Support
 
PhoneGet Quote
 
Support
 
US Sales: +1 888 720 9500
US Support: +1 844 245 1108
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9890

 
 

M365 Security Plus Release Notes

Release Notes for build 4510 - May 31, 2022

Issue fixes:

  • The issue of missing Secret key in Azure AD application during automatic tenant configuration has been fixed.
  • The issue of Group criteria filter in Manage Licenses schedule not working for some cases has been fixed.

How to update?

Release Notes for build 4509 - May 05, 2022

Enhancements:

  • Upgraded the Ember framework version to 2.18 for enhanced GUI performance.
  • Improved Japanese and Chinese language support.

Issues Fixed:

  • Issue of operator being able to read all tenants' (Microsoft 365 account users) email addresses and their names.
  • Issue where technician was unable to embed Dashboard without being delegated.
  • Some minor bugs have been fixed.

How to update?

Release Notes for build 4508 - Apr 08, 2022

Issues Fixed:

  • Issue in removing credentials while disabling authentication from mail server settings.
  • Issue in embedding dashboard widget in other web pages.
  • Issue in updating Rest API permissions for some customer environments.

How to update?

Release Notes for build 4507 - Mar 26, 2022

Bug Fixes:

  • Some minor issues have been fixed.

How to update?

Release Notes for build 4505 - Mar 21, 2022

Highlights:

  • Azure AD auditing and alerting: Added seventeen new actions to audit under three new categories, namely Azure AD Policy, Azure AD Device, and Azure AD Directory Management. Twelve new actions have been added under the existing Azure AD User, Azure AD Group, and Azure AD App Administration categories.
  • OneDrive for Business auditing and alerting: Added twenty eight new actions to audit under two new categories, namely OneDrive List Activities and OneDrive Site Administration.
  • SharePoint Online auditing and alerting: Added three new actions to audit under SharePoint List Activities and SharePoint Site Administration categories.
  • New emails alert: Azure China tenants can now set alerts for new emails while configuring content search profiles.

Enhancement:

  • Enhanced GUI with newly added descriptions for all actions listed in audit and alert profiles.

How to update?

Release Notes for build 4504 - Feb 23, 2022

Issues fixed:

  • The error in updating a service account when quotes are used as special characters in the service account password has been fixed.

How to update?

Release Notes for build 4503 - Feb 9, 2022

Enhancements:

  • Apply SSL certificate: Administrators can now apply self-signed or CA-signed SSL certificate to enable HTTPS.
  • Forced password reset: Admins and technicians will be forced to reset the default password, if it isn't changed.
  • Removed Struts framework: Dependency on Struts framework has been removed to enhance product security.

Issue fixes:

The following issues have been fixed

  • Issue in filtering users based on group membership while creating help desk technicians.
  • Minor issues in management and content search modules.
  • To prevent the Log4j vulnerability (CVE-2021-44832) we have upgraded Apache Log4j version 2.17.0 to 2.17.1. (Our product is not affected by this vulnerability. We have upgraded to this version as a precautionary measure.)

Other:

  • As Microsoft has retired support for auditing Microsoft Sway activities, the audit and alert profiles for Microsoft Sway in M365 Manager Plus will no longer be available.
  • Due to the deprecation of Get-MailDetailMalwareReport cmdlet, M365 Security Plus now uses Get-MailDetailATPReport cmdlet to generate malware based audit reports.

How to update?

Release Notes for build 4502 - Jan 19, 2022

Issues fixed:

  • A few minor issues have been fixed.

How to update?

Release Notes for build 4500 - Dec 31, 2021

Issue fixed:

  • To prevent Log4j vulnerability (CVE-2021-45105) we have upgraded Apache Log4j version 2.16 to 2.17.

How to update?

Release Notes for build 4425 - Dec 16, 2021

Enhancement:

  • Enhanced support for Japanese and Chinese languages.
  • The Exchange Online PowerShell V2 module has been upgraded to the latest version.

Issue fixed:

  • Email notification failure for monitoring Microsoft 365 services.

Other:

  • Chances for remote code execution (CVE-2021-44228 and CVE-2021-45046) were identified in applications that use Apache log4j versions above 2.0 and below 2.15.0. To prevent this vulnerability, we have upgraded log4j jar to version 2.16, and have removed the JndiLookup class from log4j jar's classpath.
  • The Microsoft Service Health API used to fetch data for monitoring has now been deprecated by Microsoft. M365 Security Plus will now use a new Graph API to fetch details on Microsoft 365 Service Health. Users will have to update REST API permissions in Tenant Settings to ensure proper functioning of the monitoring feature.

How to update?

Release Notes for build 4423 - Oct 21, 2021

Issue fixes:

  • A cross-site request forgery (CSRF) vulnerability, reported by Sahil Dhar through our bug bounty program, has been fixed.
  • A reflected cross-site scripting (reflected XSS) vulnerability, reported by Sahil Dhar through our bug bounty program, has been fixed.
  • An insufficient authorization vulnerability affecting a REST API URL has been fixed. The vulnerability was reported by Sahil Dhar through our bug bounty program.

How to update?

Release Notes for build 4421 - Oct 8, 2021

Security issue fix:

  • Authentication bypass leading to arbitrary file-upload remote code execution vulnerability (CVE-2021-42099), reported by moon.

How to update?

Release Notes for build 4420 - Sep 29, 2021

Enhancement:

  • Japanese and Chinese language support has been enhanced.

Issue fixes:

  • An issue in generating data for audit reports when the Callers or Targets filter in an audit profile is applied has been fixed.

How to update?

Release Notes for build 4419 - Sep 22, 2021

Issue fix:

  • A post authentication command injection vulnerability (CVE-2021-44650) affecting a REST API URL has been fixed. The vulnerability was reported by Sahil Dhar through our bug bounty program.

How to update?

Release Notes for build 4418 - Sep 20, 2021

Issue fix:

  • A minor issue has been fixed.

How to update?

Release Notes for build 4417 - Sep 8, 2021

Issue fix:

  • An authentication bypass vulnerability affecting some of the REST API URLs has been fixed.

How to update?

Release Notes for build 4416 - Sep 6, 2021

Issue fixes:

The following issues have been fixed,

  • Remote code execution via BCP file overwrite reported by Sahil Dhar through our bug bounty program.
  • Error in retrieving data based on space separated values provided for Like constant in some audit and general reports.
  • Users without MSOnline module installed in their environment were unable to add technicians in delegation module.
  • Incorrect data shown when Recipient Type filter is applied in Manage License module.

How to update?

Release Notes for build 4415 - Aug 5, 2021

Enhancements:

  • Service pack files are now secured with digital signature to prevent unauthorized modifications while updating the product.

Issue fixes:

  • Error in showing Arabic characters in the Mail Subject column of Mail Trace reports.
  • Difficulty in loading details about draft messages with empty Sent Date Time field in Content Search module.
  • Missing to show the available data in the monitoring module, due to change in service name.
  • Issue in managing users based on group membership in License Management scheduler.
  • Details of external mails not being included in Mail Trace reports, when the count of unmanaged uses is greater than managed users.
  • Inability to create custom views of audit reports with multiple filter settings.

Other:

  • M365 Security Plus will now use only service account for performing Microsoft 365 activities. Support for using technician credentials has been deprecated.

How to update?

Release Notes for build 4414 - May 12, 2021

Issue fix:

  • Some minor issues have been fixed.

How to update?

Release Notes for build 4413 - May 10, 2021

Enhancements:

  • This build features enhanced Japanese language support.

Issue fixes:

The following issues have been fixed.

  • Failing to gather data for SharePoint List Activities audit reports.
  • Inability to enable or disable monitoring profiles.
  • Issue in applying filters involving mailbox attributes in Manage License module.

How to update?

Release Notes for build 4412 - Mar 29, 2021

Enhancement:

  • The Exchange Online PowerShell V2 module has been upgraded to the latest version.

Issue fixed:

  • Due to receiving incorrect dates from Microsoft's Unified Audit Log, there has been a random occurrence of incorrect dates in certain audit logs. This issue has been resolved by our product team.

How to update?

Release Notes for build 4411 - Mar 15, 2021

Issue fix:

  • Issues faced while applying filters in the Manage License module have been fixed.

How to update?

Release Notes for build 4410 - Mar 5, 2021

Highlights:

  • Database backup and restore, and robo update features are now available for MS SQL users.
  • Option to backup the database while manually updating M365 Security Plus has been added.

Issue fixes:

  • The incorrect results issue due to insufficient data while performing mailbox content search has been fixed.
  • Issue faced while applying filter based on Extended Properties in Azure AD STS Logon audit profile has been fixed.

How to update?

Release Notes for build 4408 - Jan 20, 2021

Issues fixed:

  • The tenant configuration issue that occurred due to the global admin role name change by Microsoft has been fixed.

How to update?

Release Notes for build 4407 - Dec 4, 2020

Enhancement:

  • Support for Exchange Online PowerShell V2 module. You will now experience an uninterrupted, longer session duration with the Exchange Online connection.

Issue fixed:

  • An issue in displaying the geolocation in audit reports when a proxy is configured has been fixed.

How to update?

Release Notes for build 4406 - Nov 12, 2020

Issues fixed:

  • Fixed some minor issues in the product.

How to update?

Release Notes for build 4403 - Oct 12, 2020

Highlight:

  • New audit reports: Track more events in OneDrive for Business, Microsoft Forms, Power BI, Power Apps, Power Automate and Exchange Online.

Enhancements:

  • The DOMAIN\username login format will be supported for Active Directory users.
  • The existing JRE version in the product has been updated to jre_1_8_0_162 for enhanced security.

Issue fixed:

  • The issue in fetching data for monitoring while the proxy is configured, has been fixed.

How to update?

Release Notes for build 4402 - Sep 19, 2020

Issue fixed:

  • The issue faced while configuring a tenant due to certificate validation has been fixed.

How to update?

Release Notes for build 4401 - Sep 1, 2020

Enhancement:

  • The latest build will feature an enhanced Japanese language support.

How to update?

Release Notes for build 4400 - July 14, 2020

Features:

  • Granular auditing: Perform detailed audits on the various facets of Microsoft 365 services such as admin and user activities, non-owner mailbox access, failed logon attempts, password and license modifications, roles and permission changes, file access, malware detection, and more with extensive reports.
  • Custom audit profiles: Carry out efficient compliance management by creating custom audit profiles in line with the compliance requirements of SOX, PCI-DSS, HIPAA, FISMA, and GLBA. You can schedule these reports to be generated periodically and have them mailed to you. The reports can also be exported in various formats such as CSV, XLS, PDF, and HTML.
  • Real-time alerts: Configure alert profiles to receive instant alerts for critical events such as changes in password, malware filters, security settings, role assignments, and more. The alerts will provide detailed information such as the severity of the event, alert trigger, time of occurrence, etc.
  • 24x7 monitoring: Ensure around-the-clock monitoring of health and performance of Microsoft 365 services; their features and endpoints. And get instant alerts on service outages with details of the occurred event.
  • Advanced content search: Enhance email security with in-depth, condition-based or pattern-based searches to identify emails with personal information such as social security number, login credentials, and more. You can also automate these searches and receive alerts for the same.
  • Help desk delegation: Create custom help desk roles and assign non-admin users as technicians without change of roles or permissions in native Microsoft 365. Leverage advanced features such as cross-tenant, domain-based, attribute-level delegation, and more.

How to update?

A Complete Microsoft 365 Security Solution