ENHANCEMENTS
Enhanced Email Notification System: Smarter, More Personalized Alerts
The Email Notification System has been fully reworked to improve clarity, control, and user experience. Email notifications are now organized into four distinct categories:
Messages – These are secure conversation messages and replies in Trusted Share, including a notification that optionally includes the full conversation history and the ability to reply to a message directly from the notification (Outlook only).
Activities – Trusted Share-related activity alerts, such as file uploads.
Requests & Actions – Notifications that require user action and follow up with updates once actions are completed.
System – Essential alerts required for product functionality.
eShare administrators can now control the generation of email notifications across the entire organization based on the notification type. In the Device Policy section of the Admin Console there is a new section, Email Notification Management, where Messages, Activities, and Requests & Actions notifications can be independently enabled for all users and all Trusted Shares. By default, all notifications are enabled. Note that system notifications are always generated and cannot be controlled by admins.
In the case of Messages, there are two sub-options available.
Full Secure Conversation Notification – When enabled, message notifications include the new message within the context of the full conversation history. Included is the ability to control the message size to ensure email deliverability.
New Reply with Adaptive Card Notification – When enabled, message notifications include a Reply button that allows users to reply to messages directly from their Outlook email client.
Please consult your customer success manager prior to changing default notification settings. This allows admins to fully consider best practices and understand the interaction between these org-wide settings and settings at the share policy and user level.
Email notifications can newly be controlled at the user level via the M365 Trusted Sharing App. The app newly contains a Notification Wizard which allows the user to enable/disable their email notifications based on notification type: Messages, Activities, and Requests & Actions. These user settings are prioritized above the org settings within Device Policy.
Note that regardless of the email notification settings at the org level, via the Admin Console, and the user level, via the M365 Trusted Sharing App, all notifications are viewable by the user within the Cloud Web Portal (Pending Requests menu >> Notifications tab). They are also newly accessible from within the M365 Trusted Sharing App.
Expanded External Sharing: Communication and Classic Sites Now Supported
We’ve enhanced eShare’s external sharing capabilities by providing support for SharePoint Communication and Classic Sites. We previously only supported modern Team Sites. This update allows users to securely share content from Communication and Classic Sites using eShare the M365 Trusted Sharing App, Trusted Sharing Action Menu App and SharePoint Trusted Sharing App. Note that Trusted Sharing via the Cloud Provider page in the Cloud Web Portal is not supported.
Because Communication and Classic Sites do not use Microsoft 365 Groups for permissions, as modern Team Sites do, there are a few differences in how Communication and Classic Sites behave within eShare. For example, Share With Me Links are not available. Please consult your Customer Success Manager to discuss your specific requirements and expectations for Communication and Classic Sites.
BUG FIXES
Iterable IDOR Vulnerability
Fixed a security flaw in the Secure Conversation message composition flow that could expose all users' email addresses due to improper access control validation.
User Pre-Provisioning Script Task ID
Resolved a provisioning issue where the Task ID in the pre-provisioning script failed to execute correctly, impacting automation flows.
PHI Exposure via Jet Authentication
Mitigated a vulnerability where authentication tokens could be exposed, along with an improperly secured guest interface.
Permission Denied on Email View
Corrected an access control bug that caused recipients to receive a "Permission Denied" error when attempting to view secure email messages in their browser.