HowTo-Outlook

With a small delay, Microsoft released the May 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This times there are 1 new feature and 4 documented fixes.

• Accessibility Ribbon in Outlook for Windows
  The Accessibility Ribbon brings together in one place all the tools you need to make your emails accessible.
• We fixed an issue that caused users to see the error, “We cannot render Actionable Messages right now” when reading some email messages.
• We fixed an issue where Outlook would close unexpectedly when Microsoft 365 apps in the Navigation Pane were closed.
• We fixed an issue where the application would close unexpectedly when searching using dates.
• We fixed an issue where the links associated with known issues were not shown to customers who were using the Contact Support feature.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2305 (Build 16501.20196).

The May security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 4 security updates for Access (1), Excel (1), Word (1), and Office (1).

In addition, it contains 2 documented non-security fixes related to Outlook Current Version 2304, 5 new features and 12 fixes for Monthly Enterprise Version 2303, 2 fixes for Monthly Enterprise Version 2302, and 2 fixes for Semi-Annual (Preview) Version 2302. Most notable fixes are;

• Version 2304
• We fixed an issue that caused users of the Event-Based feature to be unable to utilize some of the new APIs included in Mailbox Requirement Set 1.13.
• We fixed an issue where drafting a new email and @mentioning an Outlook contact group (a contact group that is created locally) in the email body wouldn’t add the contact group to the ‘To’ field.
• Version 2303
• Get relevant alerts with new Notifications pane
  Don’t let important information get buried in your inbox. The new Notifications pane in Outlook delivers notifications that are relevant to you in the context of your regular email. The pane gives you the ability to customize the types of notifications you wish to receive, including email and document @mentions, travel updates, deliveries, and more.
• Prevent data leaks more easily with the new Sensitivity toolbar
  Sensitivity labels powered by Microsoft Purview Information Protection are now displayed next to the message Subject line, allowing you to easily recognize and adhere to your organization’s policies.
• Disable the Azure Information Protection Add-in by default
  Office apps will now automatically disable the legacy Azure Information Protection add-in and use the built-in sensitivity labels to view and apply labels powered by Microsoft Purview Information Protection.
• We added a registry key that hides the “Try the new Outlook” toggle
• Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General
• Value type: REG_DWORD
• Value name: HideNewOutlookToggle
• Value: 0 (default) – “Try the new Outlook” toggle, if available in selected update channel, is displayed to users.
• Value: 1 – “Try the new Outlook” toggle is hidden.
• Inheritance of attachment labels to email messages
  For email messages with attachments, apply a label that matches the highest classification of those attachments.
• We fixed an issue that caused the Sub-folders search scope to be broken when searching in the Online Archive.
• We fixed an issue where some users may be unable to view or access group email messages and calendars in the Outlook desktop client.
• We fixed an issue that caused Outlook to close unexpectedly when using Loop Components in an email.
• We fixed an issue that caused users with an Outlook.com account in their profile to be prompted for their password and to receive the following error message: “You cannot log in with a personal account. Use your work or school account.”
• Version 2302
• We fixed an issue where the “From” field and Signatures were not working while using Google Workspace Sync for Microsoft Outlook.
• We fixed an issue that caused users to see the message body flash white when closing a message.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2304 (Build 16327.20248)
• Monthly Enterprise
  Version 2303 (Build 16227.20318)
  Version 2302 (Build 16130.20500)
• Semi-Annual Enterprise (Preview)
  Version 2302 (Build 16130.20500)
• Semi-Annual Enterprise
  Version 2208 (Build 15601.20660)
  Version 2202 (Build 14931.21000) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20503)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10398.20008)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

Cumulative Update 13 for Exchange 2019 is now available. With the new release model, it is officially called; The 2023 H1 Cumulative Update (CU) for Exchange Server 2019.

Exchange 2019 CU13 includes the following major changes;

• Enable Modern Auth for pure On-Premises Exchange users
  Support for OAuth 2.0 (also known as Modern authentication) for pure on-premises environments that use Active Directory Federated Services (AD FS) as a security token service (STS).
  To use this feature, you must be using Microsoft Outlook or any other client that supports Modern authentication by using AD FS. Currently, this feature is available only for Outlook on Windows. However, support for modern authentication will be added to other Outlook clients in the future.
  For details see; Enable Modern Auth in Exchange Server on-premises.
• Configuration backup and restore
  Setup now backs up the most common configuration settings and then restores them to the state they were in before Setup was started. Starting with the 2023 H1 CU, Setup preserves about 70 different configuration settings across multiple files.
  For details see; Exchange Server custom configuration preservation

There are 28 additional fixes documented for this release. A few notable ones are;

• KB5026273: Outlook configuration fails in Android or iOS
• KB5026156: Outlook search fails in a shared On-Premises mailbox if the primary user mailbox is migrated to Exchange Online
• KB5026267: OWA stops responding in an Exchange 2019 and 2016 coexistence topology
• KB5026278: Mailbox migration fails after Extended Protection is enabled
• KB5026138: Users receive reminders although the meeting reminder is set to None
• KB5026139: You can’t move the public folder mailbox

This release does not include new updates to the Active Directory Schema for Exchange 2019.

The next planned Cumulative Update for Exchange 2019 is in September 2023.

Exchange 2019: CU13 KB5020999 – Download
View: Blog post of the Exchange Team about CU13 for Exchange Server 2019

Note: Exchange 2016 has reached its Extended Support phase and CU23 was the last CU for it. This means that from now on, it will only receive Security Updates.

Microsoft released the April 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This times there are 2 new features and 5 documented fixes.

• Inheritance of attachment labels to email messages
  For email messages with attachments, apply a label that matches the highest classification of those attachments.
• We added a registry key that hides the “Try the new Outlook” toggle
• Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General
• Value type: REG_DWORD
• Value name: HideNewOutlookToggle
• Value: 0 (default) – “Try the new Outlook” toggle, if available in selected update channel, is displayed to users.
• Value: 1 – “Try the new Outlook” toggle is hidden.
• We fixed an issue with the sensitivity label not being applied to protected messages.
• We fixed an issue where some users may be unable to view or access group email messages and calendars in the Outlook desktop client.
• We fixed an issue where the “From” field and Signatures were not working while using Google Workspace Sync for Microsoft Outlook.
• We fixed an issue where the right side of the email body was cut off when printed and in print preview.
• We fixed an issue where right clicking a folder in Outlook could cause Office applications to close unexpectedly.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2304 (Build 16327.20214).

The March security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 4 security updates for Publisher (2), Word (1), and Office (1).

In addition, it contains 3 documented non-security fixes related to Outlook Current Version 2303 (of which 2 included in last week’s interim update), 2 new features and 13 fixes for Monthly Enterprise Version 2302, and 11 fixes for Semi-Annual (Preview) Version 2302. Most notable fixes are;

• Version 2303
• We fixed an issue that caused some users to see the wrong Data Loss Prevention policy annotations in a multi-account profile.
• We fixed an issue that caused the new labels to fail to appear for some users of the Label Inheritance feature.
• We fixed an issue that caused the Suggested Replies feature to not be disabled when connected experiences are disabled.
• Version 2302
• Org Explorer
  Visualize and explore your company’s internal structure, work teams, and individual roles.
• Assign a sublabel as the default when a parent label is selected
  When using built-in sensitivity labels in Microsoft 365 Apps, admins can specify a sublabel to get applied automatically when a parent label is selected. This takes effect only when users select a parent label manually.
• We fixed an issue that caused the Suggested Replies feature to not be disabled when connected experiences are disabled.
• We fixed an issue that caused the Sub-folders search scope to be broken when searching in the Online Archive.
• We fixed an issue that caused users in Government Community Cloud tenants to be unable to launch To-Do in Outlook.
• We fixed an issue that caused users with an Outlook.com account in their profile to be prompted for their password and to receive the following error message: “You cannot log in with a personal account. Use your work or school account.”

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2303 (Build 16227.20280)
• Monthly Enterprise
  Version 2302 (Build 16130.20394)
  Version 2301 (Build 16026.20274)
• Semi-Annual Enterprise (Preview)
  Version 2302 (Build 16130.20394)
• Semi-Annual Enterprise
  Version 2208 (Build 15601.20626)
  Version 2202 (Build 14931.20964) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20493)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10397.20021)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

Microsoft released the March 2023 feature update of Outlook for Microsoft 365 Apps in the Current Channel.

This times there are 4 new features which all relate to Sensitivity Labels and 7 documented fixes.

• Sensitivity Label scoping between files, emails and meetings
  Office applications can now filter out sensitivity labels based on the document type. For example, Outlook email will no longer show labels that only apply to Word, Excel, and PowerPoint documents.
• Assign a sublabel as the default when a parent label is selected
  When using built-in sensitivity labels in Microsoft 365 Apps, admins can specify a sublabel to get applied automatically when a parent label is selected. This takes effect only when users select a parent label manually.
• Disable the Azure Information Protection Add-in by default
  Office apps will now automatically disable the legacy Azure Information Protection add-in and use the built-in sensitivity labels to view and apply labels powered by Microsoft Purview Information Protection.
• Enhanced discovery of sensitivity labels in Outlook
  Admins can configure sensitivity labels to appear on subject lines when composing e-mails, for enhanced user discovery. The labels icons can also be customized.
• We fixed an issue that caused users to see an empty From field drop down when their profile included an SMTP address with an asterisk in it.
• We fixed an issue that caused users with an Outlook.com account in their profile to be prompted for their password and to receive the following error message: “You cannot log in with a personal account. Use your work or school account.”
• We have resolved an issue affecting users of the Label Inheritance feature, which led to incorrect sensitivity label extraction from unencrypted files when co-authoring was enabled.
• We fixed an issue that caused Outlook to close unexpectedly when using Loop Components in an email.
• We fixed an issue that caused Outlook to close unexpectedly when opening emails with a Data Loss Prevention policy applied.
• We fixed an issue where some settings did not roam between machines when switching to Focused Inbox.
• We fixed an issue that caused the Sub-folders search scope to be broken when searching in the Online Archive.

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook or the Microsoft Store and updates Outlook to: Version 2303 (Build 16227.20212).

The March security and rollup update has been made available for all Click-to-Run installations of Outlook 2016, Outlook 2019, Outlook 2021 and Outlook as part of a Microsoft 365 subscription.

It contains 3 security updates for Excel (2), and Outlook (1). The details about the Outlook vulnerability can be found below;

• CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
  • This vulnerability is currently not publicly disclosed but it is exploited.
  • The exploit for this vulnerability can be triggered automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.
  • The Exploitability Assessment is rated: Exploitation Detected.

Exchange administrators can use this script to analyze whether mailboxes have been targeted by potentially malicious messages.

In addition, it contains 2 documented non-security fixes related to Outlook Current Version 2302, 1 Outlook related new feature in Word and 2 fixes for Monthly Enterprise Version 2301, and 1 fix for Semi-Annual Version 2208.

• Version 2302
• We fixed an issue that caused users in Government Community Cloud tenants to be unable to launch To-Do in Outlook.
• We fixed an issue that caused users to see an inaccurate count of the number of new notifications present when opening the notification pane.
• Version 2301
• Tag your team members with tasks
  Create and assign tasks without leaving Word. Simply add a comment, @mention your team member, press Ctrl + Enter, and check Assign. Your comment becomes a task, and your work is done!
• We fixed an issue that caused the application to close unexpectedly when clicking on non-HTTP links.
• We fixed an issue that caused users to receive an unclear error message when sending an email to a recipient with a very large certificate.
• Version 2208
• We fixed an issue that caused Outlook to close intermittently.

Version 2302 has now also been released to the Semi-Annual Enterprise Channel (Preview) and contains 1 highlighted new feature and 12 fixes which have been made available already to the Current release channel too. The new feature is;

• Find events on your calendar faster than ever
  Improvements to the Calendar search make it faster and easier to find events, such as the next occurrence of a series.

Based on your release channel, you’ll be updated to the following version;

• Microsoft 365 Apps, Outlook 2016 Retail, Outlook 2019 Retail, Outlook 2021 Retail
  Version 2302 (Build 16130.20306)
• Monthly Enterprise
  Version 2301 (Build 16026.20238)
  Version 2212 (Build 15928.20298)
• Semi-Annual Enterprise (Preview)
  Version 2302 (Build 16130.20306)
• Semi-Annual Enterprise
  Version 2208 (Build 15601.20578)
  Version 2202 (Build 14931.20944) 
• Outlook LTSC 2021
  Version 2108 (Build 14332.20481)
• Outlook 2019 Volume Licensed
  Version 1808 (Build 10396.20023)

Note: Depending on your installation type, this update can be installed via the Update Now button in Outlook itself or the Microsoft Store. This update does not apply to msi-based installations of Office 2016.

Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.

The updates fix the following vulnerabilities;

• CVE-2023-21707: Remote Code Execution Vulnerability

The vulnerability isn’t currently publicly disclosed nor exploited. However, it is rated as “Exploitation More Likely” so make sure you update as soon as possible!

In addition, the Exchange Team highlights the fix for Outlook vulnerability CVE-2023-23397, and the availability of a script to analyze whether mailboxes have been targeted by potentially malicious messages.

The updates also contain the following non-security issues;

• You can’t access Toolbox on Exchange after enabling EnableSerializationDataSigning
• EEMS stops responding after TLS endpoint certificate update
• Get-App and GetAppManifests fail and return an exception
• EWS does not respond and returns an exception
• An exception is returned while opening a template in the Exchange Toolbox

View: Exchange Blog: Released: March 2023 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 14, 2023 (KB5024296)

Download: Security Update for Exchange 2019 CU11 and CU12
Download: Security Update for Exchange 2016 CU23
Download: Security Update for Exchange 2013 CU23 (support ends on April 11, 2023)

A Security Update has been released for Outlook 2016. It resolves the following vulnerability;

• CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
  • This vulnerability is currently not publicly disclosed but it is exploited.
  • The exploit for this vulnerability can be triggered automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.
  • The Exploitability Assessment is rated: Exploitation Detected.

Exchange administrators can use this script to analyze whether mailboxes have been targeted by potentially malicious messages.

View: Download information for KB5002254

Note: This update can be installed via Microsoft Update and updates Outlook to version 16.0.5387.1000. This update does not apply to Perpetual (Retail) and Microsoft 365 based installations of Office 2016.

A Security Update has been released for Outlook 2013. It resolves the following vulnerability;

• CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
  • This vulnerability is currently not publicly disclosed but it is exploited.
  • The exploit for this vulnerability can be triggered automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.
  • The Exploitability Assessment is rated: Exploitation Detected.

Exchange administrators can use this script to analyze whether mailboxes have been targeted by potentially malicious messages.

View: Download information for KB5002265

Note: This update can be installed via Microsoft Update or the Update Now button when you are using Office 2013 Click-To-Run and updates Outlook to version 15.0.5537.1000.