STEVE: Welcome to this week’s Practical 365 podcast – the podcast that keeps you up to date with what’s new in Microsoft 365 – whether that’s the big announcements, latest Message Center news or what’s cropped up on the Microsoft 365 roadmap.
I’m your host, Steve Goodman, Co-Chief Editor of Practical 365 and it’s Friday, the 28th November.
Spotted in the Wild
Azure AD Conditional Access
Baseline Policies are going to be replaced by “Security Defaults”. These allow controls to be enforced by default, such as all Global Admins must use MFA, or people from risky locations must use MFA. This goes against “break glass account” guidance, so this is a welcome change to Azure AD.
Security Defaults are not replacing your existing Conditional Access Policies and less relevant if you are already using these. The concept is similar to Baseline Policies though – and enforce MFA for administrators, MFA for users and block Legacy Authentication.
These are available now, in the Azure AD portal – and apparently come at no extra cost. Find out more here.
Sensitivity labels for Microsoft Teams, Office 365 Groups and SharePoint sites have been spotted in Office 365 tenants. We blogged recently about using Classifications to provide information-only guidance about labeling Office 365 Groups and Teams – this is taking it to the next level if you are licensed of course.
You apply the labels in the same way – these take Sensitivity Labels defined within the Security and Compliance Center and apply to the Team/Group/Site – and the content.
For example, you can mandate that the Team can’t have external guests, or by using the policies to prevent the download of data and encryption. You can find out more information in the Microsoft documentation here.
Message Center Updates
Email notifications for service health are rolling out now (MC196504, you can edit your Service Health preferences to add an email alert.
Intune updates are rolling out (MC196710) – the monthly update includes better reporting, Windows 10 feature updates previews, and support to configure S/MIME on Outlook for iOS. You can find out more information here in the Microsoft documentation.
Updates to the SharePoint List modern settings are rolling out now (MC196871) – users will be able to enable and disable column totals in modern, and create a document view for list data with alternating colors by row – see the latter here.
More SharePoint updates (MC196889) – for onboarding new users, they’ll get some “Next Steps” when the create a new SharePoint site encouraging them to upload files, invite team members, and more.
Improvements to Office 365 Message encryption (MC196886) – a new layout – no Microsoft logo – your own, instead, an email will be from your own domain (rather than messaging.onmicrosoft.com) and improvements to the validation of OME email to prevent it being detected as spam. You’ll need to create a bounces mailbox to capture NDRs.
New on the Roadmap
Conditional Access for Mac OS – support for policies like MFA and IP-ranges for access and ensuring device compliance (16636) and also for Mac, single sign-on for Office and OneDrive apps (59235).
Teams VDI is getting improvements – Citrix VDI will have media optimization (56626). I was promised within 30 days of Ignite so it should be arriving very soon! You can find out more information here.
Protection against people using Microsoft Forms for Phishing is rolling out – two or more confirmed phishing attempts will block users (59216).
Recommended profiles for EOP and ATP – Standard and Strict – this will make it much easier to implement best practices in these services. Coming December (59220). You can find out more information here.
Proof of Records Disposal – a list of records (if it’s retained using retention labels) that have been disposed of will be kept for a longer period for export (59217).
Previously announced but moved to “Rolling Out and Launched” – not quite rolling out, but just changed to December – Teams Contact Centre API integration is expected in December – including a graph API for Presence and Remote Advisor integration (53939).
OneDrive for Business File Requests – send a link to someone giving them an upload-only link (27020) – and also rolling out for OneDrive is “Save for Later” – save a file shared with you to look at at a later date (a bit like Pinned Files in Office (49095)
Service Encryption for Exchange Online – available already for SPO and OneDrive, this allows you to utilize at-rest encryption of mailboxes with Microsoft-managed keys, similar to Customer Key (31171). You can find out more information on this here.
We had it last week for iOS – now it’s coming to Android – Meeting Insights (relevant documents and emails included in the meeting description) (54545).
And – that’s all we’ve got time for today!
We’ll be back next week for more Microsoft 365 news – so make sure you subscribe either at your favorite podcast app – or over on Practical365.com. Thanks for joining us.
Steve is a Microsoft MVP for Office Servers and Services. He enjoys getting hands-on, solving some of the more complex problems associated with migrating to the cloud or to newer versions of Exchange Server.