Are you keeping up with Microsoft updates? The Microsoft Mondays: Microsoft Service Updates series from Total Solutions is here for your needs, and remember that Total Solutions also provides tailored, expert guidance during our consulting process. We are highlighting a few of the Microsoft announced upcoming updates from February:
- Authenticator number matching to be enabled for all Microsoft Authenticator users (Updated)
- Microsoft Teams: Video Filters in Teams Meetings (Updated)
- Schedule Send Suggestions Available in Microsoft Teams Chat
- “Projects” in Viva Goals is changing to “Initiatives”
- Reminder: Basic Authentication deprecation in Office Apps (Updated)
Keep an eye out for Microsoft Mondays for your Microsoft updates or speak with our technical team for your Microsoft needs.
*Updates posted here originally posted by Microsoft in the Microsoft 365 Message Center
Authenticator number matching to be enabled for all Microsoft Authenticator users (Updated)
***See updated service post from February 16th, 2023 HERE.
[MC468492 · Published Nov 18, 2022 · Last updated Feb 2, 2023]: Updated February 2, 2023: Microsoft Authenticator app’s number matching feature has been Generally Available since Nov 2022! If you have not already leveraged the rollout controls (via Azure Portal Admin UX and MSGraph APIs) to smoothly deploy number matching for users of Microsoft Authenticator, Microsoft highly encourages you to do so. Microsoft will start enabling this critical security feature for all users of the Microsoft Authenticator app beginning February 27, 2023 and remove this feature’s rollout controls after that date.
Please note that Microsoft has changed the expected behavior for NPS extension to be even more admin friendly. NPS versions 1.2.2216.1+ will be released once Microsoft starts to enable number matching for all Authenticator users. These NPS versions will automatically prefer OTP-based sign-ins over traditional push notifications with the Authenticator app. An admin can choose to disable this behavior and fall back to traditional push notifications with Approve/Deny by setting the registry key OVERRIDE_NUMBER_MATCHING_WITH_OTP Value = FALSE. Previous NPS extension versions will not automatically switch Authenticator push notification authentications to OTP based authentications. Please refer to the NPS extension section of the number match documentation for further information.
When this will happen:
Beginning February 27, 2023
How this affects your organization:
To prevent accidental approvals, admins can require users to enter a number displayed on the sign-in screen when approving an MFA request in the Microsoft Authenticator app. This feature is critical to protecting against MFA fatigue attacks which are on the rise.
Another way to reduce accidental approvals is to show users additional context in Authenticator notifications. Admins can now selectively choose to enable the following:
- Application context: Show users which application they are signing into.
- Geographic location context: Show users their sign-in location based on the IP address of the device they are signing into.
Number match behavior in different scenarios after 27-February 2023:
- Authentication flows will require users to do number match when using the Microsoft Authenticator app. If the user is using a version of the Authenticator app that doesn’t support number match, their authentication will fail. Please make sure upgrade to the latest version of Microsoft Authenticator (App Store and Google Play Store) to use it for sign-in.
- Self Service Password Reset (SSPR) and combined registration flows will also require number match when users are using the Microsoft Authenticator app.
- ADFS adapter will require number matching on versions of Windows Server that support number matching. On earlier versions, users will continue to see the “Approve/Deny” experience and won’t see number matching till you upgrade.
- NPS extension versions beginning 1.2.2131.2 will require users to do number matching after 27-February 2023. Because the NPS extension can’t show a number, the user will be asked to enter a One-Time Passcode (OTP). The user must have an OTP authentication method (e.g. Microsoft Authenticator app, software tokens etc.) registered to see this behavior. If the user doesn’t have an OTP method registered, they’ll continue to get the Approve/Deny experience. You can create a registry key that overrides this behavior and prompts users with Approve/Deny. More information can be found in the number matching documentation.
- Apple Watch – Apple Watch will remain unsupported for number matching. Microsoft recommends you uninstall the Microsoft Authenticator Apple Watch app because you have to approve notifications on your phone.
ADMINS – What you can do to prepare:
Microsoft highly recommends that you leverage the rollout controls (via Azure Portal Admin UX and MSGraph APIs) to smoothly deploy these features (number match and additional context) for users of the Microsoft Authenticator app.
Learn more at:
- Number match documentation
- Defend your users from MFA fatigue attacks – Microsoft Community Hub
- Advanced Microsoft Authenticator security features are now generally available! – Microsoft Community Hub
Microsoft Teams: Video Filters in Teams Meetings (Updated)
[MC495330 · Published Jan 7, 2023 · Last updated Feb 2, 2023]: Updated February 2, 2023: Microsoft has updated the timeline below. Thank you for your patience.
Video Filters are a new feature in Microsoft Teams meetings that will allow participants to augment their video stream with visual effects, such as frames and styles. These filters are built on the Teams Platform infrastructure and provided by Microsoft first- and third-party partners as apps and displayed as a collection of filters.
This message is associated with Microsoft 365 Roadmap ID 86811
When this will happen:
- Public Preview: Microsoft will complete rollout in late January 2023.
- Standard Release and GCC: Microsoft will begin rolling out in early March (previously early February) and expect to complete rollout in late May (previously late April).
How this will affect your organization: Users can browse and select video filters from the pre-join screen and in-meeting scenarios. During pre-join, users can access Video filters from the quick tray when they have the camera enabled. After joining a meeting, users will be able to apply effects from the meeting toolbar with the camera fly-out window or navigate all Video filters options on the side pane by clicking the Video effects button under the More menu.
To apply video filters, users will need to give consent to install the apps.
Note: The video filters can be enabled/disabled by app level from the Tenant Admin Center. For EDU tenants, these apps will be turned off by default and can be turned on by individual tenant admins, if required.
ADMINS – What you need to do to prepare:
You may want to consider updating your training and documentation as appropriate.
Schedule Send Suggestions Available in Microsoft Teams Chat
[MC510792 · Published Feb 3, 2023]: When composing a 1:1 message in Teams chat after-hours, users will see schedule send suggestions that enable postponing message delivery until the start of the chat recipient’s working hours. Schedule send suggestions will be available as default on.
- With schedule send suggestions for chat turned on, users with Viva Insights subscriptions can get an unlimited number of scheduling suggestions for postponing message delivery to their coworkers.
- With schedule send suggestions for chat turned off, users will not get any schedule send suggestions.
This message is associated with Microsoft 365 Roadmap ID 98159
When this will happen:
Microsoft will begin rolling out in late February and expect to complete by late March.
How this will affect your organization: Schedule send suggestions help align message delivery with the start of the working hours of the recipients in their respective time zones. They will be automatically displayed during an after-hours message compose to users who are assigned a license with a Microsoft Viva Insights service plan.
Schedule send suggestions will be on by default but can be disabled by admin or users as follows:
- A Global admin, an Exchange Online admin or a user admin role can assign and remove Viva Insights subscription license in the Microsoft 365 admin center. For information on how to assign a license, see Assign licenses to users in Microsoft 365 for business.
- Individuals can also turn schedule send suggestions on or off through their own Teams Settings by selecting or deselecting Schedule message send
ADMINS – What you need to do to prepare:
Review and assess the impact for your organization and you might want to notify your users about this change and update your training and documentation as appropriate. Read more about schedule send suggestions in Teams.
“Projects” in Viva Goals is changing to “Initiatives”
[MC510329 · Published Feb 2, 2023]: To align deeper with the OKR methodology, “Projects” in Viva Goals is renamed to “Initiatives”. In addition to changing the default terminology to Initiatives, Viva Goals will also be introducing the ability for organization admins to customize the term to a term of your choosing.
When this will happen:
Standard Release: Microsoft will begin rolling out mid-February 2023 and expect to complete by late February 2023.
How this will affect your organization:
- This change will not affect existing users and orgs in your tenant.
- Any new organizations will use the term “initiatives”.
- If any org admin needs to customize the term, they can do so in the org admin section.
ADMINS – What you need to do to prepare:
- This change will not affect existing users and orgs in your tenant.
- Any new organizations will use the term “initiatives”.
- If any org admin needs to customize the term, they can do so in the org admin section.
Reminder: Basic Authentication deprecation in Office Apps (Updated)
[MC499030 · Published Jan 19, 2023 · Last updated Feb 9, 2023]: Updated February 9, 2023: Microsoft has updated the timing for this change below. Thank you for your patience.
This is a reminder that Microsoft 365 Apps are disabling server sign-in prompts using Basic authentication in Office Apps (originally communicated in MC454810, November ’22). Microsoft is making this change because basic authentication is a legacy authentication method that sends a username and password with each request. As a result, an attacker can access these credentials and use them to access resources. Continued use of Basic Authentication is a big security concern, so Microsoft has decided to deprecate it from all tenants.
Microsoft will retire this feature in Office Apps version 2301+. Instead, Microsoft recommends moving to a more secure authentication method, preferably Modern Authentication, and enabling multi-factor authentication based on OAuth2.0 token-based auth.
This retirement will not affect Exchange Online and Exchange on-premises. Customers using basic authentication to connect to Exchange on-premises/Exchange Online can continue to use basic authentication without any changes to Exchange.
There is a separate effort to retire Outlook connecting to Exchange Online using Basic Authentication. Please see Exchange Online – September 2022 Update.
Windows files share access is not affected. The underlying authentication layer for file share is NTLM, and there is not change to NTLM. More information is here – Microsoft SMB Protocol Authentication – Win32 apps | Microsoft Learn.
Access to files stored on SharePoint on-premises server that are using basic authentication will be blocked. However, files stored on SharePoint Online, OneDrive for Business are not affected. Customers who currently store files on web servers that use Basic authentication can move those files to SharePoint Online, OneDrive for Business, SharePoint Server on-premises or a more secure authentication protocol as a solution.
When this will happen:
We will be rolling this change beginning late March (previously early February).
How this will affect your organization:
You are receiving this message because your organization may be using basic authentication to access resources.
Once Basic authentication is disabled in your tenant, users with the Office Version 2301 or higher on their devices will not be able to access resources from servers using Basic authentication. After the upgrade, end-users will get a warning message first, and encourage users to move away from basic authentication. Warning message will appear till April 2023.
Microsoft will move to blocking stage in May 2023. From May 2023, if a user tries to open a file stored on a server still using Basic Authentication, Office Client App will block the sign-in prompt and present this pop-up message to the user.
Note: Exchange Online team is working on deprecating Basic Authentication separately, Outlook will continue to support Basic Authentication with Exchange Online till that work is complete. Access to all other resources using Basic Authentication will be blocked in Outlook Version 2301 and higher. Deprecation of Basic authentication in Exchange Online
This is a sample Basic Authentication login window:
ADMINS – What you need to do to prepare:
You should move the servers using Basic authentication to another authentication method.
Please click Additional Information to learn more.
Check out previous Microsoft Updates that Total Solutions has posted here -> Microsoft Updates Archives – Total Solutions Inc.
