Table of Contents
Microsoft 365 Privacy Messages in Case of Data Compromise
Microsoft posts notifications to the message center in the Microsoft 365 admin center to inform tenant administrators about a variety of different updates made to its service. MC272885 posted on Jul 24, 2021, has the title Attachments for messages with Data Privacy Tag, which might leave you scratching your head to understand what Microsoft means. At first glance, the combination of attachments and messages points to email and tag could mean a sensitivity or retention label. But that’s not what it means.
Reading the detail reveals that Microsoft is introducing a new tag for service update messages. Let’s explore what this means.
Tagging Service Messages
When Microsoft publishes a service update message, it applies tags to help tenant administrators understand the importance and potential impact of the change (Figure 1).
The tags shown in the message center include:
- Admin Impact: The change impacts the management of some aspect of the tenant. For example, a new API is available. MC272885 (described here) is deemed a change with administrator impact.
- Feature Update: Microsoft has changed the way a feature works. For example, MC264095 describes how the default setting for guest access in Teams changes from off to on.
- Major Update: The change described is considered major. For example, the retirement of Skype for Business Online on July 31 (MC266078) is obviously a big change in Office 365. Other updates tagged as major are debatable, but you can consider this tag to be a way for Microsoft to highlight important changes. Note: Unlike the other tags, this tag is marked by setting the IsMajorChange property of a message to $True.
- New Feature: A new feature is on its way for an app. For example, MC230680 describes the introduction of reactions in Teams meetings. Microsoft often misses the date for feature introductions and republishes the update, which is what happened on MC230680 on June 30 when they published new dates for availability of the feature in the GCC and DOD clouds.
- Retirement: Microsoft is removing a feature from the service. Skype for Business Online is an example, so is the final removal of Site mailboxes (MC266256). Not many shed tears when site mailboxes shuffled off into the great byte wastebasket.
- User Impact: Many changes impact users in some way. For example, MC271629 advises administrators that Project Moca is moving its spaces to the OWA calendar.
- Updated Message: This tag does not appear in the Microsoft 365 admin center. It’s used to flag service messages which have been updated since the original publication. This is usually due when Microsoft needs to clarify the meaning of the text.
Many updates have multiple tags. For instance, MC264095 has the major update, feature update, and user impact tags.
Analyzing Service Update Tags
Using the Graph API for Service Communications, we can fetch the messages currently available in the Microsoft 365 admin center to see what tags are in use. As you’ll recall, this API spans both incidents (outages) reported in the admin center and service updates. I took the example script I created for service updates and used some of the code to pull all update messages into an array.
$Uri = "https://graph.microsoft.com/beta/admin/serviceAnnouncement/messages" [array]$Messages = Get-GraphData -AccessToken $Token -Uri $uri
I then used some simple code to analyze the tags placed on each message.
$TagAdmin = 0; $TagUpdate = 0; $TagMajor = 0; $TagNew = 0; $TagRetirement = 0; $TagUser = 0; $TagUpdatedMessage = 0; $TagDataPrivacy = 0
ForEach ($Message in $Messages) {
ForEach ($Tag in $Message.Tags) {
Switch ($Tag)
{
"Admin impact" {$TagAdmin++}
"Feature update" {$TagUpdate++}
"New feature" {$TagNew++}
"Retirement" {$TagRetirement++}
"User impact" {$TagUser++}
"Updated message" {$TagUpdatedMessage++}
"Data privacy" {$TagDataPrivacy++}
} # End Switch
} # End Foreach tag
If ($Message.IsMajorChange -eq $True) {$TagMajor++}
} # End ForEach message
Write-Host "Admin impact messages: " $TagAdmin
Write-Host "Feature update messages:" $TagUpdate
Write-Host "Major update messages: " $TagMajor
Write-Host "New feature messages: " $TagNew
Write-Host "Retirement messages: " $TagRetirement
Write-Host "User impact messages: " $TagUser
Write-Host "Updated messages: " $TagUpdatedMessage
Write-Host "Data privacy messages: " $TagDataPrivacy
Admin impact messages: 165
Feature update messages: 65
Major update messages: 76
New feature messages: 119
Retirement messages: 31
User impact messages: 191
Updated messages: 96
Data privacy messages 0
The total count of messages was 266. You can see that:
- The most popular tag is user impact (191) followed by admin impact (165).
- There’s a surprising number of retirement messages (31).
- Many updates are issued (96).
Your mileage might vary because Microsoft issues service updates to tenants based on the feature set licensed by the tenant.
What’s Changing
Microsoft is introducing a new Data Privacy tag to indicate messages which need administrator attention because they potentially impact sensitive data. The change is due to roll out by the end of July.
Microsoft says that messages might also contain one or more downloadable attachments (if multiple, the attachments are in a zip file) to help administrators “gain additional insight into the described scenario.” For instance, an attachment might be a PowerShell script to report data or users affected by a service update.
Only accounts holding the Global administrator and Privacy reader roles can access the downloadable attachments.
It’s hard to be certain about how Microsoft will use the new Data Privacy tag and what kind of service update messages they will tag. I guess we will see when some messages appear with the tag (none are found in the messages in my tenant) and the kind of attachments available for the messages.
So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across Office 365. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what’s happening.