M365 Roundup, April 2021: Teams Meetings Grow Up and Conditional Access Learns Your Location
TL;DR
- In April 2021, Microsoft Teams added webinars with meeting registration on by default, the ability for organizers to lock a meeting, and a digital Meeting ID attendees can use to join.
- Conditional Access gained a new GPS-based Named Location in preview in early May 2021, letting admins allow or deny access using location data shared from Microsoft Authenticator rather than IP address alone.
- The new Exchange admin center reached general availability in April 2021, adding tenant-to-tenant migration and automated G-Suite migration on top of the classic EAC functionality.
- Exchange introduced a new Tenant Allow/Block List policy for spoofing, giving security admins clearer control over cross-org and intra-org spoofed domains and users.
- Free Audio Conferencing licenses remained available through June 30, 2021, extended from the previous March 31 expiry.
April 2021's announcements have a clear center of gravity: Microsoft Teams meetings stopped being a single video room and started behaving like a platform, with webinars, registration, meeting locks, and dial-in Meeting IDs all landing at once. The security news is quieter but sharper, a Conditional Access Named Location that reads GPS instead of IP, and a new Exchange admin center finally reaching GA. Here is the full MSP-relevant list from April, by product.

Microsoft Teams
1. Webinars plus new meeting registration options. When scheduling a meeting, users will see a Webinar option on the Calendar drop-down in Teams desktop and web. Users can add registration for meetings and webinars, for people inside and outside the organization. Registration is on by default for everyone. To view who attended, Microsoft recommends setting the AllowEngagementReport policy to true. Rolling out end of April through end of May.

2. Organizers can lock meetings. Once rolled out, meeting organizers get the option to Lock the meeting. Rolling out mid-May, expected complete by end of May.

3. Join a meeting with a digital Meeting ID. All meetings get a Meeting ID automatically assigned to the Teams user and added to the invite under the meeting link. Attendees can join by entering the Meeting ID. Pre-join, lobby, and security remain the same for all attendees. Rolling out early May, expected complete late May 2021.

4. Free Audio Conferencing for one year. With Audio Conferencing, attendees can join Teams meetings using a global dial-in number, useful for land lines or when someone has no internet. To take advantage, acquire the free licenses and assign them to users: in the Admin center, go to Purchase services > Add-ons and select the free Microsoft 365 Audio Conferencing Adoption Promo. Available now; expires June 30, 2021, extended from the previous March 31, 2021.
5. Custom meeting backgrounds coming to mobile. Users will be able to add backgrounds to meetings and calls on mobile, respecting the same policies as desktop backgrounds. iOS rollout began early April, complete mid-April; Android begins early May, complete mid-May. To prepare, mobile respects the Teams desktop policies via the VideoFiltersMode parameter: edit an existing meeting policy with Set-CsTeamsMeetingPolicy, or create one with New-CsTeamsMeetingPolicy and assign it to users.
6. Set out of office within Teams. End users can create an out-of-office message from within Teams desktop or web. It syncs with the user's Outlook calendar, presence, and contact card information. Rolling out early May, expected complete by end of May.

7. Background noise suppression now on Mac. The AI-based, real-time noise suppression added to the Windows Teams client in November 2020 is coming to Mac. It automatically removes background noise, and users can set the suppression level before a meeting; the setting then applies to the next call. Rolling out late April, expected complete late August.


Microsoft Exchange
1. Request and release workflow for quarantined messages, plus spoof controls. The Spoof intelligence experience is gaining enhancements so security admins can better manage spoofing activity. A new Tenant Allow/Block List policy gives a clearer way to configure domain spoofing for both cross-org (external) and intra-org (internal) messages. Once available, a new Tenant Allow/Block Lists entry appears on the Threat policies page with a Spoofing page where admins manage spoofed domains and users and allow or block them tenant-wide. You need a Security Admin role plus the View-Only Configuration or View-Only Organization Management role. Rolling out to standard release early April, expected complete by end of June.
2. Outlook mobile gains delegate mailbox access. End users will be able to add and remove delegates from within Outlook for iOS and Android, and delegates can access those mailboxes from their mobile app. Rolling out late April, expected complete early May.

3. Reports retiring. The following reports are being retired in the Security and Compliance center: Spam Detection Report, Safe Attachment Message Disposition, Safe Attachment File types, and Malware detected in email. Transition to the Threat protection status report for the new versions. Retiring June 14, 2021.
4. New Exchange admin center reaches general availability. The new EAC is a modern, performant admin portal with most of the classic EAC functionality plus new features like tenant-to-tenant migration and automated G-Suite migration.


Admin and security
Location-based access control via GPS. Admins currently restrict access to sensitive data by IP address, which is less accurate and less reliable than GPS data. Now admins can create Conditional Access policies that allow or deny access using a new type of Named Location based on GPS data. When the policy is enabled, end users share their GPS location from the mobile device running Microsoft Authenticator, which gives a strong indication of the user's actual location at the time. Available in preview starting early May, completing by mid-May.

Microsoft SharePoint
SharePoint site templates. Users can browse, preview, and apply site templates to a new or existing SharePoint site, picking one that fits the site goal while keeping consistency across the organization. They can then review pre-populated content and customize the site. This feature is on by default with no admin control. To apply a template to an existing site, browse the template gallery from Site Settings and choose Apply a site template. For a new site, a first-time site owner may see a prompt asking if they want to use a template, which takes them to the gallery.

Frequently asked questions
How do admins prepare for custom meeting backgrounds on Teams mobile?
Mobile devices respect the same policies as the Teams desktop apps through the VideoFiltersMode parameter. Edit an existing meeting policy with Set-CsTeamsMeetingPolicy, or create a new one with New-CsTeamsMeetingPolicy and assign it to users.
What is the new GPS-based Named Location in Conditional Access?
A new type of Named Location that evaluates GPS data instead of IP address. When a policy using it is enabled, end users share their GPS location from the mobile device running Microsoft Authenticator, giving a more accurate signal of where the user actually is. It entered preview in early May 2021.
Which Security and Compliance center reports are retiring?
The Spam Detection Report, Safe Attachment Message Disposition, Safe Attachment File types, and Malware detected in email, all retiring June 14, 2021. Transition to the Threat protection status report for the new versions.
Reading the changelog is step one. Verifying tenants is step two.
Spoof controls, Conditional Access locations, and admin centers all changed in April 2021, and they have kept changing every month since. CloudCapsule verifies 250+ controls across each tenant you manage in about 60 seconds.
Run a free scan
Written by
Nick Ross
CEO · Microsoft MVP · Founder, T-Minus 365
Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.
Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.
Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.


