What's new: Microsoft 365 Security & Compliance November 2022

Note:

All information subject to change; might be incomplete
List reflects status as of writing (November 15th, 2022; no updates afterwards)

Timeframe: Mid-October – Mid-November

The intention of this series of posts is to give an overview about security & compliance news I find relevant without going into that much detail.

Azure Active Directory

GA: Azure AD Provisioning Agent version 1.1.977.0
GA: Windows Hello for Business Cloud Kerberos Trust
GA: Microsoft Authenticator advanced features (number matching, additional context)
GA: App registrations now max out at 400 API permissions / 50 distinct APIs being used
GA: Device-based Conditional Access for Linux Desktops
GA: Deprecation of Azure MFA server starting September 30th, 2024
Public Preview: Conditional Access Authentication Strengths for external identites
Public Preview: Lifecycle Workflows
Public Preview: Conditional Access app filter
Public Preview: Certificate-Based Authentication (CBA) for Mobile

Azure AD Identity Protection alerts are now streaming to Microsoft 365 Defender (all, high-only, none)
Incident Attack Story
Incident Context
Automatic Attack Disruption
Attack Insights

Private Preview: allow expiry management
“A potentially malicious URL click was detected” includes all link clicks of the last 48 hours

New health alert: NTLM auditing
New security alert: “Abnormal Active Directory Federation Services (AD FS) authentication using a suspicious certificate”
Remediation actions can use the local system account of the Domain Controller(s)

Public Preview: Native Integration of Microsoft Defender for Cloud Apps in Microsoft 365 Defender

IoT devices on the entity page
Azure AD Identity Protection alerts transported via the Microsoft 365 Defender connector
Reduced fields in the classic Identity Protection connector: CompromisedEntity, ExtendedProperties[“User Account”], ExtendedProperties[“User Name”]
New schema for the CommonSecurityLog table starting February 28th, 2023
GA: enhanced storage features (basic logs, archived logs, enhanced search)
New solutions: Rubrik, Tanium
Revised incident overview page
Preview: out of the box anomaly detection on the SAP audit log
Preview: Common Event Format (CEF) via AMA

Microsoft Purview Data Loss Prevention Ninja Training
Deprecation: Reports page (December 2022)
Forced migration from legacy Office 365 Message Encryption to Microsoft Purview Message Encryption (starting April 2023)
AIP scanner configuration migration to the compliance portal
Classic AIP page in the Azure Portal will be removed on January 15th, 2023
Data Loss Prevention: complex conditions like “A AND (B OR C)”
New Endpoint DLP capabilities: authorized sensitive site groups, authorized removable storage or USB, authorized network share paths, authorized printer groups, network location as a condition in DLP policy
Private Preview: Restricted Access Controls (RACs) for SharePoint Sites
GA: Restricted Access Controls für OneDrive
GA: Conditional Access for SharePoint Sites, OneDrive, and Teams (via Authentication Context)
Private Preview: opening encrypted files with User-Defined Permissions in Office Online including co-authoring
Private Preview: support for encrypted PDF files in Office Online (browser rendering, search, DLP)
(!) Private Preview: OneDrive and SharePoint Premium API to set sensitivity labels
Public Preview: Information Barriers 2.0
GA: anti-malware scan on download in SharePoint Online

Thanks for reading!

Chris

Note
Please note that all content on this blog is provided ‘as is’ without any warranty.