Microsoft Roadmap, messagecenter en blogs updates van 01-01-2025

Updated December 31, 2024: We have updated the rollout timeline below. Thank you for your patience.

Coming soon to Microsoft Purview | Information Protection: Admins will be able to use auto-labeling policies to automatically label files and emails with Fingerprint based SIT (sensitive info type).

This message is associated with Microsoft 365 Roadmap ID 396173.

[When this will happen:]

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late November 2024 and expect to complete by mid-January 2025 (previously mid-December). 

[How this will affect your organization:]

Before this rollout, admins are not able to use auto-labeling policies to automatically label files and emails with Fingerprint based SIT.

After this rollout, you can configure Fingerprint based SIT using the condition Content contains sensitive information types. Files that match Fingerprint based SIT will show in simulation.

Note: Contextual summary is not available for Fingerprint based SITs.

This change will be on by default and available for admins to configure.

[What you need to do to prepare:]

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review use cases and set up for configuring document fingerprinting.

Learn more

• About document fingerprinting | Microsoft Learn
• Automatically apply a sensitivity label in Microsoft 365 | Microsoft Learn

Updated December 31, 2024: We have updated the content. Thank you for your patience.

As part of the convergence of both Microsoft Defender for Identity and Microsoft Defender for Cloud Apps into Microsoft Defender XDR services, we are continuing to move away from legacy experiences and enhancing the unified experiences.

Therefore, we will gradually retire Defender for Identity’s Active Directory and alerts data from Defender for Cloud Apps dedicated experiences. All data, as well as all functionality of the affected experiences, remain available through Microsoft Defender XDR unified experiences, where we will continue to invest our development resources.

[When this will happen:] 

General Availability (Worldwide, GCC, GCC High, DoD): This retirement will begin rolling out in late January 2025 and is expected to complete in early March 2025. 

[How this will affect your organization:]

You are receiving this message because the following changes may affect your organization:

Active directory activities coming from Defender for Identity will no longer be available in Defender for Cloud Apps activity logs. Consequently, Defender for Cloud Apps activity policies will cease from triggering based on Active Directory data.

All Active Directory activities data remains available through Advanced Hunting, in the following tables:

• IdentityLogonEvents
• IdentityDirectoryEvents
• IdentityQueryEvents

To learn more about Advanced Hunting and the Data Schema, visit Proactively hunt for threats with advanced hunting in Microsoft Defender and Understand the advanced hunting schema.

New Active Directory activities, as well as Defender for Identity’s alerts data, will no longer be available through Defender for Cloud Apps Activities API, Alerts API, or dedicated SIEM agents.

All activities and alerts data remains available through Defender XDR Streaming API and Event Hubs.

Learn more about Streaming API.

For more information about how to integrate your SIEM tools with Microsoft Defender XDR, visit Ingesting streaming event data via Event Hubs.

The Identities page under ‘Assets’ in the XDR portal will be updated to better support the new experiences. The page will be divided into two distinct tabs: First-party identities and Third-party accounts. In the User page, “View related activity” action will no longer be available. To learn more about Defender for Identity’s experiences in the XDR portal, visit Microsoft Defender for Identity in the Microsoft Defender portal.

[What you need to do to prepare:]

To ensure a seamless experience, create new custom detections for any activity policies based on active directory data in Advanced Hunting. To learn more about how to create custom detections, visit Create and manage custom detections rules. Suggested queries related to Active Directory activities are available through the portal under Advanced Hunting > Community Queries. For more information, see Use shared queries in Advanced Hunting.

If you are still using Defender for Cloud Apps dedicated API and SIEM agents to consume Defender for Identity activities or alerts, make sure to update your resources according to the above information.

Updated December 31, 2024: We have updated the rollout timeline below. Thank you for your patience.

We’re updating the Microsoft Secure Score improvement action of Microsoft Defender for Endpoint (MDE) to ensure a more accurate representation of security posture.

As part of this change, we will gradually retire the MDE recommendation on SCID-2020, Turn on all system-level Exploit protection settings.

We are working to refine the recommendation, ensuring it aligns more accurately with recommended policies and enhances the overall security value.

[When this will happen:]

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early January 2025 (previously early December) and expect to complete by early February 2025 (previously early January). 

[How this will affect your organization:]

The Turn on all system-level Exploit protection settings recommendation will be completely removed from the UI, and the score will be changed in accordance.

This update is available by default.

[What you need to do to prepare:]

This rollout will happen automatically with no admin action required. You may want to notify your users about this change and update any relevant documentation as appropriate.

Microsoft Copilot in the Microsoft 365 admin center will soon be generally available. Tenants that have at least one Microsoft 365 Copilot license will be able to access Copilot in the Microsoft 365 admin center via the Copilot button on the top right corner of the screen. Copilot experiences in the Teams and SharePoint admin centers will be introduced in the coming months as part of this feature set. Admin accounts do not require a Microsoft 365 Copilot license to be assigned to them, and no additional action is required. 

Copilot in the Microsoft 365 admin center is a set of experiences that harnesses the value of generative AI to boost Microsoft 365 admins’ productivity by streamlining daily work, so admins are empowered to focus on their strategic priorities, make faster decisions, and maximize the value of their investments. 

[When this will happen:]

General Availability (Worldwide): We will begin rolling out late January 2025 and expect to complete by late March 2025.

[How this will affect your organization:]

Copilot in the Microsoft 365 admin centers will be available to all admins and will respect role-based access controls (RBAC) within the admin center, only surfacing information and controls that the particular admin has access to. Copilot will not make any configuration changes on behalf of an admin, keeping security integrity intact.

When available, Copilot in the Microsoft 365 admin centers can help:  

• Optimize routine tasks: Copilot in the Microsoft 365 admin centers leverages AI to simplify and speed up routine administrative tasks, allowing IT admins to focus on strategic initiatives. By providing real-time, contextually relevant information and seamless integration across various Microsoft admin centers, Copilot in Microsoft admin centers enhances productivity and decision-making, ensuring a more efficient and effective Microsoft 365 management experience.
  
• Generate insights faster: Copilot in the Microsoft 365 admin center enables IT admins to quickly access and analyze critical data, enhancing productivity and decision-making. This streamlined approach ensures that administrators can act swiftly and effectively, driving better outcomes for their organizations.
  
• Get more out of Microsoft 365: Copilot in the Microsoft 365 admin center helps IT admins and adoption specialists to understand licensed Microsoft 365 features and capabilities that can unlock new ways of working for both IT admins and users in their organization.  

Optimizing for the flow of your work

Copilot agents are specialized AI assistants designed to enhance the capabilities of Microsoft 365 Copilot by connecting to your organization’s knowledge and data sources. Alongside Copilot in the Microsoft 365 admin center, we’re also rolling out a pre-built admin agent. Rollout of the agent will begin later than Copilot in the Microsoft 365 admin centers but is expected to be completed by the end of March. 

This Copilot agent allows admins to access IT administration capabilities directly within various Microsoft 365 workflows from Business Chat without needing to be in an admin center. 

The Microsoft 365 admin agent respects Role Based Access Controls (RBACs) within the admin center and only surfaces information that the account has access to. When rolled out, if a user has an admin role assigned to them and they have a Microsoft 365 Copilot license assigned, the admin agent will be pre-installed. 

[What you need to do to prepare:]

To learn more about Copilot in the Microsoft 365 admin centers, including how to disable it, please see Copilot in Microsoft 365 admin centers (Preview), and watch our Empowering IT with the latest Microsoft 365 innovation session at Ignite.  

This rollout will happen automatically with no admin action required. 

Microsoft Purview Communication Compliance introduces the ability to identify and flag potential workplace safety concerns in user-reported messages in Microsoft Teams. Investigators now have an additional indication to decide what risk exists in user-reported messages and can configure an Inappropriate Content policy to proactively identify similar inappropriate content moving forward.

This message is associated with Microsoft 365 Roadmap ID 422329.

[When this will happen:]

General Availability (Worldwide): We began rolling out mid-November 2024 and expect to complete by late December 2024.

[How this will affect your organization:]

Communication Compliance customers automatically have a user-reported message policy provisioned when they begin their Communication Compliance journey. After this rollout, user-reported content that triggers a Content Safety classifier will display the classifier name that flagged the message and a severity value in the Severity column:

This feature will be on by default and cannot be turned off. The feature does not change the user-reported message experience. It will only show the following additional information:

• A new banner in the Policies page informing users about content safety classifiers evaluating on user-reported messages, which replaces the old user-reported messages banner.
• A Severity column with a conditions banner if a user-reported message is flagged by a content safety classifier.

For more information, see Create and manage communication compliance policies.

[What you need to do to prepare:]

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your users about this change and update any relevant documentation.

Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (e.g. SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy.