Details on the last Office Protect updates
Announcement - New Security Assessment Tool Live Now!
As mentioned during our last “Keep up with Office Protect” session, we are excited to introduce our latest tool: the Office Protect Security Assessment. Use it to:
- Assess the security of your Microsoft 365 tenants,
- Receive actionable insights and recommendations,
- Generate a report to share with your customers.
It is completely free to use. We look forward to your feedback and suggestions at [email protected].
Major Release - Tuesday September 17, 2024
New Features / Evolutions :
- MFA Audit: You can now create create, customize, and download an Outlook email template to encourage unregistered users to register for Multi-Factor Authentication (MFA).
Learn how to send a MFA registration reminder - General improvement: references to "Azure AD" have been replaced with "Entra ID"
Major Release - Tuesday September 10, 2024
New Features / Evolutions :
- General improvement: all dates in the Office Protect application are now displayed according to your browser's configuration (format / timezone). Please note that security events are still displayed in the timezone selected in the Monitor section.
- News page: new section with Office Protect news and notifications
- MFA Audit:
- You can now filter your tenants from the blue tenant selection banner displayed on top of the page
- The Conditional Access Policies details are now available. To access the details, click on the "MFA CAP" or "Partial MFA CAP" pastilles from the Tenants Configuration table. You can find:
- The Conditional Access policies list
- The number of covered users by each policy
- The conditions applied within the policy
- MFA Audit PDF changes in the "Preamble" section
- You can now refresh a tenant's data, from the side menu in the Tenants Configuration table
- Whitelist: column added to the whitelist table to show the rule's creator
- Security Events details:
- Redirections to Microsoft admin portals when clicking on the source pastille
- Remediation: redirection to "Enable Client Rules Forwarding Block" setting when the setting can improve the situation
Fixes:
- Report:
Major Release - Wednesday August 14, 2024
New Feature: MFA Audit!
We are excited to announce a great new feature in Office Protect: MFA Audit. This feature, one of our most requested, is specifically designed to identify and address Multi-Factor Authentication (MFA) issues across your Microsoft 365 tenants.
With MFA Audit, you will be able to:
- Quickly identify MFA configuration gaps across your tenants
- Detect registration issues with MFA authentication methods
- Gain comprehensive insights into the MFA protections currently in place, and generate a PDF report
MFA Audit is accessible in the Office Protect application today for no additional cost.
Complete documentation for this feature
We look forward to your feedback and suggestions at [email protected]
Major Release - Wednesday July 31, 2024
New Features / Evolutions:
- Report - Remediation: Remove Sharing Link: remove any SharePoint anonymous sharink link for "File Shared Publicly (anonymous)" security events.
- Report:
- In "Suspicious Inbox Rule Created security" events, the mailbox on which the suspicious inbox rule was created has been added
- in "Application Permissions Change" security events, the user's display name has been added
Minor Release - Thursday July 11, 2024
New Features / Evolutions :
- Security Assessment: Legal documents are now available in French language
Fixes:
- Report:
Major Release - Tuesday June 11, 2024
New Features / Evolutions:
- Report - Remediation:
- Remove Rule: remove any inbox rules, mailbox forwarding settings or mail flow (transport) rules for "Mail Forwarding Rule(s) to External Destination Created" and "Suspicious Inbox Rule Detected" security events.
- Health Status: review the appropriate health statuses from the Health Status security events
- Monitor: Logs with "ODMTA" user agents new versions have been whitelisted
Major Release - Wednesday May 29, 2024
New Features / Evolutions:
- Report - Remediation:
- Mailbox Access: remove the user's access to the concerned mailbox for "Mailbox Access Granted to Non-Owner" and "Mailbox Access by Non-Owner" security events.
- Security Settings: configure the appropriate security settings for the following: File Shared Publicly (anonymous), User Consented to an App and Microsoft 365 setting changed/enforced outside/by Office Protect
- Security Assessment - Adjustments to the PDF report design
Major Release - Monday April 30, 2024
New Features / Evolutions:
- Monitor - New security event: be alerted whenever a suspicious inbox rule has been created / updated on your tenant. Learn more
Major Release - Thursday April 25, 2024
New Features / Evolutions:
- Report - Remediation: new user-based remediation added! On all events triggered by / on a user, if the account is deemed compromised, you can now reset the user's password directly from Office Protect.
Fixes:
- Whitelist: Display issues in the form to whitelist a User Consented to an App security events
- Integrations: Integration deletion popup unavailable
Major Release - Thursday March 15, 2024
New Features / Evolutions:
- Autotask integration: the Autotask beta phase has ended and the Autotask connector is now available to everyone!
To set up your integration, follow our guides: - Report - Application state is now displayed in the Remediation section when a remediation on an application can be performed
Fixes:
- Whitelist - Filtering on the Criteria column is working again
- Report - Mail Forwarding Rule(s) to External Destination Created - Some security events could be raised following an update of the rule, even if you had already been alerted about this rule previously and destinations have not changed. From this release, if you have already been alerted on a forwarding rule, you will not be alerted again when it's being updated, except if the external destinations change.
Minor Release - Wednesday February 28, 2024
Fixes:
- Report - Do Not Allow Third-Party Integrated Applications setting changed event
You may have received a security event indicating a change of the Do Not Allow Third-Party Integrated Applications setting value on your tenant (from Enabled to Disabled). This alert was triggered after Microsoft changed the way this setting is managed. Changes to enable, disable and monitor the setting in Office Protect have been published, and the situation has returned to normal. There is no need to reapply the setting if you haven't changed its value since then.
More information on what has changed - Advanced Report - User MFA Status advanced report does not fail anymore on tenants with a large number of users
Major Release - Thursday February 8, 2024
New Features / Evolutions:
- Report - User data standardized in security events to display both the user's principal name and the user's display name
- Report - On Mailbox Access Granted to Non-Owner and Mailbox Access by Non-Owner, the mailbox data has been reviewed to display the mailbox email address instead of the mailbox id
- General - Technical improvements: it takes less time to apply your settings and to monitor your activity
Major Release - Monday January 22, 2024
New Features / Evolutions:
- Monitor - New security event: be alerted whenever permissions have been added or removed from an application installed in your Microsoft Entra ID. This security event can be switch on/off from the Monitor section.
- Monitor - You can now select the timezone in which you would like to receive your security events. By default, the timezone value is EST. To change it, go in the Monitor section > Settings.
- Report / Whitelist - Events triggered on Sharepoint Anonymous Users (id starting with urn:spo:anon:) can now be ignored through a whitelist rule independently of the anonymous user id. Creating a rule on "SharePoint Anonymous User" will ignore all future events triggered by any "urn:spo:anon:..." user.
Fixes:
- Report - CSV export no longer contains default ignore data
Major Release - Monday December 18, 2023
New Features / Evolutions:
- Report - Introducing remediation actions designed to quickly address and contain compromised situations, making your response as easy as a few clicks!
Fixes:
- ConnectWise - Handle ConnectWise on-premise integration
- Redirection from the Cloud Manager portal was sometimes not redirecting to the right tenant
Minor Release - Monday December 4, 2023
New Features / Evolutions:
- Set - Safe Attachments: when applying the Safe Attachments setting, the selected option is now "Block" instead of "Dynamic Delivery", as per Microsoft recommendation. Messages containing malicious attachments won't be delivered and are quarantined. Delivery of safe messages might be delayed due to Safe Attachments scanning.
If your setting is applied with the "Dynamic Delivery" option, you will not receive any Setting Changed security event. - Integrations - Autotask: New health status notification when a configuration changes in Autotask, if a new field is required at the ticket creation.
Major Release - Tuesday November 14, 2023
New Features / Evolutions:
- New Teams settings:
Major Release - Monday October 30, 2023
New Features / Evolutions:
- Autotask & ConnectWise Integrations - Test ticket feature to ensure the integration settings combination works well
- Autotask Integrations - The Queue Id field has been added to the ticket creation settings
Major Release - Monday October 16, 2023
New Features / Evolutions:
- Whitelist rules features - Create customizable whitelist rules to avoid being alerted on events matching specific criteria
How to create a rule to automatically ignore events - Digest emails - Handling of digest emails containing more than 100 events
Minor Release - Monday September 25, 2023
New Features / Evolutions:
- Set - You can now delete unused settings profiles from the profile dropdown list (cross button)
Major Release - Thursday September 14, 2023
New Features / Evolutions:
- Integrations - The Autotask connector is now available in its beta phase! To participate and give us your feedback, email us at [email protected]
Take a look at our documentation to set up the prerequisites - Set - Flag Phishing Emails using Tenant Domain or Staff Name setting improvement: encoded display names are now detected. Whenever an external email is sent with an encoded display name impersonating someone from your organization, the warning banner will be displayed.
Fixes:
- Set - A crash sometimes occured when a change was made to a settings profile with no tenant attached to it.
Major Release - Thursday August 16, 2023
New Features / Evolutions:
ConnectWise integration is now available to all! All the beta references have been removed. To setup your integration, you can refer to our documentation.
- ConnectWise integration - New ticket creation setting: you can now choose your ticket initial status and see the default board related to your ConnectWise Office Protect API Member
Fixes
- Monitor - "License Assigned" and "License Removed" events detection system has been refactored and fixed.
- Setup - Issues when clicking on "Remediate" button when "Office Protect is Active" health status gets declined have been detected and fixed
- Advanced Report - In "User MFA Status" report, conditional access policies with applied conditions were incorrectly reported in the "target" column.
Major Release - Thursday August 10, 2023
New Features / Evolutions:
- Monitor - Microsoft IP whitelisting has been improved
- Advanced Report - New data included in the Azure AD - User MFA Status report:
- Authentication Methods Migration State: migration state from the legacy policies to the new unified policy (authentication methods policies). On September 30th, 2024, the legacy multifactor authentication and self-service password reset policies will be deprecated and all authentication methods will be managed through the authentication methods policies. Values: Pre-migration (use policy for authentication only, respect legacy policies), Migration In Progress (use policy for authentication and SSPR, respect legacy policies), Migration Complete (use policy for authentication and SSPR, ignore legacy policies).
- Allowed Authentication Methods: list of authentication methods allowed for the user through modern authentication methods policies. An authentication method can be allowed, but it does not mean the user has already registered, nor that MFA is enabled for the user. Important note: this list does not reflect legacy authentication methods. If the migration is in Complete state, this list is exhaustive. Otherwise, legacy authentication methods could still be enabled on your organization.
- Last Sign In now only reflects the last successful Sign In
Fixes
- Monitor - "Too Many Logins" events duplicates fix
Major Release - Monday July 31, 2023
New Features / Evolutions:
- Advanced Report - New data included in the Azure AD - User MFA Status report:
- Roles: User's roles in Entra ID (Azure AD)
- Enrolled Authentication Methods: List of authentication methods the user has registered on.
- Conditional Access Policies details:
- Target: Conditional Access Policy that applies with no conditions
- Conditional: Conditional Access Policy that applies with conditions. Related conditions are display in brakets next to the policy's name
- Only if tenant is licensed with Azure AD Premium (P1 or P2) - Last Sign-In details:
- Last Sign-In Requirement: What MFA requirement was in place at the user’s last sign-in?
- Last Sign-In Details: List of authentication steps that took place at the user’s last sign-in
- Last Sign-In Interpretation: Interpretation of the sign-in scenario based on the sign-in authentication steps and sign-in details.
- Advanced Report - We have updated our required permissions for the Office Protect Entra ID (Azure AD) application by adding the “ReportSettings.ReadWrite.All” permission.
This will allow the Office Protect application to change a required setting to access some data in the users Advanced Reports. Concerned setting: 'Display concealed users, group, and site names in all reports', accessible in Microsoft 365 admin portal > Org settings > Reports.
If your Office Protect application is active, you don't need to do anything.
If your Office Protect application is unhealthy, you should have received a new Health Status change alert. To resolve the issue, you need to restore the application's permissions: see our article on how to reconsent.
In all cases, your tenants are still being monitored without this permission.
Minor Release - Monday July 17, 2023
Fixes:
- Set - Due to a change in Microsoft on the Safe Attachments setting, the application of Enable Safe Attachments was failing. A fix has been deployed, the setting can now be enabled correctly.
Major Release - Thursday July 06, 2023
New Features / Evolutions:
- Set - Two new SharePoint settings! Click on each one to learn more:
- Set - To increase the settings clarity, we changed the lists display: the values are now displayed in two different lists (authorized and unauthorized). Impacted settings:
- Block "Bad" File Extension Attachments
- Block Top Spamming Countries
- Only Allow Emails in Specific Languages
- Monitor - New Microsoft 365 setting enforced by Office Protect alert: to give you more details when Office Protect automatically re-applies a configuration on your tenant, we distinguished this new alert from Microsoft 365 setting changed outside Office Protect alerts. Also, for greater flexibility, you can enable or disable Alerts / Digests for this new alert from the Monitor section. By default, it will be configured the same as your Microsoft 365 setting changed outside Office Protect alert.
Learn more about the new event here
Fixes:
- ConnectWise Beta - Performance fix on the list of companies when the list is too big
- Set - Fix on default value not displayed if the setting has not been initialized (messages and lists)
- Set - Account Passwords Never Expire setting cannot be applied on domains with types "None". To avoid a failure, Office Protect will not attempt to change the expiration value on "None" domains.
- Advanced Report - Fix on the dates display
- Monitor - Fix on the Exchange Scripting(Powershell) Access application if two users within the same organization have the same display name.
- Monitor - License Assigned and License Removed alerts were not correctly triggered due to a change in Microsoft audit logs operations.
Major Release - Thursday June 08, 2023
New Features / Evolutions:
- Three new Defender settings! Click on each one to learn more:
- Advanced Reporting is now a permanent part of Office Protect Core
Fixes:
- ConnectWise Beta - Fix on credentials verification
- Security Events - Setting changed detection fix
Major Release - Thursday May 25, 2023
New Features / Evolutions:
- The ConnectWise connector is now available in its beta phase! To participate and give us your feedback, email us at [email protected]
- Adding of an Office Protect link in Security Events emails
Fixes:
- Health Status - Office Protect Health Status "Unavailable" on some tenants: the remediation button is now available
- Set - Settings profile not displayed on some tenants. Note: it had no impact on the settings application nor the profile itself.