Below are all of the relevant MSP related Microsoft announcements from November.

Microsoft Admin

1. New Commerce Updates

How this will affect your organization

Microsoft will launch introductory promotional pricing for CSP seat-based offers, providing more time for customer transitions to new commerce. Originally scheduled for October 14, 2021, the general availability of this release–when introductory promotional pricing will be available for commercial seat-based offers in new commerce–has been moved to January 2022. This ensures that partners can use the tooling (both in Partner Center and via API) to migrate existing CSP customer subscriptions easily and efficiently to new commerce. This capability is especially important for indirect providers and their downstream indirect resellers who have thousands of subscriptions to migrate.

To accelerate the adoption of the new commerce experience, Microsoft will offer two time-bound promotions beginning in January 2022:

  • The annual term promo gives a 5% discount off the CSP price list amount.
  • The monthly term promo applies the regular annual term price instead of the usual 20% higher price point.

For more info on New Commerce, check out my blog: https://tminus365.com/microsoft-new-commerce-experience-breakdown/

 Click here for the latest MS announcement.

2. New SKU launch: Teams Phone with Calling Plan

How this will affect your organization

  • The Teams Phone SMB (Microsoft 365 Business Voice) bundle and the Enterprise (Teams Calling Essentials) bundle are being consolidated into a new offering named Teams Phone with Calling Plan
  • Will be available for purchase starting January 1, 2022.
  • Business Voice will be phased out on February 28, 2022 (Can renew existing subs till June 22)

This announcement affects only new customers. There’s no action for existing Business Voice customers. They will continue using Business Voice until the date their subscription expires. At the time of renewal, they will be directed to the new Teams Phone with Calling Plan bundle. Alternatively, they can renew their Business Voice subscription until June 30, 2022.

The Teams Phone SMB (Microsoft 365 Business Voice) bundle and the Enterprise (Teams Calling Essentials) bundle are being consolidated into a new offering named Teams Phone with Calling Plan. Starting January 1, 2022, Teams Phone with Calling Plan will be available for purchase. Business Voice will be phased out on February 28, 2022.

For more info on this announcement, click here

3. New SKU launch: Microsoft Defender for Business

How this will affect your organization:

Recently, Microsoft has announced a fork of the Defender for Endpoint offering into two plans. Defender for Endpoint has traditionally been an enterprise grade solution and only included in higher level plans such as E5. Over the past few years Microsoft has made this a standalone offering that could be bolted on to other plans to make it more cost effective. With the fork into the two plans, plan 1 is essentially a lightweight version of the offering. At a high level this plan includes components like Next gen protection and attack surface reduction.

Now Microsoft has also announced that there will be a Microsoft Defender for Business offering that will be included at no additional cost to Microsoft Business Premium ($20/user/month). This is an amazing addition to a sku that is already pretty robust with security offerings

For more information on this announcement, click here.

When this will happen

Early 2022

4. Azure AD Premium 2 free for 2 years

How this will affect your organization

Today we’re announcing a free, 24-month subscription to Azure AD Premium Plan 2 for partners in the CSP program with DAP to customer tenants. Managed service providers can strengthen their security controls by taking advantage of premium security features such as Azure AD Privileged Identity Management (PIM) and risk-based conditional access capabilities, as well as viewing sign-in logs for a longer period at no extra charge.

  • Free subscription good for up to 25 users 
  • Free subscription available until October 2022
  • If you purchase CSP through a distributor, you will not be getting this trial from the distributor. You will get it direct from Microsoft here
5. Introduction of Granular Delegated Admin Privileges (GDAP)

How this will affect your organization

Recently,  Microsoft has announced the introduction of granular delegated admin privileges, or GDAP, coming early 2022. These changes are coming to address supply chain attacks (like Nobelium). Traditionally, both distributors (Microsoft Indirect Providers/CSP Tier 1s) and MSPs (Indirect Resellers) have established Delegated Admin Privileges (DAP) with all downstream customers. This allows distributors to license customer tenants and provide support. It allows you, as the MSP, to provide support and perform day to day management tasks via Partner Center.

The large security concern is that Delegated Admin Privileges (DAP)  give you the keys to the kingdom (aka Global Admin Access) to all downstream customers. That means if you are compromised (or your distributor is compromised), all of your customers might be compromised as well. GDAP is going to help solve for this by providing a model of least privilege for access controls.

I wrote a detailed write-up on this you can check out on my blog: https://tminus365.com/granular-delegated-admin-privileges/

6. Anonymous join policy

This policy will provide administrators more granular control by enabling them to allow specific users, or groups of users to admit anonymous users into meetings they organize.

The new per-organizer policy is controlled using the -AllowAnonymousUsersToJoinMeeting parameter in Set-CsTeamsMeetingPolicy This comes with Teams PowerShell version 2.6.0 and later.

To assist with the transition from the old tenant-wide setting to the new policy, there are two phases to this rollout.

  • Phase 1: The new policy has rolled-out and can be set by administrators. During this phase, the old tenant-wide setting will still exist and can be changed by administrators. Administrators will need to understand how the tenant-wide setting and the policy work together.
  • Phase 2: The old tenant-wide setting will be retired. The new per-organizer policy will fully control anonymous join.

When this will happen

mid-November and expected to complete in late November

7. Microsoft Defender for Office 365: Introducing Built-In-Protection

How this will affect your organization

**Only applicable if you have a Defender for Office 365 subscription (Included in Business Premium)

Introducing a powerful new default security preset called Built-in-Protection in Defender for Office 365. Built-in-Protection is a third preset security policy (like the Standard and Strict preset policies), and is enabled by default for all new and existing customers. It will implement a version of Safe Links and Safe Attachments resulting in low impact on the end-user. It’s low impact as the end user experience will not be changed – URL links will not be wrapped. However, it will implement delivery time file and URL detonation as well as time of click protection.

Built-In-Protection will not impact users who currently have a Safe Links or Safe Attachments policy in place.

Note: For users already covered under the standard or strict preset; or under an explicit custom policy, this new built-in preset will not impact them as this policy has the lowest priority.

Policies will be applied in the following order of precedence:

  1. Strict
  2. Standard
  3. Custom
  4. Built-In-Protection or default

When this will happen

mid-December and complete by late January