft Graph Beta API’s that leverage the old Intune reporting framework for device configuration policy reports will stop working:
Device configuration report:
Device status:
How this will affect your organization:
If you are using automation or scripts to retrieve reporting data from the Graph Beta API’s listed above, you will need to update them to prevent them from breaking.
Move to the new Intune reporting framework by making POST requests to the corresponding endpoint for each report:
Device configuration report: getConfigurationPoliciesReportForDevice
Device and user check-in status report: getConfigurationPolicyDevicesReport
Device assignment status report: getCachedReport
Example:
POST https://graph.microsoft.com/beta/deviceManagement/reports/getConfigurationPoliciesReportForDevice
What you need to do to prepare:
Update your reporting automation or scripts as needed. We recommend moving to the newer reporting framework. Learn more about the updated reporting framework and APIs by reading the blog Announcing updated policy reporting experience in Microsoft Intune.
MC683653 — (Updated) Plan for Change: Update your iOS/iPadOS Company Portal minimum version to v5.2311.1
Rolled Out
Updated November 7, 2023: The content below has been updated for clarity.
Please note we have updated the version from v5.2310.1 to v5.2311.1.
We will soon release an updated Company Portal for iOS/iPadOS (v5.2311.1) to the Apple Store that is a required app update. Starting on November 6, 2023, or soon after, the minimum supported version of the iOS/iPadOS Company Portal will change to v5.2311.1.
How this will affect your organization:
User impact: Most users have app updates set to automatic, so they receive the updated Company Portal app without taking any action. Users that have an earlier app version will be prompted to update to the latest Company Portal app and will need to update to continue using the app.
Note: If you have enabled the ‘Block installing apps using App Store’ device restriction setting, you may need to manually push an update to devices.
What you need to do to prepare:
If you have enabled the above device restriction setting you will likely need to push an update to devices. Otherwise, no action is needed, but if you have a helpdesk, you may want to make them aware of the prompt to update the Company Portal app.
Entra ID
MC695501 — Cross-tenant manager synchronization
30-60 Days
Microsoft 365 Roadmap ID 186222
Cross-tenant synchronization now supports provisioning the manager attribute.
When this will happen:
Preview: We will begin rolling out mid-December 2023 and expect to complete by late January 2024.
How this will affect your organization:
For existing synchronization configurations that use the default schema (where you haven’t made any customizations to the attribute mappings or scoping rules), the manager will start to provision automatically for new users. For existing synchronization configurations that do not use the default schema, you can add the manager attribute to your attribute mappings.
What you need to do to prepare:
No customer action is required.
MC695490 — Changes to FIDO2 security key registration and sign-in experiences
Rolled Out
During FIDO2 security key registration, Microsoft Entra ID users may see an operating system or browser-generated prompt for creating a passkey on another device, such as a phone or tablet. In some cases, a QR code is shown to facilitate this option. When this happens, the user needs to select “Use a different device” to continue with their registration process.
This is due to an evolution of the ecosystem resulting in operating system and browser UI changes. For users on Windows 11 23H2, an updated system UI has been enabled to improve user discovery and selection of security keys and other passkey types. We are also aware that a similar prompt may be presented during sign-in time. Currently, we are investigating a mitigation to optimize the sign-in flow.
What you need to do to prepare:
If your organization uses FIDO2 security keys, we recommend that you reach out to affected users for awareness and update any internal documentation to guide users through this prompt. Please note that the prompt varies across operating systems and browsers.
MC690185 — Prepare for device-bound passkeys in Microsoft Entra ID (changes to FIDO2 and Windows Hello for Business)
>60 Days
Beginning January 2024, Microsoft Entra ID will support device-bound passkeys stored on computers and mobile devices as an authentication method in preview, in addition to the existing support for FIDO2 security keys. This enables your users to perform phishing-resistant authentication using the devices that they already have.
We will be expanding the existing FIDO2 authentication methods policy and end user experiences to support this preview release. If your organization uses FIDO2 authentication or Windows Hello for Business, please continue reading to learn more and prepare for the upcoming changes.
Admin Configuration
In the Entra admin portal, we will be renaming “FIDO2 security keys” to “Passkeys (FIDO2)” within the authentication methods policy and Conditional Access authentication strengths policy.
For your organization to opt-in to this preview, you will need to enforce key restrictions to allow specified passkey providers in your FIDO2 policy. Here are the possible configuration states for FIDO2 key restrictions during the preview:
No key restrictions (FIDO2 policy default): Tenant allows all security key models. Device-bound passkey providers on computers and mobile devices are not allowed.
Key restrictions set to “Allow”: Tenant only allows the explicitly added AAGUIDs. To enable a device-bound passkey provider, add their AAGUID(s) to the key restrictions list.
Key restrictions set to “Block”: Tenant blocks the explicitly added AAGUIDs and allows all other security key models. Device-bound passkey providers on computers and mobile devices are not allowed.
End User Registration Experience
In the My Security Info portal, a new registration option called “Passkey (preview)” will be shown to end users for registering a device-bound passkey on computers, mobile devices, or security keys.
*Towards the end of 2024, the existing security key registration option will be replaced by the newly introduced passkey option.
End User Sign-in Experience
The existing end user sign-in option for Windows Hello for Business and FIDO2 security keys will be renamed to “Face, fingerprint, PIN, or security key”. The term “passkey” will be mentioned in the updated sign-in experience to be inclusive of passkey credentials presented from security keys, computers, and mobile devices.
Text displayed to users today:
“Sign in with Windows Hello or security key”
“Sign in with a security key”
“Signing in with Windows Hello or security key”
Text displayed to users in January 2024:
“Face, fingerprint, PIN, or security key”
“Signing in with a passkey”
MC688120 — (Updated) Microsoft managed Conditional Access policies will be created in your tenant
<30 Days
Microsoft 365 Roadmap ID 183905
Updated November 10, 2023: We have updated this message to show as intended.
In 2020, we introduced security defaults in Microsoft Entra ID, which significantly raised baseline security for organizations. Now, to build on those improvements, we’re introducing Microsoft-managed Conditional Access policies. Between early November 2023 and late December 2023, we’ll create these new Conditional Access policies in your tenant: As part of ongoing efforts to improve security, we’ll create these new Microsoft managed Conditional Access policy (or policies) in your tenant.
These policies will be created in report-only mode, which means that they won’t block any access, but will generate reports on how they’ll affect users when they’re switched to the On state.
After the policies have been created in your tenant, you’ll have 90 days to evaluate and configure them. Then, if you haven’t already moved them to the On or Off state, they’ll be automatically moved to On. Once the policies are enabled, users covered by them will need to have multifactor authentication.
When this will happen:
We’ll create new Microsoft-managed Conditional Access polies between early November 2023 and late December 2023.
How this will affect your organization:
Your organization will see the following new policy(s):
{TenantSpecificInfo}
What you need to do to prepare:
To avoid any potential disruption to users’ access and to ensure these policies meet your organization’s needs, take the following actions within 90 days of their creation, before they’re moved to the On state:
Review the effects and benefits of the new policies. If you don’t want us to enable them automatically, set them to Off. Or, you may set them to On at any time.
Customize these policies according to your specific needs, such as excluding emergency access accounts.
Verify that all users covered by these policies have enabled and registered at least one multifactor authentication method. If necessary, run a registration campaign to set up the Authenticator app.
Microsoft Purview
MC695503 — Data Loss Prevention – Apply protection at the time of egress on endpoints
<30 Days
Microsoft 365 Roadmap ID 138591
Just-in-time protection applies policy to onboarded Windows 10/11 devices. At the time of egress on endpoints, Just-in-time will detect or protect:
Items that have never been evaluated.
Items on which the evaluation has gone stale. These are previously evaluated items that haven’t been reevaluated by the current, updated cloud versions of the policies.
Please note that we have updated this feature since our Public Preview announcement, you can see the settings and the best practice on our public doc: Learn about Endpoint data loss prevention | Microsoft Learn and Using Endpoint DLP Just-in-time protection | Microsoft Learn.
When this will happen:
Rollout will begin in late November and is expected to be complete by mid-December 2023.
How this will affect your organization:
All the JIT-scope users will be considered as JIT Block mode candidates on the client machine.
When JIT Block happens, end-user may see one of the following Windows dialogs.
What you need to do to prepare:
Careful select the user(s)/group(s) under Scope setting. For example, for following setting, Endpoint DLP will apply JIT Audit every onboarded machine but apply JIT Block to the select user.
MC695500 — Microsoft Purview Information Protection: Tracking and Revocation in Compliance Portal
<30 Days
Microsoft 365 Roadmap ID 177890
Users can access the Microsoft Purview compliance portal to check who has tried accessing their sensitivity labeled and encrypted local Office files and revoke access when needed.
When this will happen:
Standard Release: This feature is now available in Production.
GCC: We will begin rolling out in early December and complete by mid-December 2023.
How this will affect your organization:
Within Office, end users will see Track & Revoke Access within the Sensitivity button. When end users are the owners of a local file and they click on this button, they will be taken to the Microsoft Purview compliance portal where they can see user access attempts for the local file and have the option to revoke access.
In addition, admins will be able to view the tracking logs for all users and revoke access to local Office files using PowerShell commandlets.
Get-AipServiceDocumentLog searches for a document using the filename or the email address of the user who applied protection.
Get-AipServiceTrackingLog uses the file’s ContentID to return tracking data.
Set-AIPServiceDocumentRevoked uses the file’s ContentID to revoke access.
Clear-AipServiceDocumentRevokeduses the file’s ContentID to restore the access.
What you need to do to prepare:
The Microsoft Purview Information Protection Tracking and Revocation feature will be turned on by default. To disable the feature, use the Disable-AipServiceDocumentTrackingFeature commandlet.
MC694127 — Data Loss Prevention – predicates for protection of password protected, unscannable and partially scannable documents
Rolled Out
Microsoft 365 Roadmap ID 183514
This feature will extend protection capabilities to all documents, regardless of their scan status or password protection. Admins can use this feature to protect all the files that are password protected, or those that can’t be scanned by DLP.
When this will happen:
We will begin rolling out in late November.
How this will affect your organization:
Step 1: Navigate to Data loss prevention.
Step 2: Click on create new policy and select custom template
Step 3: Assign the new policy a name and description
Step 4: Choose the location as SharePoint (You can choose specific sites if required)
Step 5: Create a new rule and select conditions as required:
Document or attachment is password protected
Document or attachment could not be scanned
Document or attachment didn’t complete scanning
Rules for the other 2 conditions can be created in a similar way, these predicate can be paired with existing conditions available for SPOD workload
Step 6: Once the rule is created, admins can add other rules if required and apply the policy on their organization as required.
Rules for the other 2 conditions can be created in a similar way, these predicate can be paired with existing conditions available for SPOD workload
What you need to do to prepare:
Link for public documentation: Data Loss Prevention policy reference | Microsoft Learn
MC694120 — Data Loss Prevention – Apply Purview Message Encryption branding with Data Loss Prevention policy
30-60 Days
Microsoft 365 Roadmap ID 117490
Purview Messaging Encryption supports customized branding templates for encrypted mail sent to external recipients. The functionality is being brought to Data Loss Prevention policy from Exchange mail flow rule. In addition, DLP policies provide additional configuration to control whether Microsoft 365 external recipients will be able to view the encrypted mail inline using Outlook or the encrypted portal experience.
When this will happen:
Rollout will begin in mid-January and is expected to be complete by late January 2024.
How this will affect your organization:
There is no impact to existing mail flow rule in Exchange online that are already setup in Exchange Admin Center. Administrators can choose to now configure new DLP policy in the Microsoft 365 compliance center to apply customized branding templates to encrypted mail instead of configuring mail flow rules in Exchange Admin Center. DLP policy will have higher preference and therefore override mail flow rule in applying customized branding templates to encrypted mail. (Configuration of the custom branding template still requires admins to use Exchange powershell. See Add your brand to encrypted messages – Microsoft Purview (compliance) | Microsoft Learn for details.
What you need to do to prepare:
If you are interested in applying custom branding, get started with Data Loss Prevention in the Microsoft Purview compliance portal.
MC693861 — Exchange auto-labeling supports non-mail enabled security groups
<30 Days
Microsoft 365 Roadmap ID 184909
Service side auto-labeling now allows scoping of exchange workload to non-mail enabled security groups.
When this will happen:
Rollout will begin in late November and is expected to be complete by mid-December.
How this will affect your organization:
Admins can create new or edit existing auto-labeling policies to include Exchange locations for non-mail enabled security groups.
What you need to do to prepare:
Determine if your organization has any non-mail enabled security groups that should have their mail automatically labeled.
Automatically apply a sensitivity label in Microsoft 365 | Microsoft Learn
MC692752 — Important changes to the secure baseline configuration for Exchange mailbox audit logging in Microsoft Purview Audit.
<30 Days
You are receiving this notification because your organization may have one or more Exchange mailboxes that is not configured to provide access to activity telemetry in Microsoft Purview audit log searches or via the Management Activity API.
When this will happen:
We will begin rolling out in early December 2023.
How this will affect your organization:
Beginning on December 8th, activity telemetry from Exchange mailboxes will now be available by default in Microsoft Purview Audit. If your organization does not have any Exchange mailboxes, then this change will not impact you.
This change will only impact the configuration of mailboxes that have not been manually configured – either enabled or disabled. To prevent this change from impacting your organization, ensure your mailbox audit settings are configured manually in accordance with your organization’s requirements.
What you need to do to prepare:
No actions are required to prepare for this change.
Learn more about mailbox audit log settings Manage mailbox auditing | Microsoft Learn
MC692463 — Microsoft Purview Insider Risk Management: General availability of SharePoint site selection enhancement
<30 Days
Microsoft 365 Roadmap ID 169880
Microsoft Purview Insider Risk Management will be rolling out general availability of SharePoint site selection enhancement.
When this will happen:
Rollout will begin at the end of November and is expected to be complete by mid-December.
How this will affect your organization:
With this update, Insider Risk Management admins can add any SharePoint sites as priority content or exclude certain SharePoint sites in Insider Risk Management policies by searching the site names or using the exact URLs.
What you need to do to prepare:
You can add SharePoint sites to exclusion at insider risk settings > intelligent detections.
You can add SharePoint sites to priority content at Policies > create/ edit policy.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
You can access the Insider Risk Management solution in the Microsoft Purview compliance portal.
Learn more: Learn about insider risk management settings | Microsoft Learn
MC690611 — Data Loss – “Deliver the message to the hosted quarantine” in DLP EXO
30-60 Days
Microsoft 365 Roadmap ID 124975
We’re rolling out a new action for Data Loss Prevention in Exchange Online called “Deliver the message to the hosted quarantine”.
When this will happen:
Rollout will begin in late December and is expected to be complete by early January.
How this will affect your organization:
Previously while managing messages delivered to hosted quarantine, admins had to filter these messages under transport rules. With this update, we are adding a new column where the messages delivered to quarantine can be viewed under “Data Loss Prevention”.
Quarantine Page
Threat Protection Status
Threat Explorer
Mailflow status report
What you need to do to prepare:
If you are currently not using this action, there is no impact to your organization, but if you are using this action and were monitoring messages that are being quarantined in the Quarantine/ Threat Explorer/Mailflow Status/TPS/Adv Hunting reports you will need to update your Quarantine reason/Policy Type filter from “Transport Rule” to “Data Loss Prevention” to look for the messages that were quarantined because of DLP.
Get started with Data Loss Prevention in the Microsoft Purview compliance portal.
Learn more: DLP policy conditions, exceptions, and actions.
MC690178 — Information Protection – Keyword highlight support for document trainable classifiers
<30 Days
Microsoft 365 Roadmap ID 170738
The keyword highlighting feature for Trainable Classifiers emphasizes the top 10 distinct keywords/phrases that influence the classification, showcasing up to 10 occurrences of each keyword.
The feature is being enabled through:
Content Explorer:
Viewing the classified document through Content explorer will highlight the keywords that match the Trainable classifiers detected.
Test Trainable classifier:
Uploading a document and testing it for a specific classifier OR selecting the document in the classifier’s matched item will highlight the keywords that match the Trainable classifier detected.
Note:
This feature will only work on the new/edited documents after the date “keyword highlight” has been enabled.
When this will happen:
Rollout will begin in early December and will complete by late December 2023.
How this will affect your organization:
The keyword highlight feature enables you to:
Quickly locate text that caused the positive outcome in the classifier.
Establish trust in the effectiveness of trainable classifiers.
Reduce the time to decide and take further actions.
What you need to do to prepare:
This feature will only work on new/edited documents after the date “keyword highlight” has been enabled.
Release of Keyword Highlighting for Train & new Business Context Classifier (microsoft.com)
Trainable classifiers definitions
Increase Classifier Accuracy | Microsoft Learn
MC689502 — Microsoft Purview: Endpoint DLP – Restrict egress activities on sensitive sites in Microsoft Edge.
<30 Days
Microsoft 365 Roadmap ID 117574
This capability allows restriction of common egress activities as users navigate sensitive service domains or access sensitive content via Microsoft Edge.
When this will happen:
Rollout will begin in late November and is expected to be complete by early December 2023.
How this will affect your organization:
With this new sensitive service domains capability in Microsoft Purview DLP for endpoints, organizations will be able to designate groups of protected sites or domains and then apply different restrictions and restrict common egress activities when users visit those sites from Microsoft Edge browser. For example, DLP policies can be configured to prevent users from printing, copying data, or saving website contents as local files when navigating sites identified as part of sensitive service domains. The same audit, block, and block override controls can be configured for these scenarios as for other Microsoft Purview DLP policies.
What you need to do to prepare:
Get started with the Data Loss Prevention solution in the Microsoft Purview compliance portal.
Learn more:
Learn about Endpoint data loss prevention.
Configure endpoint DLP settings.
MC683661 — (Updated) Announcing GA of Admin units in Microsoft Purview Information Protection and Data Loss Prevention
<30 Days
Microsoft 365 Roadmap ID 165027
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
We’re rolling out a new capability in GCC, GCC-H, DoD that enables admins to delegate management and remediation authority for different people in different regions or organization units with role-based access control (RBAC) via Azure Active Directory Administrative Units. For example, German Admin Unit investigators would be able to investigate alerts and audit events for only German users.
When this will happen:
GCC, GCC-H, DoD GA rollout will begin in late October and is expected to be complete by mid-December 2023 (previously mid-November).
How this will affect your organization:
If you choose to not use this Admin Units feature, there is no impact to your organization. If your organization requires delegations of tasks based on users in specific regions or organization units, please follow the steps to set up this capability:
Set up Administrative Units (AU) in Azure Portal
Ring-fence Purview Admin Permissions to Administrative Unit scopes
Create and manage Admin Unit scoped MIP/DLP policies
Investigate user scoped DLP Alerts, Incidents, and Logs in Purview
Investigate user scoped Activities and events in Activity Explorer
Note- This Admin Units capability will be extended to Data Loss Prevention alerts in the Microsoft 365 Defender portal and can be tracked as part of the roadmap ID here: 162292
What you need to do to prepare:
Get started with Information Protection and Data Loss Prevention in the Microsoft Purview compliance portal.
Learn more: Permissions in the Microsoft Purview compliance portal
MC678065 — (Updated) Microsoft Purview compliance portal: Information Protection – New cmdlet for Content Explorer
<30 Days
Microsoft 365 Roadmap ID 117531
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
The Content explorer Export feature has a limitation of exporting data only after drill down to specific location. This feature is now available in Public Preview and allows admins to use a new cmdlet within the Security & Compliance PowerShell, Export-ContentExplorerData, to export all rows of data for the content that are scanned and shown on the Content Explorer.
When this will happen:
This feature will begin rolling out mid-October 2023 and expect to complete by mid-December 2023 (previously mid-November).
How this will affect your organization:
This feature can be accessed through the Security & Compliance PowerShell, Export-ContentExplorerData.
What you need to do to prepare:
There are no additional settings needed for this feature.
Get started with content explorer | Microsoft Learn
MC677825 — (Updated) Data Loss Prevention – Download File Evidence for DLP Investigations
<30 Days
Microsoft 365 Roadmap ID 167340
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
We are announcing a new feature in GCC, GCC-H, DoD GA which provides DLP investigators the option to download the full file from SharePoint and/or OneDrive for Business that resulted in a DLP policy match as evidence for DLP Alerts in Microsoft Purview compliance portal and Microsoft 365 Defender portal.
When this will happen:
Rollout will begin in the mid-November 2023 (previously late October and is expected to be complete by early December 2023 (previously early November).
How this will affect your organization:
To download the SharePoint or OneDrive for Business file that resulted in a DLP alert or incident for, Navigate to Alerts details tab in the Microsoft Purview compliance portal or Microsoft 365 Defender portal, select the alert, click on the Actions menu, and then click “Download.”
If you choose to not use this download feature, there is no impact to your organization.
What you need to do to prepare:
There is nothing you need to do prepare, the download option will be available in the DLP alerts experience in both Microsoft Purview compliance portal and Microsoft 365 Defender portal.
MC675959 — Microsoft Information Protection: Microsoft Purview: Exact Data Match to support multi-token corroborative evidence.
>60 Days
Microsoft 365 Roadmap ID 124847
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
Exact Data Match (EDM) will support string match detection of multi-token (i.e., fields with multiple words separated by spaces or punctuation) corroborative evidence without requiring mapping Sensitive Information Types (SITs) to multi-token corroborative evidence fields.
When this will happen:
Rollout will begin in mid-December 2023 (previously mid-November) and is expected to be complete by early February 2024 (previously mid-December).
How this will affect your organization:
With this release, multi-token corroborative evidence can be detected as a string match, without requiring it to be mapped to a Sensitive Information Type (SIT) that is able to detect that content as a single entity, which may result in more accurate EDM detection.
In some cases, it may still make sense to map a SIT to a corroborative evidence field, both to reduce latency by limiting the amount of content that needs to be compared for each match, and to eliminate some potential false positives. For example, if you have indicated multiple characters as ignored delimiters using configurable match, but still want to only detect matches on strings which are formatted with some of the delimiters or where multiple delimiters match each other.
In general, if a SIT can be accurately matched to a corroborative evidence column, it is preferred to do so rather than to rely on automatic single-word or multi-token matching.
What you need to do to prepare:
To use this feature, you need to opt-in for multi-token support for each corroborative evidence field that you want enabled. You can do this either through the new EDM UI experience (see screenshot above) or through a schema XML file update. Before doing so, you will need to first uninstall your current version of the EDM Upload Agent and download / install the latest version from: https://learn.microsoft.com/en-us/purview/sit-get-started-exact-data-match-hash-upload#links-to-edm-upload-agent-by-subscription-type.
Once this feature has been released, additional details will be found in our EDM public documentation:
Learn about exact data match based sensitive information types | Microsoft Learn
MC669740 — (Updated) Microsoft Purview Information Protection Tracking and Revocation – End-User Tracking and Revocation
TBD
This change is associated with Microsoft 365 Roadmap ID 164210
Updated November 30, 2023: We are evaluating this change and have paused the rollout. We will update the Message center post when we are ready to proceed. Thank you for your patience.
From the sensitivity menu, owners of Office files protected with a sensitivity label can access the Microsoft Purview compliance portal to view user access attempts and revoke access if needed.
When this will happen:
Preview: We have started rolling out and expect to complete by late August. – Complete
The rollout of the following items has been paused and we will communicate via Message center when we are ready to proceed.
Registration.
Track & Revoke.
How this will affect your organization:
The Microsoft Purview Information Protection Tracking and Revocation feature will be turned on by default. To disable the feature, use the Disable-AipServiceDocumentTrackingFeature commandlet.
What you need to do to prepare:
There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate.
MC668524 — (Updated) Microsoft Purview Information Protection: Tracking and Revocation in Compliance Portal – GCCH
TBD
Microsoft 365 Roadmap ID 152126
Updated December 1, 2023: We are evaluating this change and have paused the rollout. We will update the Message center post when we are ready to proceed. Thank you for your patience.
Users can access the Microsoft Purview compliance portal to check who has tried accessing their sensitivity labeled and encrypted local Office files and revoke access when needed.
When this will happen:
We are evaluating this change and have paused the rollout.
What you need to do to prepare:
The Microsoft Purview Information Protection Tracking and Revocation feature will be turned on by default. To disable the feature, use the Disable-AipServiceDocumentTrackingFeature commandlet.
MC667126 — (Updated) Microsoft Purview DLP Endpoint: Most restrictive actions across multiple policies GA
Rolled Out
Updated November 16, 2023: We have updated the timing below. Thank you for your patience.
We’re enhancing the enforcement engine in Microsoft Purview Endpoint DLP (part of the Microsoft Purview Data Loss Prevention suite) to refine the restrictions enabled when multiple rules are matched. Note: This change is specific to Endpoint DLP for Windows only. Changes for MacOS will roll out separately.
When this will happen:
Starting in late August, we’re rolling this enhanced behavior, which will apply the most restrictive policy-defined actions across multiple policies triggered by a given event. We expect to complete by late November (previously early November).
How this will affect your organization:
You are receiving this message because your organization has licensing that entitles you to use Endpoint DLP.
Once this change is implemented, administrators may see an increase in Endpoint DLP alerts as more user activities are blocked by the more restrictive of multiple flagged policies.
Example: A user attempts to print a file containing both SSN & credit card numbers, triggering multiple policies. The SSN policy blocks users from printing, and the credit card policy blocks with override. The most restrictive policy (block) will be applied, ensuring there are no gaps in coverage.
What you need to do to prepare:
No action or policy reconfiguration is needed to enable this change.
Get started with Data Loss Prevention in the Microsoft Purview compliance portal.
Learn more: Get started with Endpoint data loss prevention Data Loss Prevention policy reference.
MC598630 — (Updated) Microsoft Purview Data Loss Prevention – DLP Policy tips revamp for Outlook for Windows for E5/G5 users
<30 Days
Microsoft 365 Roadmap ID 138577
Updated November 16, 2023: We have updated the rollout timeline below. Thank you for your patience.
We’re rolling out new and improved DLP Policy tips in Outlook for Windows to support top DLP predicates and exceptions, all advanced classifiers, and override capabilities for E5/G5 users.
When this will happen:
Rollout will begin in early December 2023 (previously mid-November) and is expected to be complete by mid-December 2023 (previously late October).
How this will affect your organization:
You can now alert or restrict your users from unauthorized or accidental sharing of any sensitive information via email in Outlook win32 by leveraging new and improved DLP Policy tips in new or existing DLP policies. These real time alerts and recommendations empower your organization to accurately identify sensitive information being shared with unauthorized recipients or domains and take appropriate action.
DLP Policy tips now support a richer set of DLP conditions (and corresponding exceptions), including the following:
Content Contains Sensitive Information
Content contains Sensitivity label
Content is shared internally/externally
Sender is
Sender domain is
Sender is member of
Recipient is
Recipient domain is
Recipient is a member of
Subject contains words
Additionally, DLP Policy tips now support advanced classifiers like Trainable classifiers, Exact data match (EDM), Named Entities, and Credential scanning SITs, as well as an override feature that gives end users the ability to quickly and easily modify or override policies (if allowed in the DLP rule configuration), ensuring that the sensitive data is always protected, while still allowing end users to work efficiently.
What you need to do to prepare:
You can create new DLP policies or leverage the existing ones to use DLP Policy tips as an additional layer of security for sensitive data.
Get started with Data Loss Prevention in the Microsoft Purview compliance portal:
Microsoft Purview compliance portal for GCC cloud environments
Microsoft Purview compliance portal for GCC-High cloud environments
Microsoft Purview compliance portal for DoD cloud environments
Learn more:
Create, test, and tune a DLP policy
Data Loss Prevention policy reference
Learn about data loss prevention
MC515536 — (Updated) Microsoft Purview | Data Lifecycle Management and Records Management – Microsoft Graph APIs for extensibility
<30 Days
Microsoft 365 Roadmap ID 88276
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
As a part of our extensibility vision and first release to Microsoft Graph, we are introducing three new APIs for retention labels, events, and event types in the Microsoft Graph beta environment. These APIs will enable you to customize and extend on what we have built in the product so far.
These APIs can be used by compliance admins and developers to manage retention labels in Data Lifecycle and Records Management solutions.
When this will happen:
Rollout will begin in late March 2023 (previously late February) and is expected to be complete by mid-December 2023 (previously mid-November).
How this will affect your organization:
If your organization needs to automate any operation related to retention labels or events, we recommend you achieve this by using the new Graph APIs instead of using PowerShell cmdlets. With Graph, we use REST APIs that support better security, extensibility, and app authentication features.
The three APIs are available under the security node and the endpoints to access them are as follows:
What you need to do to prepare:
Permissions
Currently, these APIs are supported through delegated permissions only, which are managed through the Graph interface. We are introducing two new permissions which you will need to access these APIs:
recordsmanagement.read.all
recordsmanagement.readwrite.all
Licensing
Access to Data Lifecycle Management and Records Management features varies based on your Microsoft 365 license level. See Microsoft 365 guidance for security & compliance – Service Descriptions for licensing requirement details.
Get started with Data Lifecycle Management and Records Management in the Microsoft Purview compliance portal:
Microsoft Purview compliance portal for WW and GCC cloud environments
Microsoft Purview compliance portal for GCC-High cloud environments
Microsoft Purview compliance portal for DoD cloud environments
Learn more:
Use the Microsoft Graph records management API
Create retention labels for exceptions
Start retention when an event occurs
Exchange Online
MC695487 — Contact Unification across Outlook and Teams
30-60 Days
Today, users can see Outlook contacts created with their Entra ID (AAD) account in Teams, but contacts created in Teams are not available in Outlook. To provide a consistent experience we are making changes to allow Teams contacts, created with a user’s Entra ID (AAD) account, to be visible in Outlook as well.
When this will happen:
We will begin rolling out in mid-December 2023 and complete by late January 2024.
How this will affect your organization
Once this change is complete, users will be able to see created contacts across both Outlook and Teams and vice versa.
What you need to do to prepare
You may consider updating your training and documentation as appropriate.
MC692754 — FindTime add-in is being removed and replaced with Scheduling Poll as a native feature
<30 Days
The FindTime add-in will stop working and be removed from Outlook for Windows, Web and Mac. Scheduling Poll is the replacement feature, which is built directly into Outlook clients for all users as a native feature.
When this will happen:
You can expect the FindTime add-in to stop working as early as December 11, 2023. We will start making the change on December 11, 2023, and expect to complete it by the end of that week.
How this will affect your organization:
Once the change has rolled out users will need to utilize Scheduling Poll as a replacement of the FindTime add-in.
Scheduling Poll is currently available to all users of Outlook on the Web and Mac. It is available to Classic Outlook for Windows users in Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Preview. It will become available to Classic Outlook users on the Semi-Annual Enterprise Channel in January 2024, and to the Semi-Annual Extended Channel in June 2024.
Users who do not have access to Scheduling Poll yet can either switch to the Current Channel, Monthly Enterprise Channel, or Semi-Annual Enterprise Preview in Classic Outlook for Windows; or they can use Outlook on the Web to create polls.
Note: this change only affects poll creation; poll management can still be done through the FindTime dashboard – https://outlook.office.com/findtime/dashboard.
What you need to do to prepare:
You may consider updating your training and documentation as appropriate as users will get this change automatically as it progresses through the deployment rings. For more information on using Scheduling Poll, please refer to the relevant support articles.
MC692468 — Outlook Web and New Outlook for Windows: Sort by Category
<30 Days
Microsoft 365 Roadmap ID 183902
Soon, users will be able to sort their emails by categories in inbox and other folders.
When this will happen:
Standard Release: This is currently rolling out and expected to complete it by mid-December 2024.
How this will affect your organization:
Users can stay focused and organized by allowing them to group related emails together directly in the message list.
The ability to sort email messages in the message list has been available for a while. Currently, you can sort by:
Date
Subject
Importance
From
Size
Category (new)
Selecting the “Category” option will allow users to group their emails by their assigned categories in the message list. If an email is tagged with two or more categories, it will appear in each of those corresponding sections.
The sort order is set per folder and will persist until the user changes the sorting preference.
What you need to do to prepare:
There is no action needed to prepare for this change. You may want to notify your users about this change and update any relevant documentation as appropriate.
MC692461 — Outlook: Update to Play My Emails
30-60 Days
Play My Emails is a feature in Outlook Mobile that allows users to listen to new messages in their Focused Inbox and changes to their day hands-free through a voice-driven experience.
When this will happen:
We will begin rolling out the update in early December and expect to complete by early January 2024.
How this will affect your organization:
After this update, Play My Emails will no longer attempt to prioritize which messages are read out first. Messages will be read out solely based on chronological order.
What you need to do to prepare:
You may want to notify your users about this change and update any relevant documentation as appropriate.
MC692017 — Introducing Support for Concurrent Exchange Online License Assignments
<30 Days
In January 2023, we enabled a new feature in Office 365 that allows tenant admins to assign more than one Exchange Online license per AAD user. This provides license stacking support and automatic license feature upgrades and downgrades based on the most superior Exchange Online license pack assigned to a user.
SharePoint Online and Teams, for example, have been supporting concurrent license assignments for their own services for some time now. This new feature, hence, helps bring the same level of support to Exchange Online.
We are now expanding support for this feature in all US Government clouds.
When this will happen:
We will begin rolling out mid-December 2023, and expect to complete by end of December 2023.
How this will affect your organization:
As a tenant admin, you would still need to run reporting on license assignments and determine which users might have more than one Exchange Online license assigned. You might then elect to remove the least superior licenses from that user and send them back to the pool of unused licenses, so other users can benefit from them. This is important to understand: if two (or more) licenses are assigned, all of them are “in use” (and might be billed).
What you need to do to prepare:
This message is for your awareness and no action is needed.
MC692016 — Outlook: Track Read Receipts within Outlook on the Web and the New Outlook for Windows
30-60 Days
Microsoft 365 Roadmap ID 184504
We’re developing the ability to view the updated Read Receipt status of recipients from the sent item directly.
When this will happen:
Standard Release: We will begin rolling out early December 2023 and expect to complete by early January 2024.
GCC: We will begin rolling out early January 2024 and complete by early February 2024.
How this will affect your organization:
When the feature becomes available to you, you will be able to find entry points to the Track Read Receipts view on messages in your Sent Items folder.
What you need to do to prepare:
You may want to notify your users about this change and update any relevant documentation as appropriate.
MC690595 — Support for DLP scenarios in Mail flow rules will end mid-December 2023 – GCCH
<30 Days
As communicated previously in MC316722 (January ’22), MC344039 (March ’22), and MC454497 (October ’22) we have retired the Data Loss Prevention experience from the Exchange Admin Center. Instead, we recommend using Microsoft Purview in the Microsoft 365 compliance center, where you can extend your protection to locations such as SharePoint online, OneDrive for Business, Teams chats, Devices, and more. Microsoft 365 compliance center provides access to advanced classification capabilities like EDM, ML, etc., along with rich alerts, incident management features, and more.
When this will happen:
As we’ve reached the end of the multi-year journey to transition all DLP-related functionality from Exchange Admin Center (EAC) to Microsoft Purview DLP, we’ll stop supporting DLP-related scenarios and functionality in Mail flow rules (also known as Exchange Transport Rules or ETRs) in the EAC in your tenant’s environment in mid-December. If you haven’t already done so, please migrate or recreate any DLP-related ETRs you have and wish to retain to Microsoft Purview DLP as soon as possible, and then delete those ETRs from the EAC.
How this will affect your organization:
If you don’t have any DLP-related ETRs using DLP-related predicates or actions, then there is no impact to your organization.
If you do have DLP-related ETRs that use DLP-related predicates or actions, then in mid-December these ETRs will no longer run, nor will you be able to edit them or create new ones. Affected ETRs include the following:
Mail flow rules (ETRs) linked to DLP policies
Mail flow rules (ETRs) with the following DLP-related predicates or action
Predicates
MessageContainsDataClassifications (message contains sensitive information)
ExceptIfMessageContainsDataClassifications
HasSenderOverride (sender has overridden the Policy Tip)
ExceptIfHasSenderOverride
Action
NotifySender
Note: This action previously could have been used in an ETR that is not DLP-related, but its original purpose was for DLP-related functionality.
What you need to do to prepare:
Check if you have ETRs linked to DLP policies via Exchange Online PowerShell:
Get-TransportRule | where { $_.DlpPolicyId -ne [Guid]::Empty}
If you have ETRs that are linked to DLP policies, migrate those rules to Microsoft Purview DLP using the compliance portal’s built-in wizard. The process is explained in the playbook at Migrating from Exchange Transport Rules to Unified DLP.
Once you’ve finished migrating these ETRs delete them from the EAC (or via Exchange Online PowerShell). This will help keep your ETRs well organized and reduce the risk of exceeding your ETR quota (300 rules).
Check if you have any other ETRs that include DLP-related conditions or actions:
Get-TransportRule | where { $_.SenderNotificationType -ne $null -or $_.MessageContainsDataClassifications -ne $null -or $_.ExceptIfMessageContainsDataClassifications -ne $null -or $_.HasSenderOverride -eq $true -or $_.ExceptIfHasSenderOverride -eq $true }
If you have ETRs that include DLP-related conditions or actions but they’re not linked to DLP policies, consider recreating these rules in Microsoft Purview DLP. These rules cannot be migrated using the DLP migration wizard and they will stop working in mid-December.
Once you’ve finishing recreating the rules you wish to retain to Purview DLP please delete the ETRs in the EAC or via Exchange Online PowerShell. This will help keep your ETRs well organized and reduce the risk of exceeding your ETR quota (300 rules).
To learn more about creating rules in Purview DLP, see Create and deploy a data loss prevention policy.
Related links
Exchange Online ETRs to stop supporting DLP policies
Exchange Online Mail Flow Rules to stop supporting DLP-related rules, conditions, and actions
MC690173 — (Updated) Microsoft to stop honoring mail flow rules tracking user reporting
30-60 Days
Updated November 27, 2023: We have updated the content below for clarity. Thank you for your feedback.
Microsoft will stop honoring the mail flow rule which helps you track end user reporting. To improve the availability and reduce the latency of the submission service so that you can respond to threats (false negatives) more quickly and efficiently, we moved the submission service ahead of the exchange transport rule agent. Now the mail flow rules (or exchange transport rules) which you have for the following addresses – phish@office365.microsoft.com, junk@office365.microsoft.com, not_junk@office365.microsoft.com won’t be honored as the agent won’t be receiving signals for these addresses.
Moreover, the message tracking logs will show that reports going to phish@office365.microsoft.com, junk@office365.microsoft.com and not_junk@office365.microsoft.com as deleted or failed.
For example: [{LED=550 4.3.2 QUEUE.TransportAgent; message deleted by transport agent};{MSG=};{FQDN=};{IP=};{LRT=}]. Please ignore it as it is by design while we look for a better way to address it.
When this will happen:
We’ll be gradually rolling this out to customers starting late December 2023 and the roll out will be completed by late January 2024.
How this will affect your organization:
You will no longer be able to track end user report using mail flow rules for the following addresses – phish@office365.microsoft.com, junk@office365.microsoft.com, not_junk@office365.microsoft.com once the change is implemented.
What you need to do to prepare:
If you are routing report messages to a mailbox, we recommend going to user reported settings and under “reported message destinations”, setting the “send reported messages” to “My reporting mailbox only” and then providing the mailbox address you are routing to. Distribution groups and routing to an external or on-premises mailbox aren’t allowed.
If you are routing report messages to a mailbox for a particular report type, take the above step and create rules in the mailbox using the outlook client. You can specify which report “phish” or “junk” or “not junk”, you want to be ignored and filtered from your view. The report type is specified in the subject of the notification email sent to the mailbox (1| for Junk, 2| for Not junk, 3| for Phishing).
If you are concerned that your phish simulations will get analyzed by Microsoft, please add the third party phish simulation tool as phish simulation under advanced delivery. With this change, the phish simulation will get delivered unfiltered and on user report, it won’t be analyzed by Microsoft. It will even show up as a phish simulation in the user report tab of submissions.
If you are using exchange transport rule to forward phish simulation from user report to third party tool, we recommend going to user reported settings and under “reported message destinations”, setting the “send reported messages” to “Microsoft and My reporting mailbox only” or “My reporting mailbox only”. Then provide a mailbox address you want the user report to route to (not the third party mailbox). Distribution groups and routing to an external or on-premises mailbox aren’t allowed for this address. Now you configure an exchange transport rule which forward phish simulation coming to this mailbox address to the third-party tool.
If you are routing report messages to Microsoft via a custom add-in or another mechanism, we recommend either using the report button in Outlook for web or the report message add-in or the report phish add-in as described here.
MC682307 — (Updated) Reactions in Outlook for GCC High and DoD
30-60 Days
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
With reactions in Outlook, you can now react to an email message sent from someone in the same tenant without having to send a reply email. Show your appreciation and empathy with one click or tap.
Users will see a reactions icon (a face) in a message for any messages sent from someone inside the same tenant. They can hover over or tap it to see all of the possible reactions to select from.
Reactions will also send a digest email to a user who received any reactions.
When this will happen:
We will begin rolling out in late October 2023 and expect to complete rollout by early January 2024 (previously late November).
How this will affect your organization:
Reactions in Outlook allows you to react with one of six possible ways: Thumbs up, Heart, Celebrate, Laugh, Surprise, Sad. When you click on a reaction, everyone in the email thread who received the email will be able to see the reaction as long as they are part of the same tenant. The sender of the email will receive a notification of any reaction in their Notifications feed giving them a quick view of all the reactions their emails have elicited from other people.
Reactions will send a digest email once a day to users that may have missed any reaction notifications in the past 24 hours.
Users can also choose from different thumbs up reactions to choose the one that better represents them, and Outlook will remember their choice the next time.
What you need to do to prepare:
The September 2023 update outlines some ways for tenant admins and end users to disallow reactions on emails: Reactions in Outlook: Public usability update September 2023
MC680661 — (Updated) Expand and Collapse Folders in Outlook Mobile
Rolled Out
Microsoft 365 Roadmap IDs 171602 and 171603
Updated November 16, 2023: We have updated the rollout timeline below. Thank you for your patience.
We’re adding the ability to expand and collapse mail folders to Outlook Mobile.
When this will happen:
We will begin rolling out in early October 2023 and expect to complete rollout by late November 2023 (previously late October).
How this will affect your organization:
When viewing folders in the Outlook Mobile sidebar users will now see a “>” button that expands or collapses the current row, revealing any subfolders it may contain.
What you need to do to prepare:
The feature will automatically be enabled and will only appear for users who have a nested folder structure in Mail. For those who don’t use subfolders there is no change in functionality.
MC680660 — (Updated) Feature Update: Notifications for @mentions in Mail and Documents in Outlook Mobile
Rolled Out
Microsoft 365 Roadmap ID 171606 and 171607
Updated November 7, 2023: We have updated the rollout timeline below. Thank you for your patience.
We’re adding @mention notifications to the Outlook Mobile Notifications Pane.
When this will happen:
We will begin rolling out early October 2023 and expect to complete by late November 2023 (previously late October).
How this will affect your organization:
In addition to the notifications they already receive for reactions, Outlook Mobile users will start to see notifications in the Notifications Pane when they are mentioned in an email, a Microsoft 365 document, or a Loop. Currently there are no push notifications associated with these in-app notifications.
What you need to do to prepare:
This feature works with no user or tenant intervention necessary.
MC679319 — (Updated) Microsoft 365: Translator for Outlook on the Web
<30 Days
Microsoft Roadmap ID 164486
Updated November 7, 2023: We have updated the rollout timeline below. Thank you for your patience.
Translation email in Outlook on the Web is coming to your cloud. In Outlook, you can translate words, phrases, and full messages when you need them. You can also set Outlook to automatically translate messages you receive in other languages. When you receive an email message in another language, you’ll see a prompt at the top of the message asking if you’d like Outlook to translate it into your preferred language.
When this will happen:
Rollout will begin in mid-November 2023 (previously late October) and is expected to be complete by early December 2023 (previously early November).
How this will affect your organization:
You may need to configure the experience in your tenant.
The new Translator feature provides several major benefits for most customers including:
Source languages are detected automatically.
Multilingual documents are supported.
Users can look up translations for selected words, phrases, and other document selections.
Users can insert translations back into the document with the formatting and fidelity preserved.
Users can create on-demand translated copies of documents directly in the app.
What you need to do to prepare:
There is nothing you need to do to prepare for this change. For additional information, please visit this page.
MC649482 — (Updated) Sender Rewriting Scheme (SRS) Expanding to SMTP/Mailbox Forwarding
Rolled Out
Updated November 7, 2023: We have updated the rollout timeline below. Thank you for your patience.
We’re constantly working on making our service better and more efficient. As part of that, we are making changes to forwarding in Exchange Online that we have been working towards for some time. This will result in all forwarded messages being rewritten with Sender Rewriting Scheme (SRS).
Starting in mid-August, we will be further consolidating our rewriting feature for messages that are automatically forwarded outside of Exchange Online. Not all forwarded messages are rewritten using SRS today. For example, messages forwarded with SMTP or mailbox forwarding have their P1 Mail From address replaced with the forwarding mailbox address today. This will be changing, and SRS rewriting will be used instead. The change will be rolled out slowly and it may take time to reach your organization.
When this will happen:
We will begin rolling out in mid-August and expect to complete rollout by late November 2023 (previously late October).
How this will affect your organization:
This behavior change may impact systems relying on the P1 Mail From address. All messages that are forwarded externally from Exchange Online to the internet will be subject to SRS rewriting. Messages that will see a change in behaviour include those forwarded externally by SMTP or mailbox forwarding, or by Mail Contacts or Mail Users with external addresses. The risk of mail flow impact by changing from the current rewriting method to SRS depends on a few factors including your tenant configuration. Here are a few factors in more detail:
Firstly, any rules that have been set up in your tenant that are dependent on the P1 Mail from address, SRS introduces a rewritten address that will neither be a user in your tenant nor use one of your own domains. If you need a rule to act on the mailbox responsible for the forwarding, you should use the Resent-From header. Any mail servers or devices that have been configured to rely on the P1 Mail From address could also be affected.
Secondly, SRS is not always used to rewrite all forwarded messages. As mentioned in the SRS documentation, the new Relay Pool feature decides whether a message should be rewritten or not. One scenario this applies to is when the incoming message did not pass our SPF check in the first place. The list of conditions that skip SRS rewriting can be found in the Relay Pool documentation: Outbound delivery pools
Lastly, SRS does not act on traffic leaving Exchange Online using an on-premises mail flow connector. There is a risk of disruption for customers who route traffic from Exchange Online out to the internet via their on-premises servers (EXO -> On-Prem -> Internet). Forwarded messages will go out without being rewritten and could result in them being rejected by the recipients’ mail servers. This disruption would already be occurring for messages forwarded via other means such as Inbox Rules. This scenario can be addressed by following the instructions below about the new SenderRewritingEnabled setting.
Messages rewritten by SRS that are successfully delivered will have the same P2 From address of the original sender that shows up in email clients. Documentation on how SRS works here: Sender Rewriting Scheme (SRS) in Microsoft 365.
What you need to do to prepare:
Before this change takes effect, customers who route traffic to the internet from their on-premises environment should enable the new parameter SenderRewritingEnabled on their outbound on-premises mail flow connector to avoid any disruptions.
Please click Additional Information to learn more. Sender Rewriting Scheme Upcoming Changes
Microsoft Defender for Office 365
MC694647 — User experience improvements and persistent views in Threat Explorer by Microsoft Defender for Office 365
30-60 Days
As part of our user experience enhancements, we will be rolling out the following improvements to the user experience of Threat Explorer by Microsoft Defender for Office 365:
Persistent views
Navigation between URL Clicks and All email tab
Custom inputs for timestamp filter
Remediation action results in Explorer
When this will happen:
Preview: We will begin the private preview by early December 2023 and will finish the rollout by mid-December 2023.
Standard Release: We will begin the worldwide rollout by late December 2023 and will finish the rollout by mid-January 2024.
How this will affect your organization:
Persistent views: Explorer allows users to select the columns they want to see on the data grid and the columns they want to export as per their need and supporting data that they are looking for to investigate their cases and hunt for threats. We have enhanced this experience to allow users to save these preferences, and the saved preferences will be used in consecutive actions.
User preferences will be specific to the web browser in use and the user. Users will have an option to save different preferences in different web browsers.
If users are in private browsing mode, preferences will be active until the browse session is active. Closing all tabs in private browsing mode will allow users to erase those preferences by closing all tabs.
Users will be able to save different preferences for individual tabs in Explorer (All email, Malware, Phish, Campaign, Content Malware, URL Clicks) for both result sets and customizable columns.
Preferences will be saved each time the user clicks on “Apply” in customize columns flyout and “Export” in customize export flyout.
Saved preferences for the data grid will be reused each time the user clicks on refresh, applies filters, or lands on explorer via deep links provided in alerts, incidents, AIR, submission, and so on.
Saved preferences for export will be retained until the user changes the preference.
Navigation between URL Clicks and All email tab: The recently added URL clicks tab allow users to see end user clicks on URLs across emails, Teams messages, and documents shared across SPO/OD. Users will be able to navigate between the URL clicks tab and the All email tab of Explorer, allowing users to be more effective and efficient while hunting via clicks on malicious URLs.
Users can select up to 10 clicks belonging to the “Email” workload from the URL clicks tab and use the “View all emails” button to navigate to the All email tab to see the corresponding emails (using NetworkMessageID and Recipeint).
The URL clicks and Top Clicks tabs in the result set section now have a “View all clicks” option to navigate from the All email tab to the URL clicks tab.
These navigations will honor the applied filters in the All email and URL clicks tabs if the applied filter is present in both tabs.
Custom inputs for timestamp filter: The timestamp filter in Explorer will now allow users to input time ranges along with the current filter where users can select the time range from the dropdown options. Since the current dropdown allows users to select a time range in increments of 30 minutes only, this enhancement will allow users to manually enter more granular time ranges to narrow down the searches per their requirements.
Remediation action results in Explorer: SOC teams have direct and in-line visibility into manual remediation, quarantine release, and system post-delivery actions like ZAP and reprocessed messages (for FP recovery) in Threat Explorer’s result set. The result of the action will be appended to the action name for respective actions in the Additional Actions column of Threat Explorer.
What you need to do to prepare:
You do not have to do anything to prepare.
MC690603 — Microsoft Defender: User experience update to evidence
<30 Days
The evidence panels for mail cluster entities and mailbox configuration entities will have a refreshed user experience. The update is solely visual with no change in content. The change will be seen on the incident evidence and response tab, the investigation evidence and entities tabs as well as in action center when applicable to these entity types.
When this will happen:
This is currently rolling out and expected to complete by mid-December 2023.
How this will affect your organization:
Admins will see an updated UX for email clusters and mailbox configurations.
What you need to do to prepare:
You may want to notify your users about this change and update any relevant documentation as appropriate.
MC688444 — Enhanced action experience (Action wizard V2) from Email entity / Summary panel
<30 Days
We are adding the ability to take multiple actions together from the email entity and summary panel page. You can take email remediation actions, create submissions, tenant level block actions (block sender/domain/file/URLs), investigative actions and proposed remediation from the same panel. Actions are now contextual and grouped together depending on the latest location of the email message.
When this will happen:
Standard Release: We will begin rolling out mid-November and expect to complete it by late December.
How this will affect your organization:
If you are part of the Security Operations team and use Microsoft defender for Office 365 email remediation features, the following are the enhancements for the email entity page and email summary panel.
You can click on the “Take actions” button in top right corner of the email entity page.
Clicking on the Take actions button will open up a wizard to trigger different type of actions like email purge actions, investigative actions, submissions to Microsoft for further analysis, and block sender/domain/url/ attachments.
With these new enhancements you can now select multiple actions together in the single flow.
To navigate with the work flow we have grouped actions together and you can see logical grouping of good (false positives) and bad (false negative) message actions.
Now actions are contextual in nature in the same panel. For example – If the message is in already in inbox, you will see the move to inbox action will be grayed out.
You can pick any action you would like to take and follow a few steps to complete the wizard.
At the end of the flow, you will be able to see and track these actions in the unified action center (https://security.microsoft.com/action-center/) for email actions, in the Submission portal https://security.microsoft.com/reportsubmission for submissions, and in TABL page https://security.microsoft.com/tenantAllowBlockList for TABL blocks.
We are also introducing block URL and block attachments/files in the same panel. Upon block rule creation, you will be able to track these under “Policies & rules >>Threat policies>>Tenant Allow/Block List.”
What you need to do to prepare:
You need the “search and purge” role to take email purge actions from email entity page.
More reference-
Permissions in the Microsoft 365 Defender portal
Microsoft Defender
MC695486 — Defender for Identity Cloud Service public IP Address change
30-60 Days
The inbound IP address for the Defender for Identity cloud services will be changing in US government Azure regions. This change will take effect on January 15th, 2024.
If you configured your firewall or proxy settings with the DNS name of your Defender for Identity workspace URL or the AzureAdvancedThreatProtection Azure Service Tag there is no action for you to take, your service will automatically redirect.
If you previously opened only a specific IP address in your firewall or proxy then please update your configuration with the new IP addresses listed below to ensure uninterrupted service.
When this will happen:
This change will take effect on January 15th, 2024.
How this will affect your organization:
If your environment is configured using the specific IP address for the Defender for Identity cloud services then you must update the target IP address to avoid interruption of service.
Customers who used the DNS name of their Defender for Identity workspace or AzureAdvancedThreatProtection Azure Service Tag will not see any impact.
What you need to do to prepare:
If you configured your firewall or proxy settings with the DNS name of your Defender for Identity workspace URL or the AzureAdvancedThreatProtection Azure Service Tag there is no action for you to take, your service will automatically redirect.
If you previously opened only a specific IP address in your firewall or proxy then please update your configuration with the new IP addresses listed below to ensure uninterrupted service.
For more details on firewall requirements go here.
MC692460 — Geo-location service provider changes in Microsoft Defender for Cloud Apps
<30 Days
We’re replacing the Geo-location service provider for Microsoft Defender for Cloud Apps
When this will happen:
We will begin rolling out in late November and complete by late December 2023.
How this will affect your organization:
Your tenant will get more reliable geo-location data, which is based on more accurate and updated data and will result in better detections and investigation experience for Microsoft Defender for Cloud Apps data. In addition, it will be aligned with the geo-location data used in other security products.
In the short term, since details such as ISP and locations are being used for machine learning based anomaly detections and will be changed, there might be an increase in the number of false positive alerts related to anomaly detection, until the new baseline behavior will be learned.
What you need to do to prepare:
You may want to notify your users about this change, specially your security operation teams, so they are aware of potential temporary false positive detections, and update any relevant documentation as appropriate.
MC687850 — Changes in CSPM support – CSPM will now be supported only in “Microsoft Defender for Cloud”
<30 Days
We will be retiring the Cloud Security Posture Management (CSPM) support from “Microsoft Defender for Cloud Apps” and officially moving it to “Microsoft Defender for Cloud” beginning late November 2023. We recommend the reconfiguration of CSPM tool in “Microsoft Defender for Cloud”, which is where we will continue to invest our development resources.
This message is complementary to the banners we displayed in the last year in CSPM related pages in “Microsoft Defender for Cloud Apps” and the notes in our documentation pages notifying these upcoming changes in 2023.
When this will happen:
We will roll this out in late November 2023 and expect to complete by mid-December 2023.
How this will affect your organization:
Security administrators will no longer be able to access, manage and use CSPM features in “Microsoft Defender for Cloud Apps”, such as API connectors, posture management, etc. when this change is implemented.
You are receiving this message because our reporting indicates your license includes the CSPM support features in “Microsoft Defender for Cloud Apps”, as this is a global message to all “Microsoft Defender for Cloud Apps” it’s possible, if CSPM is not used, that this event will not have impact you at all.
What you need to do to prepare:
If CSPM is used in your organization, instead of using “Microsoft Defender for Cloud Apps”, we recommend using “Microsoft Defender for Cloud” where we will continue to invest our development resources, and to re-configure the connectors to the cloud services
Please use the following resources –
What is Microsoft Defender for Cloud.
Learn more about the CSPM capabilities in Defender for cloud.
How to onboard cloud environments to Defender for Cloud: AWS, GCP, Azure.
Blog post for CSPM support in Microsoft Defender for Cloud.
MC687846 — (Updated) New Microsoft Defender Antivirus services on Windows Devices
>60 Days
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
Microsoft Defender Antivirus on Windows 10 and Windows 11 will be shipping with two new services:
Microsoft Defender Core service.
Microsoft Data Loss Prevention Service
When this will happen:
Preview: Nov ‘23 to Beta channel (Prerelease).
Targeted Release: We will roll out to all rings Current Channel (Preview), Current Channel (Staged) and Current Channel (Broad) during the week of January 15th, 2024.
Standard: We will begin rolling out mid-January 2024 and expect to complete by early February 2024.
How this will affect your organization:
To enhance your endpoint security experience, we are shipping the Microsoft Defender Core service which will help with stability and performance of Microsoft Defender Antivirus.
In order to troubleshoot Endpoint DLP related issues, we are breaking apart the feature to its own service (service name).
What you need to do to prepare:
Update the Platform Update to the latest version 4.18.23110.0 or newer
Allow the following URL’s:
*.events.data.microsoft.com
*.endpoint.security.microsoft.com
*.ecs.office.com
If using an Application Control application or running a 3rd party AV and/or EDR, add the following process to the allowed list.
Microsoft Defender Core Service – MdCoreSvc – MpDefenderCoreService.exe
Microsoft Data Loss Prevention Service – MDDlpSvc – MpDlpService.exe
MC686599 — (Updated) Updated security stack integration
<30 Days
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
Defender for IoT is refreshing its security stack integrations to improve the overall robustness, scalability, and ease of maintenance of various security solutions. If you’re integrating your security solution with cloud-based systems, it’s recommended to use data connectors through Microsoft Sentinel such as Aruba ClearPass or one of the Palo Alto connectors. For on-premises integration, it’s recommended to either set up the sensor to forward syslog or use Defender for IoT APIs.
The legacy Aruba ClearPass, Palo Alto Panorama and CyberX ICS Threat Monitoring for Splunk app will be supported until end of August 2024 using sensor version 23.1.3 Customers currently using these legacy integrations are advised to implement the new recommended configurations.
When this will happen:
Standard Release: We will begin rolling out early December 2023 (previously mid-November) and complete mid-January 2024 (previously late November) with the upcoming Defender for IoT sensor version release.
How this will affect your organization:
Adopting the recommended approach will help your organization achieve a more comprehensive and easier-to-maintain security solution and keep it up to date with the latest security measures.
What you need to do to prepare:
We recommend either configuring sensor to send syslog files, APIs or connect the relevant data connectors from Azure Sentinel.
MC685930 — (Updated) Microsoft Secure Score – New Microsoft Defender for Identity recommendations
30-60 Days
Updated December 5, 2023: The new ADCS reports have been temporarily removed as we address changes to ensure an optimal experience. We have updated the rollout timeline below to reflect when these will be available. Thank you for your patience.
We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture.
The improvement actions listed below will be added to Microsoft Secure Score. Your score will be updated accordingly.
When this will happen:
This will begin rollout in mid-November 2023 and is expected to be complete by late January 2024 (previously mid-December).
How this will affect your organization:
The following new Microsoft Defender for Identity recommendations will be added as Microsoft Secure Score improvement actions:
Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)
Edit overly permissive Certificate Template with privileged EKU (Any purpose EKU or No EKU) (ESC2)
Edit misconfigured enrollment agent certificate template (ESC3)
Edit misconfigured certificate templates ACL (ESC4)
Edit misconfigured certificate templates owner (ESC4)
Edit vulnerable Certificate Authority setting (ESC6)
Edit misconfigured Certificate Authority ACL (ESC7)
Enforce encryption for RPC certificate enrollment interface (ESC8)
These are new security posture reports related to Active Directory Certificate Services (AD CS) that analyze the configurations of different AD CS components and guide remediation, if necessary.
What you need to do to prepare:
There’s no action needed to prepare for this change, your score will be updated accordingly. Microsoft recommends reviewing the improvement actions listed in Microsoft Secure Score. We will continue to add suggested security improvement actions on an ongoing basis.
MC675279 — (Updated) Reminder – Microsoft Defender for Identity: Classic portal automatic forced redirection
Rolled Out
Updated November 16, 2023: We have updated the rollout timeline below. Thank you for your patience.
Beginning on mid-October, access to Microsoft Defender for Identity legacy portal at portal.atp.azure.com will be unavailable for Gov environments (MC567494 June ’23). Any request will be automatically redirected to Microsoft 365 Defender portal at security.microsoft.com. All new and existing tenants will be automatically redirected to the M365 Defender portal, and the option to opt-out will no longer be available.
When this will happen:
This will begin rollout on mid-October 2023 (previously late September) and is expected to be complete by late November 2023 (previously early November).
How this will affect your organization:
Once the forced redirection takes place, any requests to the standalone Defender for Identity portal (portal.atp.azure.com) will be redirected to Microsoft 365 Defender (securtiy.microsoft.com) along with any direct links to its functionality.
Organizations cannot manually opt-out and disable the setting.
What you need to do to prepare:
Ensure your security teams are familiar with Defender for Identity’s features and settings as they are represented in Microsoft 365 Defender. If your security teams need help, please direct them to the updated documentation available here.
Microsoft 365
MC694383 — Microsoft Whiteboard: External Guest Sharing via Specific People Share Link
30-60 Days
Microsoft 365 Roadmap ID 124990
Microsoft Whiteboard will soon leverage a new capability that allows guests of a tenant to access whiteboards shared with them via Specific People Share Links (PSL).
When this will happen:
This feature will begin rolling out in mid-December and complete by late January 2024.
How this will affect your organization:
Users of your tenant will have the ability to send Whiteboard PSLs to AAD guest users that will allow them to access and collaborate on whiteboards outside of meetings. This functionality is only available for PSLs generated for specific guest users.
If your tenant has Business to Business Invitation Manager (B2B IM) enabled, Whiteboard PSLs can be sent to non-guest users and an AAD guest account will be created for them in your tenant which will allow them to access the file.
Please note that Whiteboard will respect your OneDrive sharing settings. If your tenant does not allow sharing with guests, then it will continue to prevent sharing in Whiteboard as well.
What you need to do to prepare:
Ensure that your tenant’s OneDrive sharing settings reflect the level of sharing you would like to allow to your users.
It could be helpful to inform your users of this change.
MC694086 — Reminder: Stream (Classic) retires on April 15, 2024, and all unmigrated videos will be deleted
>60 Days
Microsoft will retire Stream (Classic) on April 15, 2024 and all videos on Stream (Classic) will be deleted after the retirement date. Stream (Classic) has already been auto disabled for end users, and admins can delay this change till the retirement date. Admins must migrate their tenant’s Stream (Classic) data to Stream (on SharePoint) before the retirement date to prevent data loss.
Note: GCC customers have a different retirement timeline. Timelines for WW as well as GCC tenants can be found here Migration & retirement timeline.
Stream (Classic)’s successor service, Stream (on SharePoint), entered general availability in October 2022. We recommend that you:
begin using Stream (on SharePoint)
direct your users to upload videos to SharePoint, Teams, OneDrive, and Yammer
put a plan in place for migration.
When this will happen:
April 15, 2024
What you need to do to prepare:
Migrating your content from Stream (Classic):
All your existing Stream (Classic) videos can be transferred to Stream (on SharePoint) to take advantage of Stream’s rich integration within Microsoft 365. To support your move to Stream (on SharePoint) we have created migration tools that allows you to transfer your videos to SharePoint while also bringing over metadata, links and permissions associated with your videos.
To begin using the migration tool please refer to our 3-part Migration guide here: Guide to migrate data from Stream (Classic) to Stream (on SharePoint)-Part 1 – Microsoft Stream | Microsoft Learn.
How this affects your organization:
Stream (on SharePoint) brings your users many of the capabilities of Stream (Classic) while allowing them to record and play videos directly in many everyday work and school apps such as Teams, Office.com, Yammer, Viva, PowerPoint, and SharePoint. In addition, Stream (on SharePoint) also enables you and your users to:
Easily manage video files with the same security, admin controls, multi-geo support, compliance (eDiscovery, legal hold, retention, and data loss prevention policies), permissions, and sharing controls as the rest of your files in SharePoint and OneDrive.
Record videos with advanced tools directly in the camera like background blur or replace, inking, text, audio only, and teleprompter.
Search for videos anywhere in Microsoft 365. You can now find videos and Teams meeting recordings across Microsoft 365 by searching keywords.
Find what you need quickly on the Stream start page in Office. The new start page shows recent, shared, and favorite videos, with playlists coming soon. (Note: The Stream start page doesn’t show you videos in Stream (Classic).)
View Teams Meeting Recordings with transcripts, chapters, timeline markers, speaker attribution, and comments.
Create custom page, site, and portal experiences to feature videos as part of your intranet and Viva Connections.
Share videos the same way you would any other file in Microsoft 365 with support for Guests, People in your Organization links, or unauthenticated external sharing with “anyone” links.
Get analytics per video, for all the videos in a site, or see who has watched your video.
Add videos to the Viva Connections Feed.
Use APIs based on the Microsoft Graph Files API for basic video file operations.
These benefits add up to ease of video management for admins and more productivity for your teams.
Learn more:
Below are links to more information about migration and Stream (on SharePoint):
Stream retirement and timeline overview and migration tool details.
Settings to delay Stream (Classic) disablement
IT admin overview of Stream (on SharePoint)
Stream (on SharePoint) adoption and end user guides.
Stream (Classic) to Stream (on SharePoint) comparison
MC692758 — Catch Up Improvements on Web
>60 Days
Microsoft 365 Roadmap ID 184359
Catch Up allows you to stay in sync with your collaborators in Word, Excel, and PowerPoint on Web by showing you the latest comment activity that is directed at you and a summary of recent changes. Based on your feedback, we made improvements to the Catch Up feature. The comment activity directed at you will now persist in Catch Up between sessions for up to 28 days. New items will be indicated with a blue dot for clarity. You can also dismiss items individually if you do not wish to keep them in Catch Up.
When this will happen:
Preview: This is currently rolling out and expected to complete by mid-December 2023.
Standard Release: We will begin rolling out early January 2024 and expect to complete by late February 2024.
How this will affect your organization:
This feature today allows end users of Word, Excel, and PowerPoint on Web to identify new collaborative activity directed at them such as mentions, tasks assigned to them, and replies to their comments. With this update, the comment activity directed at users will now persist in Catch Up between sessions for up to 28 days. New items will be indicated with a blue dot for clarity. Users can also dismiss items individually if you do not wish to keep them in Catch Up.
What you need to do to prepare:
This change will take place automatically in the web environment.
MC692467 — Microsoft 365 admin center: Usage reports – Overview page redesign
>60 Days
Microsoft 365 Roadmap ID 185799
The Microsoft 365 admin center Usage report Overview page has been redesigned to better navigate the most important usage insights in your organization and provide a holistic view of Microsoft 365 apps usage. The redesign includes new engagement metrics such as enabled and active users, user state compositions (e.g. first time, returning users), storage by product, and key usage metrics for Microsoft 365 apps.
When this will happen:
We will begin rolling the report out starting in late January 2024 and the rollout is expected to be complete by late July 2024.
How this will affect your organization:
Admins with the correct permissions will have access to the Overview page redesign and can switch between the Overview page redesign and the legacy Overview page using the Switch button.
What you need to do to prepare:
To access the new reports, go to Reports -> Usage -> Overview.
For more information regarding these reports, please review the following documentation.
MC690608 — App name change for Microsoft Project for the web, Project Teams tab, and Project Power app to “Planner (Project)”
>60 Days
We are updating the app names for Project for the web, Project Teams tab, and Project Power app to “Planner (Project)” – all existing functionality across these apps will remain the same.
When this will happen:
This change will start rolling out in late January 2024 and should complete in early February 2024.
How this will affect your organization:
We are updating the app names for Project for the web, Project Teams tab, and Project Power app to “Planner (Project)” – all existing functionality across these apps will remain the same.
A dismissible banner will appear in the app before the name change to set user expectations and a new banner will appear once the name change occurs to inform users.
We don’t expect this change to impact any existing user scenarios or functionality.
This name change aligns these apps with the roadmap and Ignite announcement of the new Planner app. The new Planner app will bring together your to-dos, plans, and projects into a single unified experience which is simple, flexible, scalable, and intelligent. Existing Project for the web customers will get access to the premium capabilities in the new Microsoft Planner app as part of their Project for the web subscriptions, with no additional licenses required.
You can find out more information about the new Planner here: Planner Blog
Project Server, Project Online, and Project Desktop client are not subject to this name change.
What you need to do to prepare:
Your organization should update any internal documentation for Project for the web, Project Teams tab, and Project Power app which references the previous app name “Project” to use the new app name “Planner (Project)”. Otherwise we do not expect any other preparation is needed.
MC689788 — OneNote for Windows 10 End of Support
>365 Days
We will be retiring the OneNote for Windows 10 in 2025, aligned with the end of support of Windows 10. Over the coming weeks and months, we will be releasing more details into how we will support your organization with the migration over to the recently updated OneNote on Windows, which is where we will continue to invest our development resources.
When this will happen:
OneNote for Windows 10 will be retired in 2025. We will provide additional information in the coming weeks and months.
How this will affect your organization:
You are receiving this message because our reporting indicates one or more users in your organization are using this platform. If your organization is not using OneNote for Windows 10, please disregard this message.
We’ll be releasing more information about this in the coming weeks/months to help prepare organizations. Please do not attempt to uninstall OneNote for Windows 10 in the meantime, as crucial user data may be lost.
What you need to do to prepare:
Please continue to check Message center for more details from the OneNote team into how to best prepare for the upcoming migration.
MC689786 — Introducing Integrated Apps in Microsoft 365 admin center for managing apps across M365 suite products
30-60 Days
Microsoft 365 Roadmap ID 164079
We are introducing new blade in Microsoft 365 Admin Center for managing apps across your Microsoft 365 suite products – Integrated Apps. This provides you flexibility to manage 1P/3P store apps and line of business apps from a single place. Integrated Apps would reside under Settings on your navigation pane.
Integrated Apps allows you to manage apps for Outlook, Word, Excel, PowerPoint, and SaaS Apps. Here you can discover and deploy an app from AppSource to some or all users in your tenant. You can also upload a Line of Business app and deploy it for your users.
Integrated Apps is available for Global Administrators and Azure Application Administrators to manage all the apps, Exchange Administrators to manage Outlook add-ins, and Global Reader Administrators to view status of all apps.
When this will happen:
We will begin rolling out early December 2023 and expect to complete by late January 2023.
How this will affect your organization:
With this release, all existing Global Administrator, Azure Application Administrators, Exchange Administrators and Global Reader Administrators in your tenant would be able to access Integrated Apps blade in Microsoft 365 Admin Center. They will be able to view and manage Excel, Outlook, PowerPoint, and Word add-ins, and SaaS Apps. They would also be able to perform following actions in the Integrated Apps page.
View list of all the deployed apps across mentioned Microsoft 365 suite products
Deploy an app from AppSource to specific users/groups or entire tenant.
Deploy a Line Of Business app
Consent to exchange permissions for app deployment
Update user assignment for deployed app
Remove deployment of an app
What you need to do to prepare:
Please review and update above mentioned Administrator role assignment to right set of users who should have access for application management capabilities.
Educate future Administrators regarding app management from Integrated Apps page.
MC688631 — Microsoft Stream: Add a hyperlink or text callout to a video at specific times
30-60 Days
Microsoft 365 Roadmap ID 180795
Make your video interactive and more engaging by adding annotations that can include hyperlinks and text. Call out important moments or share documents and other links to additional resources. You can add text and links anywhere in the video timeline to help guide your viewers to the right information. Viewers can use video timeline markers to navigate interactive content.
When this will happen:
Targeted release will begin rolling out in early December 2023.
Standard Release will begin rolling out in late January 2024.
How this will affect your organization:
Users will be able to make interactive videos in Microsoft Stream by adding a hyperlink or text callout at specific times.
Note: Some users may see this feature before other users with your organization.
What you need to do to prepare:
There is no action required from you at this time.
MC688440 — Manage Ownerless Microsoft 365 Groups and Teams
Rolled Out
Microsoft 365 Roadmap ID 180749
We are pleased to introduce the new ownership governance policy for Microsoft 365 groups. The policy will help you automate the management of ownerless Microsoft 365 groups in your tenant.
When this will happen:
The Group ownership governance policy will be available on your tenant by late November 2023.
How this will affect your organization:
This is an opt-In feature. Once you enable the ownership governance policy, active members of the ownerless groups will be sent requests asking them to take up ownership. Such users can simply accept or decline the request via the actionable email message.
What you need to do to prepare:
You can enable the ownership governance policy and define who is eligible for these ownership request notifications and configure what notifications and how often these notifications are sent to group members. To learn more, check out: Manage Ownerless Microsoft 365 Groups and Teams.
MC686270 — (Updated) Microsoft 365 Icon Update
<30 Days
Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
The Office 365 logo will be replaced throughout Outlook Mobile for Android with the Microsoft 365 logo, as will references to the account type.
When this will happen:
Standard Release: We will begin rolling out mid-November 2023 (previously early November) and expect to complete by mid-December 2023 (previously late November).
How this will affect your organization:
When this update rolls out, users may see their account represented with the updated icon in their accounts list.
What you need to do to prepare:
You may want to notify your users about this change and update any training documentation as appropriate.
MC682305 — (Updated) Whiteboard: “Specific people” Share Link Fallback
<30 Days
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
Microsoft Whiteboard now automatically utilizes Specific People Share Links (PSL) for participants of a Teams meeting when a whiteboard is shared and the tenant has Company-wide Share Links disabled (CSL).
When this will happen:
We will begin rolling out in mid-October and complete rolling out in mid-December 2023 (previously late November).
How this will affect your organization:
Whiteboards are stored in the OneDrive of the user who starts Whiteboard in the Teams meeting. If your tenant does not have CSLs enabled, previously when trying to share a whiteboard in a Teams meeting users would receive an error message and would not be able to access and collaborate on the whiteboard during and after the meeting.
Now, in the case that CSLs are disabled in your tenant, Whiteboard will fallback to utilizing PSLs and provide access directly to the participants of that Teams meeting. They will be able to access and collaborate on that whiteboard during and after the meeting.
Scenarios where PSL Fallback Apply:
Teams meetings Whiteboard flow
Teams Screen sharing Annotations flow
Teams Whiteboard Tab App in channels (private, shared, public)
Note: participants that join a meeting or annotation session after a whiteboard has been shared will need to have the whiteboard manually shared with them. For private and shared Tab channel, the whiteboard will need to be manually shared with participants.
Note: PSL Fallback will only apply to in-tenant users, not external users.
What you need to do to prepare:
No change will be required, this will happen automatically based on your tenant settings.
MC680788 — (Updated) Pin based verification process for support callers
Rolled Out
Updated November 21, 2023: We have updated this message to reflect that the change impacts administrators only and not end users. Thank you for your feedback.
In 2020, we added a PIN-based verification step to our existing phone-based verification process, to better protect your organization. If you call support, the Microsoft support representative will send a verification code to your registered email or phone in your Admin Center profile. Provide this code to the support representative to grant them access to your organization’s account.
How this will affect your organization:
This change will be enforced as of November 1, 2023
How this affects your organization:
Starting November 1, 2023, this enhanced verification will be required to open and manage a phone-initiated case with Support.
What you need to do to prepare:
To help ensure an expedited Support experience, admins with appropriate permissions can update their profile contact information in Admin center->Users->Active users->Admin Name->Manage contact information.
MC644063 — (Updated) Microsoft Stream Mobile app for GCC-H and DoD Users
<30 Days
Microsoft 365 Roadmap ID 139272
Updated November 7, 2023: We have updated the rollout timeline below. Thank you for your patience.
Microsoft Stream mobile app will soon be rolling out to GCC-H and DoD users. The app gives users access to Stream (on SharePoint) video content. The mobile app is available for iOS and Android. Additionally, Microsoft Stream includes enterprise-level security, compliance, retention, and permissions features you expect from Microsoft 365.
When this will happen:
Rollout will begin in early November 2023 (previously) and is expected to be complete by mid-December 2023 (previously mid-November).
How this will affect your organization:
The Microsoft Stream mobile app will allow GCC-H and DoD users to:
View a personalized home feed showing shared videos, meeting recordings, and collaboration updates
Record or upload videos
Download videos to watch offline later
Search for any videos in your organization using keywords or author names
Catch up on missed meetings with Microsoft Teams meeting recordings
Mark important videos as ‘Favorites’ and find them anytime from the library section
Share videos with co-workers with a single click
What you need to do to prepare:
Please notify your users of this update. You may want to update any relevant training documentation as appropriate.
The app can be downloaded from Android and iOS play stores in this link.
For additional information, please visit this documentation or this blog post.
MC560724 — (Updated) Text Predictions for OneNote on Windows
<30 Days
Microsoft 365 Roadmap ID 124909
Updated November 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
When this update rolls out, users will see text predictions when writing documents in English in OneNote on Windows. When they see the suggested text, users can accept with the tab or right arrow key or simply keep typing to ignore.
When this will happen:
We will begin rolling out in mid-July 2023 (previously late June) and expect to complete rollout by mid-December (previously late November).
How this will affect your organization:
Text predictions are ON by default and users can disable them as needed. To disable in OneNote on Windows, go to File -> Option -> Advanced -> Editing and switch off Show text predictions while typing.
Disabling this feature in OneNote will not affect other Microsoft apps, such as Word or Outlook.
What you need to do to prepare:
Text predictions is considered a Microsoft 365 connected experience. This feature can be managed through admin policy.
You may want to notify your users about this new capability and update your training and documentation as appropriate.
For more information, please visit this page.
Microsoft 365 IP and URL Endpoint Updates
Documentation – Office 365 IP Address and URL web service
Microsoft Tech Community – Latest Blogs –Read More
The 12 Days of Copilot – Day 11 Microsoft 365 Copilot in Microsoft Whiteboard – HLS Show Me How
What is Microsoft 365 Copilot in Microsoft Whiteboard?
Microsoft 365 Copilot is a feature that helps you create and present engaging and interactive whiteboard sessions with your audience. It uses artificial intelligence to analyze your voice, gestures, and content, and provide you with suggestions, feedback, and insights to enhance your presentation. You can use Copilot to plan your session, get real-time cues, and review your performance.
What are the benefits of using Microsoft 365 Copilot in Microsoft Whiteboard?
You can save time and effort by letting Copilot generate an outline for your session based on your topic and goals.
You can improve your delivery and engagement by following Copilot’s tips and prompts on how to use your voice, gestures, and annotations effectively.
You can get instant feedback and analytics on your session, such as how well you covered your key points, how clear and confident you sounded, and how your audience reacted.
You can learn from your experience and improve your skills by reviewing Copilot’s summary and recommendations for your session.
How do I use Microsoft 365 Copilot in Microsoft Whiteboard?
To use Copilot in Whiteboard, you need to have a Microsoft 365 subscription and a compatible device, such as a Surface Hub or a Windows 10 PC with a microphone and a touch screen. You can start Copilot from the Whiteboard app by tapping or clicking on the Copilot icon on the toolbar. Then, you can follow the steps below:
Select your topic and goals for your session. Copilot will generate an outline for you, which you can edit or customize as you wish.
Prepare your whiteboard canvas with the content and tools you want to use. You can add images, text, shapes, stickers, and more. Copilot will also suggest some useful features, such as templates, ink-to-shape, and ink replay.
Start your session by tapping or clicking on the play button. Copilot will listen to your voice and watch your gestures, and give you cues and tips on the screen. For example, it might remind you to speak louder, slow down, or use more gestures. You can also ask Copilot for help or feedback at any time by saying “Copilot, what do you think?” or “Copilot, how am I doing?”
End your session by tapping or clicking on the stop button. Copilot will give you a summary and analysis of your session, including your strengths, areas for improvement, and audience reactions. You can also review your session recording and replay your whiteboard animations.
*(the preceding description was written by Microsoft 365 Copilot in Word)
In this final 12 Days of Copilot session I take you through some of the uses of Microsoft 365 Copilot in Microsoft Whiteboard.
Resources:
Copilot in Whiteboard help & learning (microsoft.com)
Use Copilot in Whiteboard with a screen reader – Microsoft Support
Discover new ideas in Whiteboard with Copilot for Microsoft 365 – Microsoft Support
Organize your ideas in Whiteboard with Copilot for Microsoft 365 – Microsoft Support
Summarize ideas in Whiteboard with Copilot for Microsoft 365 – Microsoft Support
Frequently Asked Questions about Copilot in Whiteboard – Microsoft Support
Previous Days of Copilot:
The 12 Days of Copilot – Day 1 Microsoft 365 Copilot in Outlook – HLS Show Me How
The 12 Days of Copilot – Day 2 Microsoft 365 Copilot in Word 1 of 2 – HLS Show Me How
The 12 Days of Copilot – Day 3 Microsoft 365 Copilot in Word 2 of 2 – HLS Show Me How
The 12 Days of Copilot – Day 4 Microsoft 365 Copilot in PowerPoint 1 of 2 – HLS Show Me How
The 12 Days of Copilot – Day 5 Microsoft 365 Copilot in PowerPoint 2 of 2 – HLS Show Me How
The 12 Days of Copilot – Day 6 Microsoft 365 Copilot in Excel – HLS Show Me How
The 12 Days of Copilot – Day 7 Microsoft 365 Copilot Image Generation in PowerPoint – HLS Show Me Ho…
The 12 Days of Copilot – Day 8 Microsoft 365 Copilot in Microsoft Loop –HLS Show Me How
The 12 Days of Copilot – Day 9 Microsoft 365 Copilot in Microsoft OneNote –HLS Show Me How
The 12 Days of Copilot – Day 10 Microsoft 365 Copilot in Microsoft Teams Meetings –HLS Show Me How
The 12 Days of Copilot – Day 11 Microsoft 365 Copilot in Microsoft Windows – HLS Show Me How
The 12 Days of Copilot – Day 11 Microsoft 365 Copilot in Microsoft Whiteboard – HLS Show Me How
Thanks for visiting – Michael Gannotti LinkedIn | Twitter
Microsoft Tech Community – Latest Blogs –Read More
SetSearchKey and SetEmbeddingKey return “does not contain a definition for …”
I’m currently using Azure.AI.OpenAI 1.0 beta 12, I’m using the samples provided by Microsoft however when I compile the code I get the following error
‘AzureCognitiveSearchChatExtensionConfiguration’ does not contain a definition for ‘SetSearchKey’ and no accessible extension method ‘SetSearchKey’ accepting a first argument of type ‘AzureCognitiveSearchChatExtensionConfiguration’ could be found (are you missing a using directive or an assembly reference?)
and
‘AzureCognitiveSearchChatExtensionConfiguration’ does not contain a definition for ‘SetEmbeddingKey’ and no accessible extension method ‘SetEmbeddingKey’ accepting a first argument of type ‘AzureCognitiveSearchChatExtensionConfiguration’ could be found (are you missing a using directive or an assembly reference?).
The lines of code I’m using are
I’ve checked the solution and it has the correct version of Azure.AI.OpenAI installed.
Any thoughts welcome.
Thanks
Rob Ireland
I’m currently using Azure.AI.OpenAI 1.0 beta 12, I’m using the samples provided by Microsoft however when I compile the code I get the following error’AzureCognitiveSearchChatExtensionConfiguration’ does not contain a definition for ‘SetSearchKey’ and no accessible extension method ‘SetSearchKey’ accepting a first argument of type ‘AzureCognitiveSearchChatExtensionConfiguration’ could be found (are you missing a using directive or an assembly reference?) and ‘AzureCognitiveSearchChatExtensionConfiguration’ does not contain a definition for ‘SetEmbeddingKey’ and no accessible extension method ‘SetEmbeddingKey’ accepting a first argument of type ‘AzureCognitiveSearchChatExtensionConfiguration’ could be found (are you missing a using directive or an assembly reference?). The lines of code I’m using are// Initialize the AzureCognitiveSearchChatExtensionConfigurationvar search = new AzureCognitiveSearchChatExtensionConfiguration(){ SearchEndpoint = new Uri(searchEndpoint), IndexName = searchIndexName}; // Set the SearchKeysearch.SetSearchKey(searchKey); // Set the EmbeddingKeysearch.SetEmbeddingKey(embeddingKey); I’ve checked the solution and it has the correct version of Azure.AI.OpenAI installed. Any thoughts welcome. ThanksRob Ireland Read More