check before: 2025-04-21
Product:
Purview, Purview Communication Compliance
Platform:
Online, Web, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Due to ongoing security hardening of Microsoft Purview services, the Microsoft Purview Audit Management Activity API will be hosted on a new set of IP addresses which will have a new service tag.
[When this will happen:]
This change will be in effect on April 21, 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-04-11
updated:
2025-04-11
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Network Access Issues
If the new service tag is not added to the organization's network security policies, users may experience loss of access to the Microsoft Purview Audit Management Activity API, leading to disruptions in compliance monitoring and reporting.
- roles: Network Administrator, Compliance Officer
- references: https://aka.ms/m365endpoints, https://learn.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference?toc=%2Fmicrosoft-365%2Fcompliance%2Ftoc.json&bc=%2Fmicrosoft-365%2Fbreadcrumb%2Ftoc.json
Increased Security Risks
Failure to update the service tag may expose the organization to security vulnerabilities, as outdated configurations could allow unauthorized access or data breaches.
- roles: Security Analyst, IT Manager
- references: https://www.microsoft.com/en-us/download/details.aspx?id=56519, https://learn.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference?toc=%2Fmicrosoft-365%2Fcompliance%2Ftoc.json&bc=%2Fmicrosoft-365%2Fbreadcrumb%2Ftoc.json
User Experience Degradation
Users relying on the Microsoft Purview services for compliance and audit activities may face interruptions, leading to frustration and decreased productivity if the service tag is not updated in time.
- roles: End User, Compliance Officer
- references: https://aka.ms/m365endpoints, https://learn.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference?toc=%2Fmicrosoft-365%2Fcompliance%2Ftoc.json&bc=%2Fmicrosoft-365%2Fbreadcrumb%2Ftoc.json
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Network Security Policy Update
By updating network security policies to accommodate the new service tag for Microsoft Purview, organizations can enhance their security posture and ensure uninterrupted access to essential services. This will also allow for more streamlined management of IP addresses and service tags, reducing potential misconfigurations.
- next-steps: Review current network security policies and access controls. Update configurations to include the new service tag 'AzureFrontDoor.MicrosoftSecurity' before April 21, 2025. Conduct testing to ensure access is maintained post-update.
- roles: Network Administrators, Security Officers, IT Managers
- references: https://aka.ms/m365endpoints, https://learn.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference?toc=%2Fmicrosoft-365%2Fcompliance%2Ftoc.json&bc=%2Fmicrosoft-365%2Fbreadcrumb%2Ftoc.json
Centralized IP Management
Implementing a centralized IP management system can streamline the process of updating and managing service tags across multiple services. This reduces the administrative burden on IT teams and minimizes the risk of errors during updates.
- next-steps: Evaluate existing IP management tools and processes. Consider adopting a centralized IP management solution that integrates with Azure services. Train IT staff on new processes and tools.
- roles: IT Administrators, Network Engineers, DevOps Teams
- references: https://www.microsoft.com/en-us/download/details.aspx?id=56519, https://learn.microsoft.com/en-us/azure/architecture/best-practices/ip-management
Automation of Security Policy Updates
Automating the updates of security policies related to service tags can significantly reduce the workload on IT teams and ensure timely compliance with Microsoftâs updates. This can be achieved through scripts or configuration management tools.
- next-steps: Identify repetitive tasks in the security policy update process. Develop scripts or utilize configuration management tools to automate these updates. Test automation scripts in a controlled environment before full deployment.
- roles: IT Automation Engineers, Network Security Administrators, System Administrators
- references: https://learn.microsoft.com/en-us/azure/automation/automation-overview, https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 4 weeks ago ago
