Outlook on the web: Update to the location of message compose options

Outlook on the web will update the location of some of the compose options for a message , including the “Send”, “Discard”, and formatting options. This brings the experience in web closer to the classic and new Outlook for Windows.


Microsoft Defender for Office 365:Enforce Authentication to Pass on AntiSpam Allowed Domains

We are strengthening Spoofing protection within Exchange online protection and Microsoft Defender for Office 365 Anti-Spam security policy. It will provide a way to secure your organization against spoofing attacks that may otherwise occur by allowing certain domains and senders.

Applies to:


Legacy TLS reports in Service Trust Portal will be retired before July 31, 2022

The legacy TLS reports, including ‘Monthly Trend of TLS 1.0/1.1 Usage’ and ‘TLS 1.0/1.1 Deprecation Report’ in Service Trust Portal were created to help customers identify clients that are using legacy TLS protocols.

TLS 1.0 and 1.1 have been disabled for most of Microsoft 365 capacities, and the legacy TLS reports became less relevant.


Outlook Mac now supports retention Policy

Use retention policies in Outlook for Mac to apply a policy to your messages in your mailbox. Retention policies define how long your messages will be saved. This update will only work in the new Outlook for Mac.

Note: If your organization is not using Mac OS, you can safely disregard this message.


Add DKIM Domain in Sending Infrastructure for Tenant Allow Block Lists-Spoofing

For Microsoft Defender for Office 365 and Exchange Online Protection, we are adding support for providing “DKIM verified domain” as the “Sending Infrastructure” within Tenant allow-block lists-Spoofing, so that Security Administrators can better manage Anti-Spoofing activity and override it based on Spoof Intelligence. Currently, what is supported in this field is either the domain from DNS PTR record or /24 IP Subnet. Additionally, being able to specify a ‘DKIM verified domain’ will help serve scenarios where shared infrastructure provider services are used for sending emails. Since the DKIM domain is unique to each tenant and if it passes verification even when other authentication signals fail, if desired for legitimate business reasons, a spoofed message can still be allowed instead of being blocked.

This message is associated with Microsoft 365 Roadmap ID 93359


Microsoft Feed on the Outlook Mobile Search Page

Updated June 10, 2022: We have updated this post with additional details for clarity. Thank you for your patience.

The Search Page in Outlook Mobile is being enhanced with a new feed that aims to help users stay on top of things. The feed looks at what is happening in Microsoft 365 and surfaces updates and insights about colleagues, documents, and other artifacts in a vertical feed view, ranked personally for each user. 


Tenant Trusted ARC Sealers for Email Authentication

Authenticated Received Chain (ARC) is an email authentication mechanism that helps preserve authentication results across intermediaries. Email authentication mechanisms like SPF, DKIM, DMARC are used to verify the senders of emails for the safety of mail recipients, but some legitimate services may make changes to the email between the send and receipt. This intervention from legitimate services may accidentally cause the message to fail email authentication at subsequent hops. 

The ARC trusted sealers feature lets admins add trusted intermediaries in the Microsoft 365 Defender portal. This allows Microsoft to honor ARC signatures from your list of trusted intermediaries, to help authenticate the message.


Consistently block delegates or shared mailbox members from accessing protected messages in Outlook

Outlook will provide consistent access control on protected emails (Protected by MIP Sensitivity labels, or RMS protected emails) for Microsoft 365 delegates and shared mailbox members. For delegates or shared mailbox members, when they have full access of the owner’s mailbox but are not allowed to read encrypted email, Outlook will have a new cmdlet setting to block the owner’s protected email access which covers ad-hoc encrypted email as well as email with protected MIP sensitivity labels.

This message is associated with Microsoft 365 Roadmap ID: 88888


Microsoft Defender for Office 365 Preset Security Policies

We are making enhancements to Microsoft Defender for Office 365 preset security policies. It will provide a way to apply the policy to the entire organization and be able to optionally configure a list of custom users and custom domains to protect against impersonation attacks.

Impersonation protection applies to Microsoft Defender for Office 365 Plan 1 and Plan 2 & Microsoft 365 Defender


Microsoft Defender for Office 365: Update to Quarantine notification default subject and review button

We will be updating the default subject within the Quarantine notification email that is sent to users.

When this will happen:


I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.