Microsoft Releases SharePoint Server Subscription Edition 23H2

Microsoft released "feature update" 23H2 for SharePoint Server Subscription Edition (SE) on Tuesday.

Microsoft also highlighted a security change for older SharePoint Server products in its Tuesday announcement. Microsoft is turning on Antimalware Scan Interface (AMSI) protection for all supported SharePoint Server products via "update Tuesday" security patch releases. Tuesday was the release date of security patches for SharePoint Server 2016, SharePoint Server 2019 and SharePoint Server SE, which were delivered via "public updates," this announcement explained.

AMSI Default for SharePoint Server Products
AMSI is getting set as the default configuration for SharePoint Server 2016, SharePoint Server 2019 and SharePoint Server SE. It previously was an optional setting.

The switch is being done to protect customers, although organizations can disable the AMSI scanning if wanted. AMSI will get turned on for SharePoint Server users automatically after this month's security patches are applied (although the Configuration Wizard "or equivalent PowerShell cmdlets" also need to be run).

Additionally, Microsoft buttressed AMSI with a new "health analyzer rule" for SharePoint Server products. This rule actively tests that AMSI is working properly by sending out "simulated web requests." IT pros will get a report in "Central Administration" showing any failures, along with recommended steps.

AMSI works with compatible antimalware solutions to "scan all web requests sent to SharePoint Server," looking for malicious ones, Microsoft explained. It uses antimalware "signatures" to flag these malicious requests, and the signature data get automatically updated, so organizations have some protections even if they neglected to apply a particular security patch.

New Features in SharePoint Server SE
Feature update 23H2 for SharePoint Server SE arrived on Tuesday with Microsoft's security patches. It follows a 23H1 feature update, released back in March.

Feature update 23H2 for SharePoint Server SE is delivering other security and management perks besides turning on AMSI by default.

Microsoft's People Picker, which finds "users and groups in Active Directory forests and domains," now has support for using Secure Lightweight Directory Access Protocol. This change enables "People Picker to use TLS connection encryption to protect LDAP traffic to TCP ports 636 and 3269," the announcement explained.

Also, Microsoft has switched the SharePoint Search Service Application to now crawl using HTTP 1.1 by default, instead of the HTTP 1.0 protocol. While HTTP 1.0 was described by Microsoft as "a valid version of the HTTP protocol," it sometimes gets blocked by organizations. Organizations can use PowerShell to control which version gets used, if wanted.

On the management side, 23H2 for SharePoint Server SE now lets organizations use PowerShell to select release "rings" options for delivering feature updates to SharePoint Server farms. It gives organizations the ability to opt for Early releases or Standard releases (default). "Up until now, organizations could only make this choice through the Feature Release Preference page in SharePoint Central Administration," which was a limitation on those organizations that carry out scripted deployments, Microsoft explained.

Update 23H2 also lets organizations apply custom branding to the "Suite Bar, which is the global navigation bar that provides access to the App Launcher, contextual settings menu, and user welcome control in SharePoint sites." Organizations can now add "custom text, logos, hyperlinks, and color schemes in the Suite Bar" across "all sites within a web application."

Developers also get a perk with this release. Update 23H2 for SharePoint Server SE adds support for "React version 16 and Office UI Fabric React 7" in the SharePoint Framework.

More update 23H2 descriptions can be found in this Microsoft document.

The SharePoint Server SE Update Process
SharePoint Server SE is Microsoft's flagship product now, although SharePoint Server 2016 and SharePoint Server 2019 products are still in use and are supported by Microsoft until July 2026.

The SE product is a different by getting more frequent feature updates than the older server products. SharePoint Server SE feature updates arrive twice per year (in the spring and fall), although Microsoft may add new features to that product on a monthly basis, too.

The monthly feature updates for SharePoint Server SE get released on "update Tuesdays," the second Tuesdays of each month, which is when Microsoft releases security patches for various products. Update Tuesdays also now are occasions when Microsoft may deliver new features to SharePoint Server Subscription Edition, which happens via public update or "cumulative update" releases.

A good recap of Microsoft's update approach for SharePoint Server SE can be found in this article on feature update 23H2 by Stefan Go├čner of Microsoft's SharePoint team.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.