In this week’s episode, Paul and myself get together to discuss – a bit more Exchange again – but don’t worry, it’s only more patches. Plus Microsoft add a new product into the E3 plans & you’ll probably like it – and as usual, the best from the Roadmap and Message Center
Slowing the deprecation of EWS
You’ll mostly care about this if you’re a migration vendor – but you should have cared if you have tenant or other migrations in your future that require particular Exchange Web Services. The short version – some of the APIs migration vendors use that were going to be removed have a bit of a reprieve.
Released: January 2022 Exchange Server Security Updates
In shocking news (or not) Microsoft has released security updates for vulnerabilities found in Exchange 2013, 2016 and 2019. The security updates cover three Remote Code Execution CVEs, CVE-2022-21969, CVE-2022-21855 and CVE-2022-21846. These are apparently not exploitable over the internet, but are serious and as we’ve said through much of 2021 – and hoped to not have to repeat this year – patch your servers.
These updates don’t affect Exchange Online, but as usual affect Hybrid management servers as well as full on-premises environments:
Microsoft Defender for Endpoint Plan 1 Now Included in M365 E3/A3 Licenses
Microsoft Defender for Endpoint Plan 1 – effectively the manageable AV/Malware EPP, brought into Business Premium late last year, has been added to Microsoft 365 Enterprise and Education plans with the E3/A3 SKUs. Defender for Endpoint Plan 1 covers Windows, Mac, Android and iOS devices, but not server platforms and Linux.
This brings the non-advanced capabilities (i.e. non-EDR) to a wide potential user base and is a addition great to the E3 plans. If your eventual destination is perhaps E5 licences, and you run basic AV today, then moving to Defender for Endpoint should be a no-brainer, as you’ll have an easier route to onboard to the full EDR (Endpoint Detection and Response) version.
Many organizations can ask the question of their existing basic AV vendor “what is your purpose?”. This might save money, but could make things more interesting for Microsoft, as we’d expect an AV vendor to now need to provide EDR capabilities or throw in additional security tooling not included in E3 for the same or less money. The first reaction from the vendor will, however be to try and create a “battlecard” to try and convince you that whatever you’ve bought now is somehow much, much better than Defender for Endpoint Plan 1. If they do, that should ring alarm bells.
Zero-touch onboarding of Microsoft Defender for Endpoint on iOS now in public preview
In the show prep this week Paul and I were torn between whether this was interesting enough to mention. I said it was because there’s a small but sizable niche of organization who this is particularly important for. So this feature avoids user interaction when deploying Defender for Endpoint to iOS. That’s important because Defender for Endpoint ties together with Intune to provide a more comprehensive mobile device management platform. Intune has great controls, but even goes to the effort of explaining to users that IT can’t see a lot on the device. Defender for Endpoint on iOS isn’t simply anti-virus but also includes VPN capabilities and web proxy capabilities, plus additional auditing on the device itself regarding app behaviours. These are often part of competitor MDM products, so a silent installation is important to those customers who need those features. This is public preview which means it’s not production ready yet but you can begin testing.
Message Center & Roadmap
In the message center and on the roadmap this week, we’ve pulled out some of the most interesting new features to arrive over the last few weeks.
First up, Team templates and SharePoint templates can now be shared for specific use cases. This combined feature means that if you have a requirement that’s relatively simple, but quite common – such as a Team template for a project that should also have SharePoint customisations too, then you use a single shared template. This should be in tenants now – but double check as the date changed over the last few weeks (the preview date of December was dropped)
For newly imaged Microsoft Teams Rooms, Cortana, Microsoft’s voice assistant that works in specific use-cases, such as meeting joins, will be enabled by default. It can be switched off if needed and you’ll see a Cortana icon on the device itself, hinting to users that this capability is available.
Another feature that is quite niche – so much that we weren’t sure if it was worth mentioning – is that through March to July, PowerPoint will gain features allowing organization fonts to be added. In March this will arrive on the web, then in April on desktop and later in the year – around July – on Mac, iOS and Android. (as always, take these dates with a pinch of salt, they may change). Paul pondered whether there’s a sizable number of customers who really, really need this. I have seen customers, moving from Google, who would dearly like this feature on the web – but to date I’ve not personally seen it as a blocker. Clearly for some customers though it is.
And finally, one feature that helps fill the last remaining snags for Skype for Business Online v Microsoft Teams parity. Give and take Control during Teams meetings is set to arrive on VDI platforms. This is an ask I’ve had from customers, and whilst a niche use-case, it’s one that is important to many organizations who standardise upon VDI platforms. This arrives on Citrix and Azure Virtual Desktop (and therefore, we’d assume, Windows 365) in March, fast followed by VMware in April. In the meantime, we’d recommend using co-authoring of documents if you need to add or change content when working in a meeting together, and for presentations, using PowerPoint Live. However – user habits are hard to change, so it’s understandable why this is important.