M365 Security Plus Release Notes

Issue fixes

• A security issue in the Export Graph functionality of the Dashboard that could lead to unauthorized data access has been fixed.
• MSP-22811: As part of security improvements, legacy JAR files and outdated dependencies have been upgraded or removed, and updated dependencies have been introduced. Click here to view the currently used third-party components.
• MSP-23232: As part of security improvements, Apache Log4j has been upgraded from version 2.17.1 to version 2.25.3.
• MSP-23270: As part of security improvements, cxf-core-3.2.2.jar has been removed and SnakeYAML has been upgraded to version 2.5 within Elasticsearch.
• MSP-23298: As part of security improvements, Zulu JRE has been upgraded to version 8.92.0.19 (OpenJDK 1.8.0_482).
• MSP-23454: A security issue with an outdated Apache Tomcat version that posed potential risks has been fixed by upgrading to version 9.0.115.
• MSP-23524: An issue where file-to-database data transfer using the Bulk Copy Program (BCP) failed when the SQL Server password contained a semicolon has been fixed.
• MSP-23541: An issue where deleting technicians failed when a large number of technicians were configured has been fixed.

Enhancements

• Duo Security certificates update: The Duo Universal Java SDK has been updated to version 1.3.1, along with dependent Java libraries, to support Duo's updated certificate authority bundle. Update M365 Security Plus before Feb. 2, 2026 to prevent technician authentication failures caused by expiring Duo certificates.

Enhancements

• Apache Tomcat has been updated in M365 Security Plus to version 9.0.112.
• Zulu JRE has been updated in M365 Security Plus to version 8.90.0.19, which is based on OpenJDK 1.8.0_472.

Issue fixes

• An issue that prevented M365 Security Plus from connecting to Exchange Online when using an authenticated proxy has been fixed.
• An issue in the Manage Licenses page where the scheduler displayed a different time than the configured value has been fixed.
• An issue in launching M365 Security Plus from the shortcut icon when SSL is enabled in the product has been fixed.
• An issue after updating M365 Security Plus to build 4803 that caused the Mail Trace audit profile to fail in global service cloud tenants where the Get-MessageTraceV2 cmdlet was not rolled out has been fixed.

Issue fixes

• An issue that caused a CPU usage spike in the database while collecting audit data has been fixed.
• An issue that caused Elasticsearch to consume more memory than required when running any alert profile has been fixed.
• An issue in Scheduled Audit Profiles where updates to the Scheduled to Run field (Custom time option) weren’t reflected in the UI has been fixed.

Issue fixes

• Some minor issues have been fixed.

Important: As Microsoft has deprecated the Get-Message and Get-MessageTraceDetail cmdlets for tenants in the Microsoft 365 global cloud, audit actions will now use the updated Get-MessageTraceV2 cmdlet instead. Check out this page for the list of affected audit actions and update your M365 Security Plus instance to build 4802 for uninterrupted access to these audits.

Enhancements

• The Period filter in all audits and alerts now features a Last 12 Hours option to view recent activities conveniently.
• All occurrences of Yammer in M365 Security Plus have been updated to Viva Engage to reflect Microsoft's rebranding.
• Apache Tomcat used in the product has been updated to version 9.0.108.
• Zulu JRE used in the product has been updated to version 8.88.0.19, which is based on OpenJDK 1.8.0_462.

Issue fixes

• An issue in the eDiscovery Activities category of audit reports where the Target column displayed the object's GUID instead of its display name has been fixed.
• An issue in Archive Settings that prevented Microsoft 365 audit logs from being archived after updating to M365 Security Plus build 4800 has been fixed.

Enhancements

• The PostgreSQL database bundled with the product has been updated to version 15.7 for enhanced security and performance. For upgrade requirements and details, please refer to this Knowledge Base article on how to update to build 4800.
• Apache Tomcat used in the product has been updated to version 9.0.104.
• Zulu JRE used in the product has been updated to version 8.86.0.25 (OpenJDK 1.8.0_452).

Issue fix

• An issue in Exchange Online audits where the Moved messages to another folder audit action included items that were deleted from the users' inbox has been fixed.

Issue fix

• An issue in Auto Update that prevented it from checking for new product updates has been fixed.

Enhancement

• Japanese translations in the product have been improved.

Feature

• OneDrive Sensitivity Labels audit reports: You can now audit and track the details of events where sensitivity labels were added, changed, or removed on OneDrive for Business files.

Enhancements

• M365 Security Plus no longer depends on a service account to execute operations. All functionalities can now be configured using only an Entra application registration. This eliminates the previous requirement to disable MFA on service accounts, providing smoother and more secure access to tenant resources.
  Note

  Existing customers updating from build number 4619 and lower can choose to remove their configured service accounts from M365 Security Plus and update their Entra app permissions. Check out how to remove your service account from M365 Security Plus.

• Four new audit and alert actions, Applied sensitivity label to site, Changed sensitivity label on site, Removed sensitivity label from site, and Changed sensitivity label using apps, have been added to the SharePoint Sensitivity Labels category of audit reports.
• M365 Security Plus now uses Zulu JRE version 8.0.432 for enhanced performance and reliability.
• As Microsoft has deprecated Azure Active Directory Library (ADAL), M365 Security Plus now uses REST API–based authentication to connect with Microsoft 365.

Issue Fix

• An issue that caused schedule profiles to display the "Success" status in the schedule history even when notifications were not sent has been fixed.

Deprecation

• Text Messaging audits: As Microsoft has deprecated Outlook's text message notification service, the Text Messaging category of audit reports and alerts under Exchange Online will no longer be available.
• User Photo audits: As Microsoft has deprecated the UserPhoto cmdlets that were used to gather the data on user profile images, the User Photo category of audit reports and alerts under Exchange Online will no longer be available.
• Microsoft Stream audits: As Microsoft has deprecated Microsoft Stream (Classic) on Feb. 15, 2025, audits and alerts under the Microsoft Stream service will no longer be available.
• Azure Information Protection: As Microsoft has deprecated Azure Information Protection, monitoring profiles under the Azure Information Protection service will no longer be available.

Enhancement

• You can now register for security advisory notifications from the Security Hardening section to ensure timely updates about recently released fixes for vulnerabilities.

Issue Fixes

• An issue with collecting audit data in US government environments that caused audit reports to display no data has been fixed.
• An issue in the OneDrive Sharing Activities audit report where the Group Type column showed the Group Name and vice versa has been fixed.

Enhancement

• As Microsoft has deprecated the Search-AdminAuditLog cmdlet, audit profiles that previously used it will now switch to the Search-UnifiedAuditLog cmdlet.

Deprecation

• Unified Messaging audit profiles: As Microsoft has retired support for Unified Messaging service for Exchange Online, the following category of audit and alert profiles will no longer be available.
  • Unified Messaging auto attendant
  • Unified Messaging call answering rule
  • Unified Messaging dial plan
  • Unified Messaging hunt group
  • Unified Messaging IP gateway
  • Unified Messaging mailbox
  • Unified Messaging mailbox pin
  • Unified Messaging mailbox policy
  • Unified Messaging prompt management
• Site Mailbox audit profile: As Microsoft has retired support for site mailboxes in Exchange Online, the Site Mailbox category of audit profiles will no longer be available.
• The following audit actions have been deprecated in the listed audit profile categories.
  • The Imported transport rule collections audit action in the Mailflow category has been removed as the cmdlet Import-TransportRuleCollection has been deprecated by Microsoft.
  • The Configured text message notification for calendar events audit action in the Calendar audit category has been removed as the cmdlet Set-CalendarNotification has been deprecated by Microsoft.

Enhancements

• Additional ciphers can now be selected for configuring HTTPS in M365 Security Plus.
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• The performance of the Mail Trace audit profiles has been improved.
• Two new Actions have been added to the Azure AD user category of audit profiles.
  • Enable account
  • Disable account
• You can now filter the users you want to apply the product license using their On-premise OU Name in the Manage License menu.

Issue Fixes

• An issue that caused audits and alerts configured to display incorrect geo-location data has been fixed.
• An issue that caused Elasticsearch to consume more memory than required when running any alert profile has been fixed.
• An issue that hindered setting up any tenant in M365 Security Plus with an application secret that included a + symbol has been fixed.
• An issue that caused the log forwarder to fail when collecting audit data for up to the last seven days has been fixed.
• An issue that caused automatic product updates to fail due to PostgreSQL connection read timeout errors has been fixed.
• An issue where technicians in Log360 were not able to view the license details of M365 Security Plus has been fixed.

Enhancements

• Support for Duo Security Web v4 SDK: You can now configure Duo Security using Web v4 SDK as a secondary authentication factor to verify technicians when they log in to M365 Security Plus. Duo security has announced end-of-life for Web v2 SDK on March 30, 2024. We recommend all users to configure Web v4 SDK immediately.
• Audit and Alert schedules deleted by help desk technicians can now be audited with HDT Audit Reports.
• Size limit thresholds for archived audit log files have been configured. If the file size of the archive exceeds 5GB, a new file will be created to minimize the chances of the entire archive becoming corrupted.

Issue Fixes

• An issue in all audit reports that caused data inconsistency in displaying the appropriate Country/Region has been fixed.
• An issue that prevented editing content search profiles has been fixed.
• A UI issue in the alert mail notifications where the report data exported were not properly aligned in the table has been fixed.
• An issue in notification templates where image changes made in the templates do not reflect in the mails triggered from Alerts and Scheduled Reports has been fixed.
• An issue in managing product licenses for users with mailboxes assigned to them has been fixed.
• An issue in Elasticsearch memory management that caused M365 Security Plus to consume more memory than required has been fixed.
• An issue that caused the automatic product update to fail has been fixed.
• An issue where REST API Delta Sync failed to work in a proxy-only environment has been fixed.
• An issue that caused Microsoft SQL database migration to fail in SSL-enabled environments has been fixed.
• A limitation in the Mail Server Settings that restricted the use of characters ' < ' and ' > 'to set passwords has been fixed.

Issue fix

• Some minor issues have been fixed.

Issue fix

• An issue where the deletion of any profile in the Audit, Alert, and Monitoring modules causes all scheduled profiles to be deleted has been fixed.

Issue fixes

• Every M365 Security Plus instance will now have a randomised password for the database bundled with the product.
• A vulnerability where the configured username can be identified using brute-force methods in the login page has been fixed.

Issue fixes

• An issue where technicians using Microsoft Edge could not access any data when they log in to Microsoft 365 before accessing the M365 Security Plus console has been fixed.

How to update?

• Update using service pack

Issue fix

• Some minor issues have been fixed.

How to update?

• Update using service pack

Enhancements

• Two new audit and alert actions, RecycledFile and RecycledFolder, have been added to the OneDrive and SharePoint File Folder Activities audit profile and alert profile categories.
• The list of jobs in the Jobs window will now remain unaffected after the product is restarted.
• You can now view the status of the archiving process in the Jobs window.
• Japanese and Chinese language support in the product has been improved.

How to update?

• Update using service pack

Enhancements

• You can now schedule and configure backups for the product database from the Settings tab.
• All reports can now be exported in the new XLSX file format instead of the older XLSX format.

Bug Fixes

• A CSRF issue in the change default password setting has been fixed.
• A few vulnerable JAR components have been updated to their latest versions.

How to update?

• Update using service pack

Enhancement

• The public key certificate used for service pack upgrade has been updated.

How to update?

• Update using service pack

Feature

• Mail Server Authentication:
  • You can now secure access to your mail server using OAuth, besides basic authentication.

Deprecation

• The cmdlet used for the Spam Detection audit profile has been deprecated by Microsoft. This audit profile will no longer be available.
• The Update user credentials audit action has been deprecated by Microsoft. Instead, you can use the Change User Password audit action to audit the same.

Issue Fixes

• The vulnerable JSON library (CVE-2023-5072) used previously in the product has been upgraded to the latest version 20231013.
• An issue in Mail trace audit where the report was not able to be exported when the Size column was selected, has been fixed.

How to update?

• Update using service pack

Issue fixes

• An issue where the product randomly restarts while collecting Exchange Online data has been fixed.
• An issue where the product could not be updated to the latest version if the default technician account was deleted has been fixed.
• A minor issue in data collection for audits has been fixed.

How to update?

• Update using service pack

Issue Fix

• An issue which occurs when modifying Report Settings from the Settings tab has been fixed.

How to update?

• Update using service pack

Enhancement

• Certificate-based authentication for REST API applications is now supported. You can now update the certificate details in Tenant Settings to authenticate your REST API application against Azure AD, while requesting app-only access tokens.

How to update?

• Update using service pack

Issue Fixes

• An issue in Scheduled Reports where technicians could view admin-created Audit, Alert, and Monitoring profiles while creating scheduled reports has been fixed.
• A security vulnerability in the visibility of the product database's password encryption key, as reported by Evan through our bug bounty program, has been fixed.
• A security vulnerability in TFA verification has been fixed.

How to update?

• Update using service pack

Features

• 2FA for Microsoft 365 technicians: 2FA can now be enabled for technician accounts that use Microsoft 365 authentication to log in to M365 Security Plus.

Issue Fixes

• Technician accounts with the Super Admin role can now configure the SSL connection settings.
• Elasticsearch data engine is now configured to use TLS 1.2 by default.
• An issue with generating Group Settings Creation, Modification, Deletion Reports and Audit profiles has been fixed.
• An issue which caused excess memory consumption due to the Elasticsearch data engine has been fixed.
• An issue with Elasticsearch migration which occurs due to the inclusion of unsupported values has been fixed.
• An issue with dashboards created by Microsoft 365 technician accounts where the product used their credentials instead of the service account's credentials has been fixed.
• M365 Security Plus will now use TLS 1.2 by default to connect to Exchange Online.

How to update?

• Update using service pack

Enhancement

• Parsed user agent details have been added in Audit, and Alerts modules. It is now possible to view specifications of the user agent like client version, OS version, and raw data.

Issue Fixes

• The issue which occurs when exporting scheduled audit reports where the description set in Export Settings is not updated in the exported file has been fixed.
• The issue in Business Hours filter of audit reports where events occurring on Sundays were not considered under Non-Business Hours has been fixed.

How to update?

• Update using service pack

Issue fixed

• Some minor issues have been fixed.

How to update?

• Update using service pack

Enhancements

• Japanese language support in the product has been improved.
• M365 Security Plus is now supported on Windows Server 2022 and Windows 11 operating systems.

How to update?

• Update using service pack

Enhancement

• The Support tab now includes details of product-related events.

Issues fixed

• The issue of Microsoft 365 technicians not being able to login to the product when the product is configured to run in the 443 port has been fixed.
• The issue of auto-update failing in some environments has been fixed.

How to update?

• Update using service pack

Enhancement

• Revert option has now been enabled for the Embed Dashboard and Embed Widget features. Users can now revert an already generated embed link and regenerate a new one with this option.

Issues fixed

• The issue of Country Field showing no value in audit reports after updating the product to the 4529 build has been fixed.
• Vulnerable components (certain JAR files) have been updated to improve security of M365 Security Plus.
• The issue of License Details being visible to non-delegated technicians has been fixed.
• The issue of not being able to add AD technicians if you have added special characters in the Domain User Name field has been fixed.
• The issue of Microsoft login API failing in the endpoints troubleshooting module has been fixed.

How to update?

• Update using service pack

Issues fixed

• A two-factor authentication bypass vulnerability (CVE-2023-35785) reported by dalt4sec through our bug bounty program has been fixed.
• The issue of product update failing when using the Turkish collation MS SQL build has been fixed.
• The issue of establishing Exchange sessions in some environments has been fixed.
• The issue of failing to collect audit data via Management API if the hostname was not resolved by the product has been fixed.

How to update?

• Update using service pack

Feature

• Backup and Recovery add-on: Introducing backup and recovery add-on to protect Exchange Online mailbox data. The add-on provides the following capabilities:
  • Backup Exchange Online mailboxes: Back up entire Exchange Online mailboxes, including all emails, calendar entries, contacts, journals, notes, posts, and tasks.
  • Restore Exchange Online mailboxes: Recover an entire mailbox from backup or perform item-level restoration. You can restore these mailbox items to either the same mailbox or to a different mailbox, or even to a mailbox in a different tenant.
  • Export Exchange Online mailboxes to PST: Export an entire mailbox in PST format for archival or export only specific mailbox items based on your needs. You can also choose to export the backed up contents of Exchange Online mailboxes in PST format, and store them securely.

How to update?

• Update using service pack

Enhancement

• Users can now view the Schedule History for the Product Schedulers.

Issues fixed

• The issue of geo-location data not being collected has been fixed.
• The issue with timezone conversion in the Exchange Online module that resulted in data not being available for the required time period in the Mail Trace Audit report has been fixed.
• The issue of threshold-based alert notifications not being sent out has been fixed.

How to update?

• Update using service pack

Feature

• Archiving: Users now have the option to archive and restore audit logs stored in Elasticsearch data engine.

How to update?

• Update using service pack

Issues fixed

• Some minor issues have been fixed.

How to update?

• Update using service pack

Issues fixed

• Troubleshooting: Users can now check and troubleshoot the issues in their network connection, URL endpoints connection, Exchange session creation and authentication, and permissions required by the Azure AD application and service account from the product's Tenant Settings option.

Enhancements

• Technicians can now export the managed/unmanaged objects list from the Manage License module.

Issue fixes

• The issue of the product's custom logo not being displayed on the product login and MFA page has been fixed.
• The issue of unauthenticated file access in notification templates' attachment option has been fixed.
• The issue of incorrect count of monitoring service health events has been fixed.
• The issue of not being able to update the Exchange URI settings has been fixed.
• The issue of client info data parsing in audit has been fixed.
• The issue of AD technicians not being able to login if any leading or trailing spaces were given in the Domain User Name while adding them as technicians has been fixed.
• The issue of not being able to connect to Exchange Online module in the Azure US tenant has been fixed.

How to update?

• Update using service pack

Issue fix

• An authenticated remote command execution vulnerability, reported by KyoDream through our bug bounty program, has been fixed.

How to update?

• Update using service pack

Issue fix

• Some minor issues have been fixed.

How to update?

• Update using service pack

Enhancement

• Improved Japanese language support.

How to update?

• Update using service pack

Enhancement

• M365 Security Plus now uses Management API, along with PowerShell scripting, to collect audit logs for the following services:
  • Azure Active Directory
  • Compliance
  • Exchange Online (excluding a few profiles.)
  • Microsoft Forms
  • Microsoft Stream
  • Microsoft Teams
  • OneDrive for Business
  • Power Apps
  • Power Automate
  • Power BI
  • SharePoint Online
  • Yammer

How to update?

• Update using service pack

Feature

• Security hardening: Tighten product security by configuring the recommended security controls available under a single tab.

Enhancements

• M365 Security Plus now uses Exchange Online PowerShell v3 module.
• You can now configure TLS protocol versions and cipher suites for improved security.

Issues fixed

• A minor issue in Content Search has been fixed.
• Updated Apache commons-text JAR to 1.10.0 to prevent CVE-2022-42889 vulnerability.
• An issue in data collection for the following audit profiles has been fixed.
  • DLP Policy Matches
  • Malware Detections
  • Transport Rule Matches

How to update?

• Update using service pack

Enhancements

• Mail retrieved using Content Search can now be printed or exported and mailed.

Enhancements

• Exchange Online PowerShell Module V2 will be used by default to connect to Exchange Online using modern authentication.
• Upgraded to jQuery 3.5.1 to improve security of M365 Security Plus.

How to update?

• Update using service pack

Highlight

• M365 Security Plus now supports any custom TOTP authenticator for two-factor authentication.

Issues fixed

• The issue of No such user name is configured error occurring when Azure Active Directory synced users configured as technicians in the product tried to log in has been fixed.
• A few issues have been fixed.

How to update?

• Update using service pack

Highlight

• The security of the product has been improved by configuring two-factor authentication for default and Active Directory-based help desk technicians. The following authentication modes are now available to the users:
  • Email Verification
  • Microsoft Authenticator
  • Google Authenticator
  • RSA SecurID
  • Duo Security
  • RADIUS Authentication

Enhancement

• Improved support for Japanese and Chinese languages.
• The Logon Settings have been moved from the Settings tab to the Delegation tab (Delegation > Other Settings > Logon Settings).

Issue fixes

• The issue of missing default monitoring profiles faced by all other technicians when any of the monitoring profiles were edited by someone has been fixed.
• The issue of data the Mail Items Accessed audit action not being fetched has been fixed.

How to update?

• Update using service pack

Issue fixes

• The issue of missing Secret key in Azure AD application during automatic tenant configuration has been fixed.
• The issue of Group criteria filter in Manage Licenses schedule not working for some cases has been fixed.

How to update?

• Update using service pack

Enhancements

• Upgraded the Ember framework version to 2.18 for enhanced GUI performance.
• Improved Japanese and Chinese language support.

Issues Fixed

• Issue of operator being able to read all tenants' (Microsoft 365 account users) email addresses and their names.
• Issue where technician was unable to embed Dashboard without being delegated.
• Some minor bugs have been fixed.

How to update?

• Update using service pack

Issues Fixed

• Issue in removing credentials while disabling authentication from mail server settings.
• Issue in embedding dashboard widget in other web pages.
• Issue in updating Rest API permissions for some customer environments.

How to update?

• Update using service pack

Bug Fixes

• Some minor issues have been fixed.

How to update?

• Update using service pack

Highlights

• Azure AD auditing and alerting: Added seventeen new actions to audit under three new categories, namely Azure AD Policy, Azure AD Device, and Azure AD Directory Management. Twelve new actions have been added under the existing Azure AD User, Azure AD Group, and Azure AD App Administration categories.
• OneDrive for Business auditing and alerting: Added twenty eight new actions to audit under two new categories, namely OneDrive List Activities and OneDrive Site Administration.
• SharePoint Online auditing and alerting: Added three new actions to audit under SharePoint List Activities and SharePoint Site Administration categories.
• New emails alert: Azure China tenants can now set alerts for new emails while configuring content search profiles.

Enhancement

• Enhanced GUI with newly added descriptions for all actions listed in audit and alert profiles.

How to update?

• Update using service pack

Issues fixed

• The error in updating a service account when quotes are used as special characters in the service account password has been fixed.

How to update?

• Update using service pack

Enhancements

• Apply SSL certificate: Administrators can now apply self-signed or CA-signed SSL certificate to enable HTTPS.
• Forced password reset: Admins and technicians will be forced to reset the default password, if it isn't changed.
• Removed Struts framework: Dependency on Struts framework has been removed to enhance product security.

Issue fixes

The following issues have been fixed

• Issue in filtering users based on group membership while creating help desk technicians.
• Minor issues in management and content search modules.
• To prevent the Log4j vulnerability (CVE-2021-44832) we have upgraded Apache Log4j version 2.17.0 to 2.17.1. (Our product is not affected by this vulnerability. We have upgraded to this version as a precautionary measure.)

Other

• As Microsoft has retired support for auditing Microsoft Sway activities, the audit and alert profiles for Microsoft Sway in M365 Manager Plus will no longer be available.
• Due to the deprecation of Get-MailDetailMalwareReport cmdlet, M365 Security Plus now uses Get-MailDetailATPReport cmdlet to generate malware based audit reports.

How to update?

• Update using service pack

Issues fixed

• A few minor issues have been fixed.

How to update?

• Update using service pack

Issue fixed

• To prevent Log4j vulnerability (CVE-2021-45105) we have upgraded Apache Log4j version 2.16 to 2.17.

How to update?

• Update using service pack

Enhancement

• Enhanced support for Japanese and Chinese languages.
• The Exchange Online PowerShell V2 module has been upgraded to the latest version.

Issue fixed

• Email notification failure for monitoring Microsoft 365 services.

Other

• Chances for remote code execution (CVE-2021-44228 and CVE-2021-45046) were identified in applications that use Apache log4j versions above 2.0 and below 2.15.0. To prevent this vulnerability, we have upgraded log4j jar to version 2.16, and have removed the JndiLookup class from log4j jar's classpath.
• The Microsoft Service Health API used to fetch data for monitoring has now been deprecated by Microsoft. M365 Security Plus will now use a new Graph API to fetch details on Microsoft 365 Service Health. Users will have to update REST API permissions in Tenant Settings to ensure proper functioning of the monitoring feature.

How to update?

• Update using service pack

Issue fixes

• A cross-site request forgery (CSRF) vulnerability, reported by Sahil Dhar through our bug bounty program, has been fixed.
• A reflected cross-site scripting (reflected XSS) vulnerability, reported by Sahil Dhar through our bug bounty program, has been fixed.
• An insufficient authorization vulnerability affecting a REST API URL has been fixed. The vulnerability was reported by Sahil Dhar through our bug bounty program.

How to update?

• Update using service pack

Security issue fix

• Authentication bypass leading to arbitrary file-upload remote code execution vulnerability (CVE-2021-42099), reported by moon.

How to update?

• Update using service pack

Enhancement

• Japanese and Chinese language support has been enhanced.

Issue fixes

• An issue in generating data for audit reports when the Callers or Targets filter in an audit profile is applied has been fixed.

How to update?

• Update using service pack

Issue fix

• A post authentication command injection vulnerability (CVE-2021-44650) affecting a REST API URL has been fixed. The vulnerability was reported by Sahil Dhar through our bug bounty program.

How to update?

• Update using service pack

Issue fix

• A minor issue has been fixed.

How to update?

• Update using service pack

Issue fix

• An authentication bypass vulnerability affecting some of the REST API URLs has been fixed.

How to update?

• Update using service pack

Issue fixes

The following issues have been fixed,

• Remote code execution via BCP file overwrite reported by Sahil Dhar through our bug bounty program.
• Error in retrieving data based on space separated values provided for Like constant in some audit and general reports.
• Users without MSOnline module installed in their environment were unable to add technicians in delegation module.
• Incorrect data shown when Recipient Type filter is applied in Manage License module.

How to update?

• Update using service pack

Enhancements

• Service pack files are now secured with digital signature to prevent unauthorized modifications while updating the product.

Issue fixes

• Error in showing Arabic characters in the Mail Subject column of Mail Trace reports.
• Difficulty in loading details about draft messages with empty Sent Date Time field in Content Search module.
• Missing to show the available data in the monitoring module, due to change in service name.
• Issue in managing users based on group membership in License Management scheduler.
• Details of external mails not being included in Mail Trace reports, when the count of unmanaged uses is greater than managed users.
• Inability to create custom views of audit reports with multiple filter settings.

Other

• M365 Security Plus will now use only service account for performing Microsoft 365 activities. Support for using technician credentials has been deprecated.

How to update?

• Update using service pack

Issue fix

• Some minor issues have been fixed.

How to update?

• Update using service pack

Enhancements

• This build features enhanced Japanese language support.

Issue fixes

The following issues have been fixed.

• Failing to gather data for SharePoint List Activities audit reports.
• Inability to enable or disable monitoring profiles.
• Issue in applying filters involving mailbox attributes in Manage License module.

How to update?

• Update using service pack

Enhancement

• The Exchange Online PowerShell V2 module has been upgraded to the latest version.

Issue fixed

• Due to receiving incorrect dates from Microsoft's Unified Audit Log, there has been a random occurrence of incorrect dates in certain audit logs. This issue has been resolved by our product team.

How to update?

• Update using service pack

Issue fix

• Issues faced while applying filters in the Manage License module have been fixed.

How to update?

• Update using service pack

Highlights

• Database backup and restore, and robo update features are now available for MS SQL users.
• Option to backup the database while manually updating M365 Security Plus has been added.

Issue fixes

• The incorrect results issue due to insufficient data while performing mailbox content search has been fixed.
• Issue faced while applying filter based on Extended Properties in Azure AD STS Logon audit profile has been fixed.

How to update?

• Update using service pack

Issues fixed

• The tenant configuration issue that occurred due to the global admin role name change by Microsoft has been fixed.

How to update?

• Update using service pack

Enhancement

• Support for Exchange Online PowerShell V2 module. You will now experience an uninterrupted, longer session duration with the Exchange Online connection.

Issue fixed

• An issue in displaying the geolocation in audit reports when a proxy is configured has been fixed.

How to update?

• Update using service pack

Issues fixed

• Fixed some minor issues in the product.

How to update?

• Update using service pack

Highlight

• New audit reports: Track more events in OneDrive for Business, Microsoft Forms, Power BI, Power Apps, Power Automate and Exchange Online.

Enhancements

• The DOMAIN\username login format will be supported for Active Directory users.
• The existing JRE version in the product has been updated to jre_1_8_0_162 for enhanced security.

Issue fixed

• The issue in fetching data for monitoring while the proxy is configured, has been fixed.

How to update?

• Update using service pack

Issue fixed

• The issue faced while configuring a tenant due to certificate validation has been fixed.

How to update?

• Update using service pack

Enhancement

• The latest build will feature an enhanced Japanese language support.

How to update?

• Update using service pack

Features

• Granular auditing: Perform detailed audits on the various facets of Microsoft 365 services such as admin and user activities, non-owner mailbox access, failed logon attempts, password and license modifications, roles and permission changes, file access, malware detection, and more with extensive reports.
• Custom audit profiles: Carry out efficient compliance management by creating custom audit profiles in line with the compliance requirements of SOX, PCI-DSS, HIPAA, FISMA, and GLBA. You can schedule these reports to be generated periodically and have them mailed to you. The reports can also be exported in various formats such as CSV, XLSX, PDF, and HTML.
• Real-time alerts: Configure alert profiles to receive instant alerts for critical events such as changes in password, malware filters, security settings, role assignments, and more. The alerts will provide detailed information such as the severity of the event, alert trigger, time of occurrence, etc.
• 24x7 monitoring: Ensure around-the-clock monitoring of health and performance of Microsoft 365 services; their features and endpoints. And get instant alerts on service outages with details of the occurred event.
• Advanced content search: Enhance email security with in-depth, condition-based or pattern-based searches to identify emails with personal information such as social security number, login credentials, and more. You can also automate these searches and receive alerts for the same.
• Help desk delegation: Create custom help desk roles and assign non-admin users as technicians without change of roles or permissions in native Microsoft 365. Leverage advanced features such as cross-tenant, domain-based, attribute-level delegation, and more.

How to update?

• Update using service pack