The change log contains an overview of the changes we’ve made to the book since its release on July 13, 2020. We normally push content updates once a month; smaller updates and fixes may be pushed at irregular intervals, however.
Content updates are usually delivered some time at the beginning of the month. This may change once in a while if life and/or other elements such as conferences interfere with that schedule.
Current version
We have released several updates since the book released on July 13th, 2020.
The current version of the book is the 2021 Edition, 2021-07 release; published in July, 2021.
Chapter update details for Microsoft 365 Security for IT Pros, 2021 Edition
| Release | Chapter | Update |
| 2020-09 | Intro | Added Foreword by Nicholas DiCola, Group PM Cyber Security at Microsoft. |
| 2020-09 | 1 | Updated information on the Cyber Kill Chain ®, Confidentiality, Integrity, and Availability (CIA) and the Assume Breach-mindset |
| 2020-09 | 2 | Added the following elements/new content to the book: Security Defaults, Terms of Use, How to enable Password Reset with Conditional Access + real-world scenario, using Administrative Units. Fixed some typo’s too. |
| 2020-09 | 3 | Added information on Microsoft Defender ATP for Android, Android Enterprise for corporate-owned devices with a work profile, how conflicts are handled between different (types) of policies (like GPO vs. Intune policies), how to deal with unlicensed administrators, and some information about reporting from Intune. |
| 2020-09 | 4 | The chapter now includes information on EDR in Block Mode, Event tagging in the Device Timeline, new ASR rule(s), Web Content Filtering and Device Value(s). Moved Advanced Hunting information to Chapter 6. |
| 2020-09 | 5 | Fixed an issue with content being duplicated in two placed (copy error). Elaborated on Session Control policies and how the MCAS proxy functionality works. |
| 2020-09 | 6 | Updated chapter with more insights about the use case and value proposition of Microsoft Threat Protection. Added Advanced Hunting information, specific for Microsoft Threat Protection, included cross-workstream hunting. Updated the example to highlight more efficient way of hunting. Updated information about how Microsoft Threat Protection works, and how Incidents should be interpreted as well as handled. Removed stale information with regards to enablement of MTP. |
| 2020-09 | 7 | Updated contents to include the latest version of Office 365 for IT Pros. |
| 2020-11 | 2 | Added info on blocking of legacy authentication protocols and Continuous Access Evaluation. |
| 2020-11 | 3 | Elaborated on device ownership (personal vs. corporate-owned), and what happens upon removal of configuration profiles. |
| 2020-11 | 4 | Brand new chapter on securing email, covering Exchange Online, Exchange Online Protection and more. |
| 2020-11 | 5 | Brand new chapter on Microsoft Defender for Office 365. |
| 2020-11 | 6 | Added information around device groups, RBAC, API permissions and more. |
| 2020-11 | 7 | Added real-world scenario leveraging session policies for Office 365 workload(s). |
| 2020-11 | 8 | Included additional example on advanced hunting scenario. |
| 2020-12 | 2 | Minor updates throughout the chapter. Added information on switching to Azure AD as IdP for WebApps, revised and updated Risk detection types and added reporting. |
| 2020-12 | 3 | Updated content of AD connectivity based on feedback, added information on the concept of a Primary User |
| 2020-12 | 4 | Added Backscatter protection information and updated Anti-spoofing section. Added information on Implicit Authentication. |
| 2020-12 | 5 | Added information on (the preview of) Priority Account Protection |
| 2020-12 | 6 | Included information on Linux EDR, added information for supported platforms for TVM and updated MDE for Android & iOS sections. Included information on tamper protection for Tenant-Attached clients. |
| 2020-12 | 7 | Added information on contextual UI when creating policies. |
| 2021-01 | 1 | Included information regarding the recent Solorigate attack and how it pertains to security in general. |
| 2021-01 | 2 | Added example of integrating LastPass (Enterprise) with Azure AD, and made several other (minor) updates across the chapter. Included a new section on creating an app registration as well. |
| 2021-01 | 3 | Updated information regarding GA of MDE for iOS and Android. |
| 2021-01 | 4 | Included sections on RBAC, Privileged Access Management (for Exchange Online) and TLS for mail encryption (transport security). |
| 2021-01 | 5 | Expanded Threat Explorer Coverage |
| 2021-01 | 6 | Included information on the use of external applications and scripts with Microsoft Defender for Endpoint’s APIs |
| 2021-01 | 7 | Included section on the use of Information Protection with MCAS |
| 2021-01 | 8 | Added (short) section on the benefits of Microsoft 365 Defender with the recent Solorigate attack(s). |
| 2021-01 | 9 | General chapter refresh from Office 365 for IT Pros ebook. |
| 2021-02 | 2 | Added info on Microsoft Enterprise SSO plug-in for Apple Devices along with some minor updates across the chapter. |
| 2021-02 | 3 | Added section on how to deal with unmanaged devices (general approach). |
| 2021-02 | 4 | Updated section on DKIM, added ‘Secure by Default’, Autoforward changes and information on Encryption at rest. |
| 2021-02 | 5 | expanded information on Attack Simulator, Threat Explorer and added information Microsoft Defender for Office 365 evaluation mode. |
| 2021-02 | 6 | included information on the importance of network connectivity (and monitoring thereof) to ensure proper functioning of Microsoft Defender for Endpoint. |
| 2021-02 | 7 | Added real-world scenario on the use of session policies to control activities from unmanaged devices, added section on reviewing alerts through MCAS, updated some screenshots + information about them. |
| 2021-02 | 8 | Made some minor updates across the chapter. |
| 2021-03 | 2 | More information on OAuth and consent control, updated section on implementing SSPR at Windows logon screen. |
| 2021-03 | 3 | Introduction to Microsoft Tunnel and Azure AD App Proxy |
| 2021-03 | 5 | Interface updates, additional information on Attack Simulations, updates for the Defender for Office 365 evaluation mode. |
| 2021-03 | 6 | Updates with regards to the move of the security portal; moved some content over to Chapter 8. Update around EDR for Linux going GA, and updated section on default remediation level(s). |
| 2021-03 | 7 | General interface updates, added some more information on a few policies. |
| 2021-03 | 8 | Included Threat Analytics (moved from Chapter 6), updated entire chapter to reflect the interface updates, added section on hunting with Jupyter Notebooks. |
| 2021-04 | 2 | Added information on Temporary Access pass and SMS-based logon |
| 2021-04 | 3 | Included additional Microsoft Tunnel info and App Protection Policies for Conditional Launch |
| 2021-04 | 4 | Included Tenant Block/Allw List |
| 2021-04 | 5 | Expanded information on email entities page during investigations |
| 2021-04 | 6 | Added information on new TVM tables for Advanced Hunting, rewrote tamper protection part to reflect latest changes. |
| 2021-05 | 2/3 | General Updates throughout the chapter(s) |
| 2021-05 | 5 | Updated the new email entity page, ORCA and Attack Simulator |
| 2021-05 | 6 | New TVM information in hunting tables, rewrote section on tamper protection. |
| 2021-06 | 2 | Updated named locations with GPS information and GUI updates. Added information on device filters (see Chapter 3 as well). |
| 2021-06 | 3 | Windows 10 Quality updates and information on the new filters feature. |
| 2021-06 | 6 | Updates to ASR and TVM sections. |
| 2021-06 | 7 | Added information on Step-up Authentication through a session policy. |
| 2021-07 | all | Minor updates throughout different chapters (images, etc.) |
| 2021-07 | 2 | Updates regarding Defender for Identity |
| 2021-07 | 3 | Updated log analyutics info and information around Endpoint Protection (tags, etc.) |
Fun facts
The following table an overview of the number of updates per chapter to date.
| Ch. 1 | Ch. 2 | Ch. 3 | Ch. 4 |
| 3 | 10 | 10 | 7 |
| Ch. 5 | Ch. 6 | Ch. 7 | Ch. 8 |
| 7 | 9 | 7 | 5 |
| Ch. 9 | |||
| 3 |
