STEVE: Welcome to this week’s Practical 365 podcast – the podcast that keeps you up to date with what’s new in Microsoft 365 – whether that’s the big announcements, latest Message Center news or what’s cropped up on the Microsoft 365 roadmap.

I’m your host, Steve Goodman, Co-Chief Editor of Practical 365 and it’s Friday, the 28th November.

Spotted in the Wild

Azure AD Conditional Access

Baseline Policies are going to be replaced by “Security Defaults”. These allow controls to be enforced by default, such as all Global Admins must use MFA, or people from risky locations must use MFA. This goes against “break glass account” guidance, so this is a welcome change to Azure AD.

Security Defaults are not replacing your existing Conditional Access Policies and less relevant if you are already using these. The concept is similar to Baseline Policies though – and enforce MFA for administrators, MFA for users and block Legacy Authentication.

These are available now, in the Azure AD portal – and apparently come at no extra cost. Find out more here.

Sensitivity labels for Microsoft Teams, Office 365 Groups and SharePoint sites have been spotted in Office 365 tenants. We blogged recently about using Classifications to provide information-only guidance about labeling Office 365 Groups and Teams – this is taking it to the next level if you are licensed of course.

You apply the labels in the same way – these take Sensitivity Labels defined within the Security and Compliance Center and apply to the Team/Group/Site – and the content.

For example, you can mandate that the Team can’t have external guests, or by using the policies to prevent the download of data and encryption. You can find out more information in the Microsoft documentation here.

Message Center Updates

Email notifications for service health are rolling out now (MC196504, you can edit your Service Health preferences to add an email alert.

Intune updates are rolling out (MC196710) – the monthly update includes better reporting, Windows 10 feature updates previews, and support to configure S/MIME on Outlook for iOS. You can find out more information here in the Microsoft documentation.

Updates to the SharePoint List modern settings are rolling out now (MC196871) – users will be able to enable and disable column totals in modern, and create a document view for list data with alternating colors by row – see the latter here.

More SharePoint updates (MC196889) – for onboarding new users, they’ll get some “Next Steps” when the create a new SharePoint site encouraging them to upload files, invite team members, and more.

Improvements to Office 365 Message encryption (MC196886) – a new layout – no Microsoft logo – your own, instead, an email will be from your own domain (rather than and improvements to the validation of OME email to prevent it being detected as spam. You’ll need to create a bounces mailbox to capture NDRs.

New on the Roadmap

Conditional Access for Mac OS – support for policies like MFA and IP-ranges for access and ensuring device compliance (16636) and also for Mac, single sign-on for Office and OneDrive apps (59235).

Teams VDI is getting improvements – Citrix VDI will have media optimization (56626). I was promised within 30 days of Ignite so it should be arriving very soon! You can find out more information here.

Protection against people using Microsoft Forms for Phishing is rolling out – two or more confirmed phishing attempts will block users (59216).

Recommended profiles for EOP and ATP – Standard and Strict – this will make it much easier to implement best practices in these services. Coming December (59220). You can find out more information here.

Proof of Records Disposal – a list of records (if it’s retained using retention labels) that have been disposed of will be kept for a longer period for export (59217).

Previously announced but moved to “Rolling Out and Launched” – not quite rolling out, but just changed to December – Teams Contact Centre API integration is expected in December – including a graph API for Presence and Remote Advisor integration (53939).

OneDrive for Business File Requests – send a link to someone giving them an upload-only link (27020) – and also rolling out for OneDrive is “Save for Later” – save a file shared with you to look at at a later date (a bit like Pinned Files in Office (49095)

Service Encryption for Exchange Online – available already for SPO and OneDrive, this allows you to utilize at-rest encryption of mailboxes with Microsoft-managed keys, similar to Customer Key (31171). You can find out more information on this here.

We had it last week for iOS – now it’s coming to Android – Meeting Insights (relevant documents and emails included in the meeting description) (54545).

And – that’s all we’ve got time for today!

We’ll be back next week for more Microsoft 365 news – so make sure you subscribe either at your favorite podcast app – or over on Thanks for joining us.

About the Author

Steve Goodman

Technology Writer and Chief Editor for AV Content at Practical 365, focused on Microsoft 365. A 12-time Microsoft MVP, author of several technology books and regular Microsoft conference speaker. Steve works at Advania in the UK as Field Chief Technology Officer, advising business and IT on the best way to get the most from Microsoft Cloud technology.


  1. Ook


    Tried to find this on Stitcher but didn’t see it there. It does feature the “All about 365” podcast but not this one – any chance of submitting to them? Thanks – love your work!!

Leave a Reply