October 2023 Newsletter
Welcome to Cybersecurity Awareness Month!
It’s a great time to share resources for your organization to improve awareness. Here are three ideas:
For end user awareness, did you know that Office 365 E5 (or M365 E5) licenses include security phishing testing, reporting, and training resources? In fact, Microsoft added cybersecurity training material from SANS, the industry leader in awareness, and Terranova.
To improve management’s awareness of the non-IT aspects of incident response, see Seven Steps for Successful Incident Response Tabletop Exercises.
And if your CFO is unaware of ways to control rising security costs, see How to Save on Sentinel’s Recurring Costs.
What’s New in Microsoft?
Copilot and new Microsoft AI experiences are coming to Windows 11, beginning with the preview of Copilot in Windows in the September 26th optional preview update for Windows 11, version 22H2.
Microsoft 365 Copilot will be generally available for enterprise customers on November 1. At this release, customers with 300 Copilot seats can be onboarded.
On September 30th, 2025, Microsoft will be retiring the ability to manage authentication methods in the legacy Multifactor Authentication (MFA) and Self-Service Password Reset (SSPR) policies in Entra ID. Organizations should migrate their methods to the converged authentication methods policy where methods can be managed centrally for all authentication scenarios including passwordless, multi-factor authentication and self-service password reset. Migrate authentication methods by following the steps outlined in How to migrate MFA and SSPR policy settings to the Authentication methods policy for Azure AD.
Entra ID will be suppressing authenticator notifications for requests originating from unfamiliar locations and unknown IP addresses to differentiate potential malicious attempts from legitimate ones. This suppression of notifications will apply to both Phone Sign-in and MFA notifications. Users can still retrieve genuine requests at any time by accessing the Authenticator app. Users will not be explicitly notified about this change. The system will intervene when it detects a login attempt from an unrecognized or unfamiliar source.
The first Microsoft Mesh feature is going into public preview in October, making it easier for Teams users to transform their meetings into a 3D experience. From your Teams meeting view menu, you will now see an immersive space option. PCs require 4 cores and 8 GB RAM to enable the option and access immersive spaces, and Office E1/E3/E5+ is all that’s required.
Microsoft is integrating Live Event capabilities into the native Teams meeting experience. This will unify the experience for users whether they are hosting a small meeting, customer-facing webinar, or company-wide Town Hall in Microsoft Teams, a new experience to host and deliver large-scale, internal events to create connections across an organization. With the introduction of Town Halls, Live Events will be retired for commercial customers on September 30, 2024.
You will soon see a new service plan associated with your Microsoft 365 or Office 365 license: Avatars for Teams (MESH_AVATARS_FOR_TEAMS). Avatars for Teams app is also updating the minimum hardware requirements to access this feature—a two core CPU with 6gb RAM. Users will not be able to utilize this feature if it does not meet the minimum hardware spec.
Microsoft Teams meeting organizers can soon choose between a single watermark or a repeated watermark with the additional ability to set the opacity of the watermark. The single watermark will display in the viewer’s email on top of the shared content and/or video in a clean and discreet manner. The opacity option will enable meeting hosts to set the transparency of the watermark to their liking.
By late December, Microsoft is retiring the polling feature in the ‘Forms’ app in Teams by the end of December. Use the ‘Polls’ app, which is where Microsoft invests development.
Microsoft Teams is going to support an Explicit Recording Consent meeting policy. When the policy is applied, the Teams meeting window will request explicit consent of all participants to be recorded. Before a user gives consent, the user’s audio, video, and screenshare/consent-share won’t be captured in the meeting recording.
By November, Teams Mobile (iOS/Android) will streamline the meeting join process by reducing the number of steps it takes to join the meeting, particularly for users joining externally from the organization. Users who join without signing in will now have the capability to preset and preview video/audio settings prior to joining the meeting, and the process to switch accounts will be simplified.
Recording can now be enabled for watermarked meetings (the Watermark feature requires a Teams Premium license). An email ID will be displayed as the watermark during the meeting recording playback. Once a meeting has concluded, users can access the recorded content on both web and mobile platforms to watch the recording with watermarking.
By late October, a new in-chat and in-channel Search experience will now be available in the right handrail, making it possible to see your chat/channel list and your new search results in one single view. The initiation can be done using the keyboard shortcut Ctrl+F(win) or Cmd +F (Mac):Chat:
By late October, IT admins will be able to turn ON or OFF Collaborative Annotations from the Teams admin center in Meetings –> Meeting policies, so that people can use annotation while sharing screens in Microsoft Teams
When a third-party meeting is created from Outlook or OWA, participants of the meeting will now be able to join the meeting directly from Microsoft Teams. The participants will see a “Join” button on the Teams calendar events card and in the meeting details page. On clicking on the Join button, the link will route the users to the browser or the third-party application to join the meeting. This experience will be available on both mobile and desktop.
Cloud IntelliFrame is a new experience that allows online meeting attendees to see people in Teams Rooms more clearly by zooming into their faces and eliminating distractions. Cloud IntelliFrame will be rolling out across Microsoft Teams Rooms on Windows with Pro license and can be viewed on Microsoft Teams Desktop (Windows & Mac) with any license.
Organizers can set up events and effortlessly add external presenters, who will receive exclusive Teams join links. These links enable external presenters to directly enter the event, eliminating the need for organizers to manually admit them from the event lobby or modify their event role during the session. This creates a hassle-free event experience for organizers and presenters!
Microsoft is introducing the capability to upload files from OneDrive from Teams Mobile chat and channel for iOS and Android. Additionally, users will be able to view recent files and attach the most used files upfront from the recent section.
Mobile App Management for Windows is now generally available. You can now enable-protected MAM access to organization data via Microsoft Edge on personal Windows devices. Intune Mobile Application Management (MAM) for Windows is available for Windows 11, build 10.0.22621 (22H2) or later.
Intune integration with the Zebra Lifeguard Over-the-Air service is generally available, to allow delivery of OS updates and security patches over-the-air to eligible Zebra devices that are enrolled with Intune. You can select the firmware version you want to deploy, set a schedule, and stagger update downloads and installs. This integration is now generally available for Android Enterprise Dedicated and Fully Managed Zebra devices that are running Android 8 or later, and requires an account with Zebra, as well as Intune Plan 2 or Microsoft Intune Suite.
The Remote Help web app now allows users to connect to macOS devices and join a view-only remote assistance session. Intune Suite or Remote Help licensing is required.
Since Apple released iOS/iPadOS version 17, the minimum version now supported by Intune is iOS/iPadOS 15.x.
Group Policy analytics is generally available (GA). Use Group Policy analytics to analyze your on-premises group policy objects (GPOs) for their migration to Intune policy settings.
Soon, customers with Microsoft Defender for Office 365 plan 2 can create 10,000 block entries and 5,000 allow entries (via admin submissions) in the Tenant Allow Block List for each category (Domains & addresses, Files, and URLs). Customers with Microsoft Defender for Office 365 Plan 1 can create 1,000 block entries and 1,000 allow entries in the Tenant Allow Block List for each category. Customers with Exchange Online Protection will remain at 500 block entries and 500 allow entries in Tenant Allow Block List for each category. The limit for spoofed senders will remain at 1,024 total entries (block entries and allow entries combined) for all service plans.
Microsoft has turned on intra-organizational protection by default for high-confidence phishing messages that contain malicious or spam-based URLs in Microsoft Defender for Office 365. The default behavior is to quarantine intra-organizational messages that contain high confidence phishing URLs. If you want to opt out of this behavior or opt in to additional protection, you can adjust your preferences within the anti-spam policy. More information can be found in this configure spam filter policies documentation.
A public preview has begun where Defender for Cloud Apps can discover Shadow IT network events detected from Defender for Endpoint devices that are working in the same environment as a network proxy appliance. Visit this documentation for more information on how to turn Network Protection ON.
Track & Revoke will begin rolling out by mid-November 2023. From the sensitivity menu, owners of Office files protected with a sensitivity label can access the Purview portal to view user-access attempts and revoke access if needed. The Microsoft Purview Tracking and Revocation feature will be turned on by default. To disable the feature, use the Disable-AipServiceDocumentTrackingFeature command.
By late October, when default labeling of files is enabled in Word, Excel, and PowerPoint Microsoft 365 Apps for Windows, a default sensitivity label is applied to any unlabeled document when it is saved. To improve user confidence that default labeling is functioning, the sensitivity bar will now indicate that a label will be applied on the next save when the user opens a new or previously unlabeled file.
Microsoft Purview Data Loss Prevention that can help organizations create policies that prevent their users from pasting sensitive data to specific websites, including personal email, generative AI prompts, social media sites, and more when accessed through a supported web browser.
Admins will have the ability to change retention period on labels set to start retention based on “when items were labeled.” Previously, admins could not change the retention period set on existing labels configured to start retention from when items were labeled. This feature will remove this restriction, making the behavior consistent with other retention label types.
If you used and saved Whiteboards before 2022, some of your old files are likely stored in Azure. Whiteboards started saving to OneDrive for Business (ODB) in 2022. MSFT is making a client-based migration tool available to begin in the first part of 2024. Stay tuned for updates.
Organizational leaders will soon see a refreshed Viva Insights homepage with content tailored to them. This update will only apply to organizational leaders who have already been assigned the Group Manager or Insights Business Leader role in Viva Insights.
Starting now, the Bing Chat Enterprise (BCE) service plan has been added to BCE-eligible Microsoft 365 licenses. The service plan provides more management controls to turn BCE on or off for specific users or groups. The previous BCE management controls found on the aka.ms admin pages will redirect to documentation on how to manage BCE using its service plan.
If you have migrated or plan to migrate videos from Stream (Classic) to Stream (on SharePoint), your users will see a banner message on top of all migrated Stream (Classic) videos beginning on October 15, 2023. The banner will say, “This video has been migrated to Stream (on SharePoint). You accessed this video from the Stream (Classic) link, which will expire on February 15, 2025. If you own the content containing the Stream (Classic) link, you will need to update it with the new Stream (on SharePoint) link.
If you use the Stream (Classic) webpart to add videos to SharePoint Pages and news posts, that webpart has been replaced by the new Stream (on SharePoint) webpart.
By mid-November, a new default document theme is coming to Word, Excel, PowerPoint, and Outlook across your endpoints. The new theme will include the new default font, Aptos, a new color palette, and updated default line weights.
Workflows from Power Automate will replace Connectors in the overflow menu. From the list of channels users will be able to go into the overflow menu for a specific channel (…) and select “Workflows.” Here, they will see a list of workflow templates specific to channels within Teams. Users can then configure these templates to their needs and deploy them to the channel. This feature will only be available within the New Teams client.
On October 1, 2026, Microsoft will start blocking EWS requests from non-Microsoft apps to Exchange Online. Developers should move to use Microsoft Graph.
Loop workspaces will start being counted towards your tenant’s SharePoint storage quota between late October and late November 2023.
With the Planner component, teams that are using the Loop app to collect project info can include plans from Microsoft Planner. When a Planner component is created in the Loop app, everyone can stay in sync, working in a shared space that can also include lists, tables, notes, and more. The component will first be available in the Loop app. Other Loop-enabled apps will be supported later, for example, Outlook and Teams.
What’s New in the Data Center?
Windows Server: Windows updates released November 8, 2022, and later, include changes that address security vulnerabilities affecting Windows Server domain controllers (DC). Among the addressed vulnerabilities is a Kerberos security bypass and elevation of privilege scenario involving alteration of Privilege Attribute Certificate (PAC) signatures. Changes to address this issue have been released following a series of phases throughout 2023, and are reaching the final stage of enforcement in October. All domain-joined, machine accounts are affected by these vulnerabilities. For details on configuring these security requirements in your environment, see KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967.
Rubrik: Starting in version 9 of Cloud Data Management, its portal is moving into Rubrik Security Cloud.
—Using Pure with VMWare? See a blog about free/valuable integrations to maximize ROI and minimize administration.
—Starting in version 6.4.10, Safe Mode is enabled by default. There is an opt out.
Nutanix: 6.5.3.x is the version supporting the current version of LTS version. All Clusters should be updated to this version.
Cohesity: Any clusters running 6.5.1 should immediately be upgraded to 6.8 due to a certificate issue found in 6.5. All agents should also be upgraded prior to 12/1/23.
Contact our team of experts today to see how these updates may impact your workflow or organization!