Security hardening: Tighten product security by configuring the recommended security controls available under a single tab.
M365 Security Plus now uses Exchange Online PowerShell v3 module.
You can now configure TLS protocol versions and cipher suites for improved security.
A minor issue in Content Search has been fixed.
Updated Apache commons-text JAR to 1.10.0 to prevent CVE-2022-42889 vulnerability.
An issue in data collection for the following audit profiles has been fixed.
DLP Policy Matches
Transport Rule Matches
Exchange Online PowerShell Module V2 will be used by default to connect to Exchange Online using modern authentication.
Upgraded to jQuery 3.5.1 to improve security of M365 Security Plus.
M365 Security Plus now supports any custom TOTP authenticator for two-factor authentication.
2FA for improved security: Configure two-factor authentication during product login for product authentication and Active Directory-based help desk technicians. The following authentication modes are now available to the users,
Improved support for Japanese and Chinese languages.
The issue of missing default monitoring profiles faced by all other technicians when any of the monitoring profiles were edited by someone has been fixed.
The issue of data not being fetched for the Mail Items Accessed audit action has been fixed.
The issue of missing Secret key in Azure AD application during automatic tenant configuration has been fixed.
The issue of Group criteria filter in Manage Licenses schedule not working for some cases has been fixed.
Improved Japanese and Chinese language support.
Issue where technician was unable to embed Dashboard without being delegated.
Azure AD auditing and alerting : Added seventeen new actions to audit under three new categories, namely Azure AD Policy, Azure AD Device, and Azure AD Directory Management. Twelve new actions have been added under the existing Azure AD User, Azure AD Group, and Azure AD App Administration categories.
OneDrive for Business auditing and alerting : Added twenty eight new actions to audit under two new categories, namely OneDrive List Activities and OneDrive Site Administration.
SharePoint Online auditing and alerting : Added three new actions to audit under SharePoint List Activities and SharePoint Site Administration categories.
New emails alert : Azure China tenants can now set alerts for new emails while configuring content search profiles.
Enhanced UI with newly added descriptions for all actions listed in audit and alert profiles.
The error in updating a service account when quotes are used as special characters in the service account password has been fixed.
Apply SSL certificate: Administrators can now apply self-signed or CA-signed SSL certificate to enable HTTPS.
Forced password reset: Admins and technicians will be forced to reset the default password, if it isn't changed.
Removed Struts framework: Dependency on Struts framework has been removed to enhance product security.
The following issues have been fixed
Issue in filtering users based on group membership while creating help desk technicians.
Minor issues in management and content search modules.
As Microsoft has retired support for auditing Microsoft Sway activities, the audit and alert profiles for Microsoft Sway in M365 Security Plus will no longer be available.
Due to the deprecation of Get-MailDetailMalwareReport cmdlet, M365 Security Plus now uses Get-MailDetailATPReport cmdlet to generate malware based audit reports.