2022 CW 25 Microsoft 365 Message Center changes

from 06/13/2022 to 06/19/2022

18 Office 365 Message Center Items were changed and 24 Office 365 Message Center Items were added

Please note: Only common Message Center messages are in this list you should always check your Message Center for additional messages

Subscibe to cloudscout.one Enterprise plan to get individual reports for your Office 365 tenant

Changes

MC End Time changes

MC ID MC Title Old Value New Value MC Action required by
MC306666 (Updated) Pairing naming convention between Teams channels and corresponding SharePoint folders 07/22/2022 09:00:00 2022-08-31T09:00:00Z N/A
MC318316 (Updated) OAuth interface for Office 365 Reporting web service 06/30/2022 09:00:00 2022-08-22T09:00:00Z N/A
MC335111 (Updated) Search history suggestions for Bing AAD users 07/15/2022 09:00:00 2022-08-27T09:00:00Z N/A
MC339117 (Updated) Preview - Enabling customization capabilities for SSPR, footer hyperlinks and favicon in Company Branding. 11/30/2022 08:00:00 2023-01-31T08:00:00Z N/A
MC365395 (Updated) Communication Compliance: New classifier to detect sexual harassment (preview) 07/21/2022 09:00:00 2022-08-31T09:00:00Z N/A
MC381943 (Updated) General availability of Microsoft Defender for Endpoint alerts in Insider Risk Management 08/01/2022 09:00:00 2022-09-05T09:00:00Z N/A
MC382822 (Updated) Insider Risk Management: General availability of security policy violations templates 08/15/2022 09:00:00 2022-09-09T09:00:00Z N/A
MC384330 (Updated) Microsoft Defender for Office 365: Password protected download of quarantined messages 09/02/2022 09:00:00 2022-09-12T09:00:00Z N/A
MC384784 (Updated) Azure Active Directory: Customize Organizations’ Sign-In and Sign-Up Pages in Company Branding 12/01/2022 09:00:00 2023-01-31T09:00:00Z N/A
MC388232 (Updated) Microsoft Purview Information Protection: Configure Display Colors for Sensitivity Labels (preview) 08/30/2022 09:00:00 2022-09-23T09:00:00Z N/A
MC392299 Reminder: Windows Distributed Component Object Model (DCOM) hardening changes as of June 14, 2022 06/15/2023 01:36:25 2023-06-16T03:16:25Z N/A

MC How Affect changes

MC ID MC Title Old Value New Value MC Action required by
MC337624 (Updated) Temporary Whiteboard collaboration for external and shared device accounts This capability is enabled by default. If you choose to disable it, users will have the following experience:

External users in your organization will continue to see a message in Teams meetings that they cannot see the whiteboard.

Users in a Teams meeting on a Surface Hub or Teams Meeting Room will not be able to join an ODB-based whiteboard shared during a meeting. These users should join the meeting from another device to view and collaborate on the whiteboard.

Note: OneDriveLoopSharingCapability and CoreLoopSharingCapability are currently only used by Whiteboard on ODB, but in future, other Fluid-based content such as Loops in Teams chat will be covered by these settings.
For external and shared device accounts to join meetings, Whiteboard relies on a new capability that allows temporary access for these accounts. This applies to device accounts from Surface Hub and Teams Meeting Room devices, as well as any users who are not in your tenant.

This capability does not enable file-level sharing and does not grant access to the file. It provides temporary access only for the duration of the Teams meeting (similar to PowerPoint Live sharing during a meeting).
N/A
MC339117 (Updated) Preview - Enabling customization capabilities for SSPR, footer hyperlinks and favicon in Company Branding. Today, SSPR and footer hyperlinks direct end-users to Microsoft resources as well as rendering the Microsoft logo in the browser tab. This update will introducing the ability to customize each of these elements and remove all references to Microsoft.

You can start using this new functionality once it is rolled out to your tenant. Your end-users will not see any changes until you enable new capabilities.
Today, SSPR and footer hyperlinks direct end-users to Microsoft resources as well as rendering the Microsoft logo in the browser tab. This update will be introducing the ability to customize each of these elements and remove all references to Microsoft.

You can start using this new functionality once it is rolled out to your tenant. Your end-users will not see any changes until you enable new capabilities.
N/A

MC Messages changes

MC ID MC Title Old Value New Value MC Action required by
MC306666 (Updated) Pairing naming convention between Teams channels and corresponding SharePoint folders Updated April 22, 2022: We have updated the rollout timeline below. Thank you for your patience.

We apologize for not sending an earlier update regarding our delayed rollout. We delayed the feature release to ensure the best possible experience for our users, and it is now ready.

As previously mentioned (MC280294 - August), this new release will update the channel rename experience in Teams to simultaneously rename the corresponding folder in SharePoint sites whenever a channel in Teams is renamed. We are taking this step to eliminate the difficulty in tracking, across all Microsoft 365 endpoints, that occurs when a channel in Teams is renamed and the corresponding folder's naming convention is not updated accordingly in SharePoint. This will rollout on Teams desktop and web.

[Key points]

Microsoft 365 Roadmap ID:72211.

Timing: mid-May (previously mid-April) through mid-June (previously mid-May)

Roll-out: tenant level

Control type: admin control

Action: review and assess
Updated June 14, 2022: We have updated the rollout timeline below. Thank you for your patience.

We apologize for not sending an earlier update regarding our delayed rollout. We delayed the feature release to ensure the best possible experience for our users, and it is now ready.

As previously mentioned (MC280294 - August), this new release will update the channel rename experience in Teams to simultaneously rename the corresponding folder in SharePoint sites whenever a channel in Teams is renamed. We are taking this step to eliminate the difficulty in tracking, across all Microsoft 365 endpoints, that occurs when a channel in Teams is renamed and the corresponding folder's naming convention is not updated accordingly in SharePoint. This will rollout on Teams desktop and web.

[Key points]

Microsoft 365 Roadmap ID:72211.

Timing: mid-May (previously mid-April) through late July (previously mid-June)

Roll-out: tenant level

Control type: admin control

Action: review and assess
N/A
MC318316 (Updated) OAuth interface for Office 365 Reporting web service Updated April 05, 2022: We have updated the rollout timeline below and provided additional details for clarity. Thank you for your patience.

Currently, users accessing Reporting Web service use “Basic Authentication” and must provide their credentials. With this feature update, Microsoft will improve the security of your tenant by replacing “Basic Authentication” access in favor of the recommended OAuth user interface which is where we will continue to invest our development resources.

[Key points]

Timing: Rollout will begin in early May (previously mid-March) and is expected to be complete by late May (previously late March).
Updated June 16, 2022: We have updated the rollout timeline below. Thank you for your patience.

Currently, users accessing Reporting Web service use “Basic Authentication” and must provide their credentials. With this feature update, Microsoft will improve the security of your tenant by replacing “Basic Authentication” access in favor of the recommended OAuth user interface which is where we will continue to invest our development resources.

[Key points]

Timing: Rollout will begin in early May (previously mid-March) and is expected to be complete by mid-July (previously late May).
N/A
MC335111 (Updated) Search history suggestions for Bing AAD users Updated May 27, 2022: We have updated the rollout timeline below. Thank you for your patience.

We are currently bringing search history suggestions to Bing for AAD users. Users who are signed in with their AAD account will be able to select suggestions from their search history in search box in Bing homepage, all vertical, and work vertical. This will help users to quickly access previous searches and save them time by only needing to enter a partial search term. We store up to 1000 suggestions for every user. Users have full control over their search history. They can delete the search history or download them at any time. The search management page is easily accessible from the "Manage your search history" link at the bottom of the suggestions list. Their search history isn't shared with any third parties.

This message is associated with Microsoft 365 Roadmap ID 82147

[When this will happen:]

We will begin rolling this out in late March and expect to complete by early June (previously mid-May).

Updated June 17, 2022: We have updated the rollout timeline below. Thank you for your patience.

We are currently bringing search history suggestions to Bing for AAD users. Users who are signed in with their AAD account will be able to select suggestions from their search history in search box in Bing homepage, all vertical, and work vertical. This will help users to quickly access previous searches and save them time by only needing to enter a partial search term. We store up to 1000 suggestions for every user. Users have full control over their search history. They can delete the search history or download them at any time. The search management page is easily accessible from the "Manage your search history" link at the bottom of the suggestions list. Their search history isn't shared with any third parties.

This message is associated with Microsoft 365 Roadmap ID 82147

[When this will happen:]

We will begin rolling this out in late March and expect to complete by mid-July (previously early June).

N/A
MC337624 (Updated) Temporary Whiteboard collaboration for external and shared device accounts Updated May 05, 2022: There's a configuration issue with the instructions previously sent for this feature. The external and shared device accounts will work on ODB storage if you have external sharing allowed for SharePoint sites, but if you do not, then these accounts will not work. We are working on a resolution and expect it to be available at the end of May and be fully deployed by mid-June.

Microsoft Whiteboard on OneDrive for Business (ODB) is leveraging a new capability that allows temporary collaboration during a Teams meeting. This applies to device accounts from Surface Hub and Teams Meeting Room devices, as well as any users who are not in your tenant.

Note: This capability does not enable file-level sharing and does not grant access to the file. It provides temporary access only for the duration of the Teams meeting (similar to PowerPoint Live sharing during a meeting).

This message is associated with Microsoft 365 Roadmap ID 66759

[When this will happen:]

After Whiteboard's move to ODB storage (starting in mid-March and completing in mid-April), this capability will be utilized by Whiteboard.

Updated June 17, 2022: As previously stated, Microsoft Whiteboard on OneDrive for Business (ODB) is leveraging a new capability that allows temporary access for external and shared device accounts. This feature is now fully rolled out as of June 14, 2022.

Microsoft Whiteboard on OneDrive for Business (ODB) is leveraging a new capability that allows temporary collaboration during a Teams meeting. This applies to device accounts from Surface Hub and Teams Meeting Room devices, as well as any users who are not in your tenant.

Note: This capability does not enable file-level sharing and does not grant access to the file. It provides temporary access only for the duration of the Teams meeting (similar to PowerPoint Live sharing during a meeting).

This message is associated with Microsoft 365 Roadmap ID 66759

[When this will happen:]

This feature is now fully rolled out as of June 14, 2022.

N/A
MC339117 (Updated) Preview - Enabling customization capabilities for SSPR, footer hyperlinks and favicon in Company Branding. Updated May 24, 2022: We have updated the rollout timeline below. Thank you for your patience.

We’re updating the Company Branding component of the Azure Active Directory (Azure AD) sign-in page to enable customization capabilities for Self Service Password Reset (SSPR), footer hyperlinks and favicon.

This message is associated with Microsoft 365 Roadmap ID 88928.

[When this will happen:]

Preview: We expect this feature to begin rolling out to Preview in early July (previously early June) and expect the rollout to be completed by late July (previously late June).

Standard Release: We expect this to begin rolling out in early October (previously early September) and expect the rollout to be completed by late October (previously late September).
Updated June 16, 2022: We have updated the rollout timeline below. Thank you for your patience.

We’re updating the Company Branding component of the Azure Active Directory (Azure AD) sign-in page to enable customization capabilities for Self Service Password Reset (SSPR), footer hyperlinks and favicon.

This message is associated with Microsoft 365 Roadmap ID 88928.

[When this will happen:]

Preview: We expect this feature to begin rolling out to Preview in early September (previously early July) and expect the rollout to be completed by late September (previously late July).

Standard Release: We expect this to begin rolling out in early December (previously early October) and expect the rollout to be completed by late December (previously late October).
N/A
MC360646 (Updated) Exchange Online Protection: Anti-malware policy notification settings change Updated June 1, 2022: We have updated this message to ensure visibility for affected organizations. Thank you for your patience.

The previous Message Center post MC303513 (Dec '21) mentioned that we’re planning to retire the recipient and sender notification configuration in anti-malware policies. After reviewing customer feedback, we’re changing how we’re planning to retire those recipient and sender notifications.

The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings.

As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter:

True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification.

Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other):

Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications.

Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications.

This message is associated with Microsoft 365 Roadmap ID 93212

[When this will happen:]

Starting early June (previously mid-May) and completion of deployment by late July (previously late June)

Updated June 14, 2022: We have updated this message to ensure visibility for affected organizations. Thank you for your patience.

The previous Message Center post MC303513 (Dec '21) mentioned that we’re planning to retire the recipient and sender notification configuration in anti-malware policies. After reviewing customer feedback, we’re changing how we’re planning to retire those recipient and sender notifications.

The current notification settings are commonly used for messages that are blocked/quarantined as detected malware, or due to a file attachment in the common attachment filter settings.

As part of this change, we’re separating out the handling of notifications based on whether the message was scanned and found to be malicious vs. matches from the common attachment filter:

True malware: Both recipient and sender notifications will be retired. The message will be quarantined, and the selected quarantine policy configuration determines whether to send the end-user notifications. There is no option for sender notification.

Common attachment filter: Notifications are split into two distinct options that the admin can choose (one or the other):

Recipient notifications only: As with true malware detections, the selected quarantine policy configuration determines whether to send end-user notifications. There is no option for sender notifications.

Non delivery report (also known as NDR or bounce message)) to sender: The message is rejected in an NDR to the sender. The message is not quarantined, is not recoverable, and there’s no option for recipient notifications.

This message is associated with Microsoft 365 Roadmap ID 93212

[When this will happen:]

Starting late June (previously early June) and completion of deployment by late July (previously late June)

N/A
MC362284 (Updated) OneDrive sync app will automatically configure accounts This release will enable the OneDrive sync app to sign into an account even quicker. Users will experience an improved single sign-on experience by automatically being able to see their OneDrive files within their file browser upon sign in or OneDrive app update.

On Windows, users who are signed into the device with an Azure Active Directory (AAD) account will see their OneDrive folder start syncing without entering their account credentials.

On macOS, users who are signed into another Microsoft app (i.e., Office, Teams, Edge, etc.) will see their OneDrive folder start syncing without entering their account credentials.

This message is associated with Microsoft 365 Roadmap ID 93242.

[When this will happen:]

We will begin rolling out in mid-June and expect to complete by late July.

Updated June 14, 2022: We have updated the rollout timeline below. Thank you for your patience.

This release will enable the OneDrive sync app to sign into an account even quicker. Users will experience an improved single sign-on experience by automatically being able to see their OneDrive files within their file browser upon sign in or OneDrive app update.

On Windows, users who are signed into the device with an Azure Active Directory (AAD) account will see their OneDrive folder start syncing without entering their account credentials.

On macOS, users who are signed into another Microsoft app (i.e., Office, Teams, Edge, etc.) will see their OneDrive folder start syncing without entering their account credentials.

This message is associated with Microsoft 365 Roadmap ID 93242.

[When this will happen:]

We will begin rolling out in early July (previously mid-June) and expect to complete by late July.

N/A
MC365395 (Updated) Communication Compliance: New classifier to detect sexual harassment (preview) Coming soon to public preview, we're rolling out a sexual harassment classifier for Communication Compliance to assist you in detecting this type of workplace policy violation.

This message is associated with Microsoft 365 Roadmap ID 93252

[When this will happen:]

Rollout will begin in early June and is expected to be complete by late June.
Updated June 16, 2022: We have updated the rollout timeline below. Thank you for your patience.

Coming soon to public preview, we're rolling out a sexual harassment classifier for Communication Compliance to assist you in detecting this type of workplace policy violation.

This message is associated with Microsoft 365 Roadmap ID 93252

[When this will happen:]

Rollout will begin in early July (previously early June) and is expected to be complete by late July (previously late June).
N/A
MC373880 (Updated) Migrating the Safe Links Block List to Tenant Allow Block List Updated May 24, 2022: As a reminder beginning in June tenants will no longer have the ability to add to the Safe Links Block List in the Global Setting menu. Then we will attempt to migrate the Safe Links Block List to the Tenant Allow Block List (TABL) on behalf of the organization. Any entries that are unable to be successfully migrated, they will be marked as such in the Block List and organizations will have the ability to take action as needed beginning in July.

Another update will be sent closer to July as a reminder for tenants to review the migration status of the Block List. Beginning in June organizations will no longer have the ability to add to the Safe Links Block List in the Global Setting menu. Following this, we will attempt to migrate the Safe Links Block List to the Tenant Allow Block List (TABL) on behalf of the organization. For any entries that we are unable to migrate, they will be marked as such in the Block List and organizations will have the ability to take action as needed.

[When this will happen:]

Early June: Organizations will no longer have the ability to add to the URL/Domain entries to the Safe Links Block List in the Global Settings flyout and we will attempt to migrate all the entries in an organization's Safe Links Block List to TABL on their behalf

Mid-June through November: Organizations will have the ability review entries that were not able to be migrated and resolve the issue(s)

December: The Safe Links Block List will be retired

Updated June 14, 2022: At the beginning of June, we attempted to migrate all entries on the Safe Links Block List to the Tenant Allow/Block List. Entries that were successfully migrated do not require any additional action. Entries that were unable to be migrated will require manual intervention. In the coming weeks tenants will be able to review and take action on the entries that were unable to be migrated.

Note: Any entry migrated from the Safe Links Block List to the Tenant Allow/Block List will adopt the behavior of TABL. This means that any message with the URL present will be moved to Quarantine. If deleting an already migrated entry from TABL, it needs to be removed from BlockURLS to avoid migration.

As a reminder beginning in June tenants will no longer have the ability to add to the Safe Links Block List in the Global Setting menu. Then we will attempt to migrate the Safe Links Block List to the Tenant Allow Block List (TABL) on behalf of the organization. Any entries that are unable to be successfully migrated, they will be marked as such in the Block List and organizations will have the ability to take action as needed beginning in July.

Another update will be sent closer to July as a reminder for tenants to review the migration status of the Block List. Beginning in June organizations will no longer have the ability to add to the Safe Links Block List in the Global Setting menu. Following this, we will attempt to migrate the Safe Links Block List to the Tenant Allow Block List (TABL) on behalf of the organization. For any entries that we are unable to migrate, they will be marked as such in the Block List and organizations will have the ability to take action as needed.

[When this will happen:]

Early June: Organizations will no longer have the ability to add to the URL/Domain entries to the Safe Links Block List in the Global Settings flyout and we will attempt to migrate all the entries in an organization's Safe Links Block List to TABL on their behalf

Mid-June through November: Organizations will have the ability review entries that were not able to be migrated and resolve the issue(s)

December: The Safe Links Block List will be retired

N/A
MC376706 (Updated) Microsoft Project usage data in Microsoft Admin Center Updated June 2, 2022: We have updated the rollout timeline below. Thank you for your patience.

Project usage data will soon be included in the Microsoft Admin Center Customer facing usage reports.

This message is associated with Microsoft 365 Roadmap ID 93278

[When this will happen:]

We will begin rolling out in early June (previously late May) and expect to complete by late June (previously mid-June).
Updated June 14, 2022: We have updated the rollout timeline below. Thank you for your patience.

Project usage data will soon be included in the Microsoft Admin Center Customer facing usage reports.

This message is associated with Microsoft 365 Roadmap ID 93278

[When this will happen:]

We will begin rolling out in mid-June (previously early June) and expect to complete by late June (previously mid-June).
N/A
MC381943 (Updated) General availability of Microsoft Defender for Endpoint alerts in Insider Risk Management Currently available in public preview, Microsoft Defender for Endpoint alerts will soon be generally available for use within the Insider Risk Management solution in the Microsoft Purview compliance portal.

This message is associated with Microsoft 365 Roadmap ID 83965

[When this will happen:]

Rollout will begin in late May and is expected to be complete by mid-June.
Updated June 14, 2022: We have updated the rollout timeline below.

Currently available in public preview, Microsoft Defender for Endpoint alerts will soon be generally available for use within the Insider Risk Management solution in the Microsoft Purview compliance portal.

This message is associated with Microsoft 365 Roadmap ID 83965

[When this will happen:]

Rollout will begin in early July (previously late May) and is expected to be complete by early August (previously mid-June).
N/A
MC382822 (Updated) Insider Risk Management: General availability of security policy violations templates Currently available in public preview (MC289678), we're releasing additional features for Insider Risk Management that will help detect possible security violations by users including priority and departing users. These features will help enable your organization to detect security violations performed on devices onboarded to your organization using Microsoft Defender for Endpoint alerts.

This message is associated with Microsoft 365 Roadmap IDs 83961, 83962, and 83963.

[When this will happen:]

Rollout will begin in late June and is expected to be complete by early July.
Updated June 14, 2022: We have updated the rollout timeline below. Thank you for your patience.

Currently available in public preview (MC289678), we're releasing additional features for Insider Risk Management that will help detect possible security violations by users including priority and departing users. These features will help enable your organization to detect security violations performed on devices onboarded to your organization using Microsoft Defender for Endpoint alerts.

This message is associated with Microsoft 365 Roadmap IDs 83961, 83962, and 83963.

[When this will happen:]

Rollout will begin in early July (previously late June) and is expected to be complete by early August (previously early July).
N/A
MC384330 (Updated) Microsoft Defender for Office 365: Password protected download of quarantined messages With this change we are giving the ability to password protects items they download from quarantine. We want users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools.

This message is associated with Microsoft 365 Roadmap ID 93305

[When this will happen:]

Standard: will begin rolling out in mid-June and be completed by late June.

Government: will begin rolling out in early July and be completed by late July.
Updated June 16, 2022: We have updated the rollout timeline below. Thank you for your patience.

With this change we are giving the ability to password protects items they download from quarantine. We want users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools.

This message is associated with Microsoft 365 Roadmap ID 93305

[When this will happen:]

Standard: will begin rolling out in early July (previously mid-June) and be completed by mid-July (previously late June).

Government: will begin rolling out in late July (previously early July) and be completed by early August (previously late July).
N/A
MC384784 (Updated) Azure Active Directory: Customize Organizations’ Sign-In and Sign-Up Pages in Company Branding Update the Azure AD and Microsoft 365 login experience with new Company Branding capabilities. You can apply your company’s brand guidance to authentication experiences with pre-defined templates.

This message is associated with Microsoft 365 Roadmap ID 93320

[When this will happen:]

Custom branding will be available for public preview in early July.

Rollout will begin in early October and will be completed by late October.
Updated June 16, 2022: We have updated the rollout timeline below. Thank you for your patience.

Update the Azure AD and Microsoft 365 login experience with new Company Branding capabilities. You can apply your company’s brand guidance to authentication experiences with pre-defined templates.

This message is associated with Microsoft 365 Roadmap ID 93320

[When this will happen:]

Custom branding will be available for public preview in early September (previously early July).

Rollout will begin in early October and will be completed by late December (previously late October).
N/A
MC388232 (Updated) Microsoft Purview Information Protection: Configure Display Colors for Sensitivity Labels (preview) We're simplifying the policy management experience and enhancing the user experience for seeing and selecting sensitivity labels within Office apps by enabling display color configuration for labels.

This message is associated with Microsoft 365 Roadmap IDs 88517 and 93217.

[When this will happen:]

Public preview: will begin rolling out in mid-June and is expected to be complete by mid-July.

Updated June 14, 2022: We have updated the rollout timeline below. Thank you for your patience.

We're simplifying the policy management experience and enhancing the user experience for seeing and selecting sensitivity labels within Office apps by enabling display color configuration for labels.

This message is associated with Microsoft 365 Roadmap IDs 88517 and 93217.

[When this will happen:]

Public preview: will begin rolling out in mid-July (previously mid-June) and is expected to be complete by mid-August (previously mid-July).
N/A
MC388526 (Updated) Microsoft Secure Score is adding new improvement actions for Microsoft Defender for Identity We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of your security posture.

This update will include this new Microsoft Defender for Identity recommendations as Microsoft Secure Score improvement actions:

Resolve unsecure domain configurations

We will continue to add suggested security improvement actions on an ongoing basis.

[When this will happen:]

This will roll out in early June and be complete by mid-June.

Updated June 16, 2022: We have updated the rollout timeline below. Thank you for your patience.

We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of your security posture.

This update will include this new Microsoft Defender for Identity recommendations as Microsoft Secure Score improvement actions:

Resolve unsecure domain configurations

We will continue to add suggested security improvement actions on an ongoing basis.

[When this will happen:]

This will roll out in early June and be complete by late June (previously mid-June).

N/A
MC391950 (Updated) Viva Topics in Teams Viva Topics in Teams allows users to mention topics in their chat conversations so that others in the conversation can easily learn more about a topic by hovering over the topic name and viewing the topic card. This feature requires users to have a Viva Topics license.

This message is associated with Microsoft 365 Roadmap ID 72189

[When this will happen:]

Public Preview: We began rolling out in April and expect complete rollout by late June.

General Availability: Beginning late June and expect to complete by late July.

GCC: Beginning in early July and expect complete rollout by late August.

Updated June 14, 2022: We have updated the content below to show as intended. Thank you for your patience.

Viva Topics in Teams allows users to mention topics in their chat conversations so that others in the conversation can easily learn more about a topic by hovering over the topic name and viewing the topic card. This feature requires users to have a Viva Topics license.

This message is associated with Microsoft 365 Roadmap ID 72189

[When this will happen:]

Public Preview: We began rolling out in April and will continue rolling out through June and expect complete rollout by late June.

General Availability: We will continue rolling out through late June and expect complete rollout by late July.

GCC: We will continue rolling out in early July and expect complete rollout by late August.

N/A
MC392299 Reminder: Windows Distributed Component Object Model (DCOM) hardening changes as of June 14, 2022 As previously announced, security requirements have increased for Windows devices that use the Distributed Component Object Model (DCOM) or Remote Procedure Call (RPC) server technologies. Windows update releases starting June 2021 address a vulnerability in the DCOM remote protocol by progressively increasing security hardening in DCOM. Starting today, June 14, 2022, all DCOM clients attempting to establish connections to DCOM servers which have applied updates released June 14, 2022, or later, must either support an authentication level of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY and higher or temporarily disable that enforcement by using the RequireIntegrityActivationAuthenticationLevel registry key in the DCOM server.

Note: We recommend that you update your devices to the latest security update available to take advantage of the advanced protections from the latest security threats.

When will this happen:

Refer to the below timeline to understand the progressive hardening coming to DCOM.

June 8, 2021 security update: Hardening changes are disabled by default but with the ability to enable them using a registry key.

June 14, 2022 security update: Hardening changes are enabled by default but with the ability to disable them using a registry key.

March 14, 2022 security update: Hardening changes are enabled by default with no ability to disable them. By this point, you must resolve any compatibility issues with the hardening changes and applications in your environment.

Updated June 15: A correction has been made to the timeline dates.

As previously announced, security requirements have increased for Windows devices that use the Distributed Component Object Model (DCOM) or Remote Procedure Call (RPC) server technologies. Windows update releases starting June 2021 address a vulnerability in the DCOM remote protocol by progressively increasing security hardening in DCOM. Starting today, June 14, 2022, all DCOM clients attempting to establish connections to DCOM servers which have applied updates released June 14, 2022, or later, must either support an authentication level of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY and higher or temporarily disable that enforcement by using the RequireIntegrityActivationAuthenticationLevel registry key in the DCOM server.

Note: We recommend that you update your devices to the latest security update available to take advantage of the advanced protections from the latest security threats.

When will this happen:

Refer to the below timeline to understand the progressive hardening coming to DCOM.

June 8, 2021 security update: Hardening changes are disabled by default but with the ability to enable them using a registry key.

June 14, 2022 security update: Hardening changes are enabled by default but with the ability to disable them using a registry key.

March 14, 2023 security update: Hardening changes are enabled by default with no ability to disable them. By this point, you must resolve any compatibility issues with the hardening changes and applications in your environment.

N/A

MC MessageTagNames changes

MC ID MC Title Old Value New Value MC Action required by
MC362284 (Updated) OneDrive sync app will automatically configure accounts New feature, User impact, Admin impact Updated message, New feature, User impact, Admin impact N/A
MC365395 (Updated) Communication Compliance: New classifier to detect sexual harassment (preview) New feature, Admin impact Updated message, New feature, Admin impact N/A
MC381943 (Updated) General availability of Microsoft Defender for Endpoint alerts in Insider Risk Management New feature, Admin impact Updated message, New feature, Admin impact N/A
MC382822 (Updated) Insider Risk Management: General availability of security policy violations templates New feature, Admin impact Updated message, New feature, Admin impact N/A
MC384330 (Updated) Microsoft Defender for Office 365: Password protected download of quarantined messages New feature, Admin impact Updated message, New feature, Admin impact N/A
MC384784 (Updated) Azure Active Directory: Customize Organizations’ Sign-In and Sign-Up Pages in Company Branding New feature, User impact, Admin impact Updated message, New feature, User impact, Admin impact N/A
MC388232 (Updated) Microsoft Purview Information Protection: Configure Display Colors for Sensitivity Labels (preview) New feature, Admin impact Updated message, New feature, Admin impact N/A
MC388526 (Updated) Microsoft Secure Score is adding new improvement actions for Microsoft Defender for Identity New feature, Admin impact Updated message, New feature, Admin impact N/A
MC391950 (Updated) Viva Topics in Teams New feature, User impact Updated message, New feature, User impact N/A

MC prepare changes

MC ID MC Title Old Value New Value MC Action required by
MC337624 (Updated) Temporary Whiteboard collaboration for external and shared device accounts If you have the external sharing for ODB allowed, no further action is required. If you have external sharing disabled, you can leave it disabled but you must enable this new setting.

Connect to SharePoint Online PowerShell and enable this using the Set-SPOTenant cmdlet.

Set-SPOTenant -OneDriveLoopSharingCapability ExternalUserAndGuestSharing

These changes should take approximately 60 minutes to apply across your tenancy. If you do not see these options, please update the PowerShell module.

https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=66759
If you have external sharing enabled for ODB, no further action is required.

If you restrict external sharing for ODB, you can keep it restricted and just enable a new setting in order for external and shared device accounts to work.

Using PowerShell, connect to your tenant and ensure the SPO module is updated by running the following command:

Update-Module -Name Microsoft.Online.SharePoint.PowerShell

Then run the following command:

Set-SPOTenant -AllowAnonymousMeetingParticipantsToAccessWhiteboards On

This setting applies only to whiteboards and replaces the previously shared settings, OneDriveLoopSharingCapability and CoreLoopSharingCapability. Those are no longer applicable and can be disregarded.

Note: The Teams meeting setting “Anonymous users can interact with apps in meetings” is enabled by default. If you have disabled it, any anonymous users (as opposed to guests or federated users) will not have access to the whiteboard during the meeting.

https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=66759
N/A
MC362284 (Updated) OneDrive sync app will automatically configure accounts Ensure that your OneDrive is set up to run in the background. On macOS you can confirm this by setting the "OpenAtLogin" plist. OneDrive already runs in the background on Windows.

If you would like to disable this, then there is a new policy and plist item in build 22.065 called "DisableAutoConfig". If you set this to 1, it will disable this new automatic account configuration.

https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=93242
Ensure that your OneDrive is set up to run in the background. On macOS you can confirm this by setting the "OpenAtLogin" plist. OneDrive already runs in the background on Windows.

If you would like to disable this, then there is a new policy and plist item in build 22.065 called "DisableAutoConfig". If you set this to 1, it will disable this new automatic account configuration.

https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=93242
N/A
MC392299 Reminder: Windows Distributed Component Object Model (DCOM) hardening changes as of June 14, 2022 During the timeline phases in which hardening changes can be enabled or disabled (prior to March 14, 2023), users can use the following registry key:

Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat

Value Name: "RequireIntegrityActivationAuthenticationLevel"

Type: dword

Value Data: default = 0x00000000 means disabled. 0x00000001 means enabled. If this value is not defined, it will default to disabled. You must enter Value Data in hexadecimal format.

Devices must be restarted after setting this registry key, for it to take effect.

Note: Enabling the registry key above will make DCOM servers enforce an Authentication-Level of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY or higher for activation.

To help identify the applications that might have compatibility issues after we enable DCOM security hardening changes, we added new DCOM error events in the System log:

Event 10036 is logged on the DCOM server and contains the IP address of the DCOM client.

Events 10037 and 10038 are logged on the DCOM client, not the DCOM Server machine.

The system will log these events if it detects that a DCOM client application is trying to activate a DCOM server using an authentication level that is less than RPC_C_AUTHN_LEVEL_PKT_INTEGRITY. The client device can be traced from the server-side event log and the client-side event logs can be used to find the application.

If issues are encountered during testing, contact the vendor for the affected client or server software for an update or workaround, and see the DCOM errors supported by all Windows platforms.

Additional Information:

It is important to ensure proper testing for this change. Please review the below documentation.

\[MS-DCOM\]: Distributed Component Object Model (DCOM) Remote Protocol | Microsoft Docs

KB5004442: Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)

CVE-2021-26414: Windows DCOM Server Security Feature Bypass

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dcom/4a893f3d-bd29-48cd-9f43-d9777a4415b0

https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants

https://docs.microsoft.com/openspecs/windows_protocols/ms-dcom/4a893f3d-bd29-48cd-9f43-d9777a4415b0

https://docs.microsoft.com/windows/win32/rpc/authentication-level-constants

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

During the timeline phases in which hardening changes can be enabled or disabled (prior to March 14, 2023), users can use the following registry key:

Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat

Value Name: "RequireIntegrityActivationAuthenticationLevel"

Type: dword

Value Data: default = 0x00000000 means disabled. 0x00000001 means enabled. If this value is not defined, it will default to disabled. You must enter Value Data in hexadecimal format.

Devices must be restarted after setting this registry key, for it to take effect.

Note: Enabling the registry key above will make DCOM servers enforce an Authentication-Level of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY or higher for activation.

To help identify the applications that might have compatibility issues after we enable DCOM security hardening changes, we added new DCOM error events in the System log:

Event 10036 is logged on the DCOM server and contains the IP address of the DCOM client.

Events 10037 and 10038 are logged on the DCOM client, not the DCOM Server machine.

The system will log these events if it detects that a DCOM client application is trying to activate a DCOM server using an authentication level that is less than RPC_C_AUTHN_LEVEL_PKT_INTEGRITY. The client device can be traced from the server-side event log and the client-side event logs can be used to find the application.

If issues are encountered during testing, contact the vendor for the affected client or server software for an update or workaround, and see the DCOM errors supported by all Windows platforms.

Additional Information:

It is important to ensure proper testing for this change. Please review the below documentation.

\[MS-DCOM\]: Distributed Component Object Model (DCOM) Remote Protocol | Microsoft Docs

KB5004442: Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414)

CVE-2021-26414: Windows DCOM Server Security Feature Bypass

https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants

https://docs.microsoft.com/openspecs/windows_protocols/ms-dcom/4a893f3d-bd29-48cd-9f43-d9777a4415b0

https://docs.microsoft.com/windows/win32/rpc/authentication-level-constants

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

https://support.microsoft.com/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

N/A

MC Start Time changes

MC ID MC Title Old Value New Value MC Action required by
MC392299 Reminder: Windows Distributed Component Object Model (DCOM) hardening changes as of June 14, 2022 06/15/2022 01:36:25 2022-06-16T03:16:26Z N/A

MC Title changes

MC ID MC Title Old Value New Value MC Action required by
MC362284 (Updated) OneDrive sync app will automatically configure accounts OneDrive sync app will automatically configure accounts (Updated) OneDrive sync app will automatically configure accounts N/A
MC365395 (Updated) Communication Compliance: New classifier to detect sexual harassment (preview) Communication Compliance: New classifier to detect sexual harassment (preview) (Updated) Communication Compliance: New classifier to detect sexual harassment (preview) N/A
MC381943 (Updated) General availability of Microsoft Defender for Endpoint alerts in Insider Risk Management General availability of Microsoft Defender for Endpoint alerts in Insider Risk Management (Updated) General availability of Microsoft Defender for Endpoint alerts in Insider Risk Management N/A
MC382822 (Updated) Insider Risk Management: General availability of security policy violations templates Insider Risk Management: General availability of security policy violations templates (Updated) Insider Risk Management: General availability of security policy violations templates N/A
MC384330 (Updated) Microsoft Defender for Office 365: Password protected download of quarantined messages Microsoft Defender for Office 365: Password protected download of quarantined messages (Updated) Microsoft Defender for Office 365: Password protected download of quarantined messages N/A
MC384784 (Updated) Azure Active Directory: Customize Organizations’ Sign-In and Sign-Up Pages in Company Branding Azure Active Directory: Customize Organizations’ Sign-In and Sign-Up Pages in Company Branding (Updated) Azure Active Directory: Customize Organizations’ Sign-In and Sign-Up Pages in Company Branding N/A
MC388232 (Updated) Microsoft Purview Information Protection: Configure Display Colors for Sensitivity Labels (preview) Microsoft Purview Information Protection: Configure Display Colors for Sensitivity Labels (preview) (Updated) Microsoft Purview Information Protection: Configure Display Colors for Sensitivity Labels (preview) N/A
MC388526 (Updated) Microsoft Secure Score is adding new improvement actions for Microsoft Defender for Identity Microsoft Secure Score is adding new improvement actions for Microsoft Defender for Identity (Updated) Microsoft Secure Score is adding new improvement actions for Microsoft Defender for Identity N/A
MC391950 (Updated) Viva Topics in Teams Viva Topics in Teams (Updated) Viva Topics in Teams N/A

CW25 New Office 365 Message Center items

MC ID MC Title MC Category MC Workload MC Major Change MC Action required by
MC391952 Microsoft 365 Assessment tool for SharePoint 2013 workflows available now! Stay Informed SharePoint Online False N/A
MC391951 Bing Image Search for Microsoft Whiteboard Stay Informed Microsoft 365 suite False N/A
MC391950 (Updated) Viva Topics in Teams Stay Informed Microsoft Teams, Microsoft Viva False N/A
MC391948 Apply default sensitivity label to unlabeled files uploaded to SharePoint document library (preview) Stay Informed Microsoft 365 suite False N/A
MC391866 Reminder: Significant changes coming to the Windows Diagnostic data processor configuration Stay Informed Windows False 07/01/2022
MC392299 Reminder: Windows Distributed Component Object Model (DCOM) hardening changes as of June 14, 2022 Stay Informed Windows False N/A
MC392295 Disable chat write access for anonymous or unauthenticated users Plan For Change Microsoft Teams False N/A
MC392294 Media Logging Enabled by Default Stay Informed Microsoft Teams False N/A
MC392293 E-signature Approvals on Mobile: View and Take Action Stay Informed Microsoft Teams False N/A
MC392292 E-signature Approval Requests Creation on Mobile Stay Informed Microsoft Teams False N/A
MC392289 Reminder Installation of .Net 4.8 and WebView2 required for Teams Meeting Add-In in Outlook Stay Informed Microsoft Teams False N/A
MC392208 Updates available for Microsoft 365 Apps for all channels Stay Informed Microsoft 365 Apps False N/A
MC392196 Take action: June 2022 security update available for all supported versions of Windows Stay Informed Windows False N/A
MC392640 E-signature Approvals Fully Embedded Within Team Approvals for a Streamlined Experience Stay Informed Microsoft Teams False N/A
MC392478 IE11 desktop application has retired and is out of support as of June 15, 2022 (non-LTSC, non-Server) Plan For Change Microsoft 365 suite True N/A
MC392477 IE11 desktop application has retired and is out of support as of June 15, 2022 (non-LTSC, non-Server) Stay Informed Windows False 06/15/2022
MC393188 Changes to OneNote features: Evernote Importer and IE Web Clipper Plan For Change Office for the web, Microsoft 365 Apps False N/A
MC393185 Reminder: Microsoft Office default change – Blocking VBA macros in files from the internet Plan For Change Microsoft 365 Apps False N/A
MC393184 Records Management – Configure a record label to start unlocked for user-driven records declaration Stay Informed Microsoft 365 suite False N/A
MC393825 Convert Word/Pdf to Quiz in Forms Stay Informed Microsoft 365 suite, Microsoft Forms False N/A
MC393823 Improvements to SharePoint pages authoring - Column reflow and RSS connector web part Stay Informed SharePoint Online False N/A
MC393822 Microsoft Purview Information Protection: Sensitivity labels now apply to modified documents (WXP on PC and Mac) Stay Informed Microsoft 365 suite False N/A
MC393821 Modern Meetings and Calls on Teams Web Client Stay Informed Microsoft Teams False N/A
MC393818 Add DKIM Domain in Sending Infrastructure for Tenant Allow Block Lists-Spoofing Stay Informed Exchange Online False N/A

Login to your account

Welcome Back, We Missed You!