Like most of you, I receive email updates about all the service updates to Microsoft 365 and feature changes. I read these each time, sometimes they are helpful, and other times they are just bug fixes or roll-outs of features I rarely use. Sometimes, however, there are really good updates and features. In one I received yesterday and a whole host of end-user feature updates, there were a couple that I like.

Automatically Configure Teams Data Loss Prevention Policies to Protect Files Shared in Team Messages

The first one of interest is an update to the roadmap item 85667. This roadmap item allows you to automatically protect private chats and channel messages within new and existing teams. The message is just an update on the rollout timing and expectations.

How will this affect your organization?

With this new feature, Microsoft is adding the capability to deploy Teams Data Loss Prevention policies to automatically protect the content shared as a part of the Teams “Team” and “Chats.”

When users in a particular Teams team and channel utilize a Data Loss Prevention policy, all messages are protected. With this capability, you can apply the same Teams Data Loss Prevention policy rules and actions on the associated SharePoint site that stores documents shared by users within the Team/ and Channel. It will enable you to manage protection with the same Teams Data Loss Prevention policy rather than requiring the application of distinct policies to SharePoint and OneDrive for Business individually to cover the documents.

Additionally, when users protected as a part of the Teams Data Loss Prevention policy initiate a One-on-One chat, the Teams Data Loss Prevention policy protects the chat conversation. With this new capability, you can apply the same Teams Data Loss Prevention policy rules and actions on the associated OneDrive for Business folder that stores any documents shared by a chat participant.

More Details Here: https://admin.microsoft.com/AdminPortal/home?#/MessageCenter/:/messages/MC316441

Certificate-based Authentication for Security and Compliance Center PowerShell

A common task is to connect to the Security and Compliance capabilities using PowerShell. You currently use the current Exchange Online PowerShell Version 2 module, which supports “App-only” access. If you don’t know this, you use an Azure Active Directory App Registration / Application for the connection instead of passing credentials and assigning specific access.

With this update, you can connect to the Security and Compliance PowerShell using certificate-based authentication to allow the use of unattended App-only access. You will need to migrate any existing connections to use the new approach.

More Details on Using PowerShell to Connect to the Security and Compliance Center are available here: https://docs.microsoft.com/en-us/powershell/exchange/connect-to-scc-powershell?view=exchange-ps.

App-only Authentication using the Exchange Online PowerShell Version 2 Modules is here: https://docs.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps.

Exciting Future Updates

A few updates are coming this year that I am excited about:

Feature ID: 82163 SharePoint: Security- Granular conditional access policies

Continuing our investment in sensitivity labels by adding more policy controls, like my favorite one – granular Conditional Access. For example, the Top-Secret label can now have a conditional access policy that requires multi-factor authentication when accessing a site.

Feature ID: 82115 Microsoft Information Protection: Granular conditional access policies via “Sensitivity Labels” for SharePoint Online sites

Admins will have the ability to use Azure AD conditional access policies to trigger multi-factor authentication (MFA) device and location policies on a specific SharePoint site collection based by simply attaching CA policies to a label.

Feature ID: 85979 Microsoft Information Protection: Granular conditional access policies via “Sensitivity Labels” for SharePoint Online sites for GCC-High and DoD

Admins will have the ability to use Azure AD conditional access policies to trigger multi-factor authentication (MFA) device and location policies on a specific SharePoint site collection based by simply attaching CA policies to a label.