CoreView Release Notes

[SETTINGS] Service account management modes in Admin Read Only

In “Organization Settings > Admin read only”, service account management is now split into “Manual” and “Automatic” modes through a dedicated toggle. “Manual” mode lets Tenant Admins update service account usernames and passwords. “Automatic” mode lets Tenant Admins create or recreate service accounts. The selected mode can be changed at any time after onboarding.

[COREY REPORTING] Tenant configuration alignment reporting

Corey can now return tenant configuration alignment data against the CIS baseline. It reports configuration status, baseline values, current values, deviations, and related compliance context.

[COREY ACTIONS] Remove mailbox forwarding

Tenant Admins can now remove both internal and external mailbox forwarding from one or more email addresses by chatting with Corey.

[COREY UI] CSV and Excel file upload for prompt targets

A new file upload option is available in the Corey prompt box. Users can upload CSV and Excel files by clicking the “+” button or by dragging and dropping a file. Corey validates the file format, reads the uploaded identifiers, and uses them as target inputs for the management action or reporting request specified in the prompt.

ANNOUNCEMENTS

[COREVIEW APP] Per-user MFA property deprecation

The “Per-user MFA” property has been deprecated. The following capabilities are no longer available:

• The “Per-user MFA status” field in reports and User Cards
• The “Manage MFA” management action and workflow action
• The “Users without MFA” and “Admins without MFA” Playbook policies

Automation based on this property no longer works. This includes workflows, custom actions, and custom Playbooks.

[COREVIEW APP] Conditional Access IP update required

Thanks to recent infrastructure optimizations, including the removal of some Windows Machines now that PowerShell 7 is mature enough to handle M365 Modules, we have reduced the number of IPs required by our platform.

Please review the updated IP list and remove any outdated IPs from your Conditional Access policies:

• Guide on how to update the IPs in your Conditional Access policies

[COREVIEW APP] Per-user MFA property deprecation

the “Per-user MFA” property will be deprecated on 26 May 2026. Starting on this date, the following capabilities will no longer be available:

• The “Per-user MFA status” field in reports
• The “Per-user MFA status” field in User Cards
• The “Manage MFA” management and workflow action
• The Playbook policies “Users without MFA” and “Admins without MFA"

Automation that depends on this property will also stop working. This includes workflows, custom actions, and custom Playbooks.

[COREY ACTIONS]

Convert user mailbox to shared mailbox: Corey can now convert an eligible user mailbox to a shared mailbox through chat. It validates the mailbox and asks for confirmation before running the action.

Revoke user sessions: Corey can now revoke active user sessions through chat in both CoreView and Microsoft 365. After confirmation, Corey executes the action directly.

[COREY REPORTING]

In-chat result limit increased to 25: Corey reporting previews shown in chat now return up to 25 results. This change supports quicker investigations without leaving the conversation. This enhancement was inspired by a CoreView customer.

Sorting added to report queries: sorting is now a standard step in Corey’s reporting flow. When supported, Corey builds report queries by selecting columns, applying filters, applying sorting, and then returning results. Requests for top, bottom, largest, smallest, newest, and oldest results are now handled more reliably across supported workloads. This enhancement was inspired by a CoreView customer.

[COREY UI]

Chat management and modal UI updates: chat management in the Corey modal was updated. Users can now favorite chats, access them from a “Favorites” section, and delete chats.

[REPORTS]

Additional columns in App Registrations and Service Principals reports: the “Internal notes” property is now available as a column in the “App registrations” report. The “Note” and “Assignment required” properties are now available as columns in the “Service principals” report. These columns support report visibility and, where applicable, filtering. This enhancement was inspired by a CoreVoice.

ANNOUNCEMENT

[COREVIEW APP]

Per-user MFA property deprecation: the “Per-user MFA” property will be deprecated on 26 May 2026. Starting on this date, the following capabilities will no longer be available:

• The “Per-user MFA status” field in reports
• The “Per-user MFA status” field in User Cards
• The “Manage MFA” management and workflow action
• The Playbook policies “Users without MFA” and “Admins without MFA”

Automation that depends on this property will also stop working. This includes workflows, custom actions, and custom Playbooks.

COREY REPORTING

Additional license reporting sources available in Corey: Corey can now retrieve data from these license reporting areas: License Pool Center: License Costs License Pool Center: Licenses by Tenant Optimization Center: Licenses Optimization Center: Duplicated Plans This update expands Coreys license reporting coverage, adding visibility into license costs, tenant-level license distribution, and duplicated plan data.

PERMISSIONS

Corey controls in Permissions: a new Corey section is available in the Permissions wizard. It contains two separate sections: Reporting and Management. Reporting permissions are read-only. Management includes a tri-state control with Off, Inherited, and Custom options. Tenant Admins can use this control to block Corey management actions, apply existing delegated permissions, or restrict the delegated actions Corey can run.

RECONCILE

Custom alerts for configuration types: custom alerts can now be created at the configuration type level in Reconcile. In the configuration type row, select More > Create custom alerts for all. This creates a separate drift alert for each configuration in the selected category.

REPORTS

Local-time sign-in columns added to Active users and Sign-in events: in the Active users report, the Last Entra logon column has been renamed to Last interactive sign-in. This data comes from Microsoft sign-in data and Microsoft Unified Audit Log data. A new Last interactive sign-in (local time) column has been added. It shows the time in the operators local time zone. This column is updated as soon as a new event is received and processed. As a result, its value may differ from the corresponding value shown in Microsoft 365. In the Sign-in events report, a new Sign-in date time (local time) column has been added. It shows the sign-in time in the operators local time zone.

WORKFLOWS

Scheduled workflow executions now show scheduler identity: a new Scheduled by property has been added to the Overview section of the Execution detail panel. It shows the identity of the operator who scheduled the workflow execution. The existing Executed by property is unchanged. For scheduled executions, it continues to display Platform.

UI

Organization logo upload for light and dark mode: in Settings > My organization , separate logos can now be uploaded for light and dark mode. The Light theme logo is displayed to operators using the platform in light mode. The Dark theme logo is displayed to operators using the platform in dark mode. A preview is shown as soon as a logo is uploaded. If only one logo is uploaded, that logo is used in both light and dark mode. If no logo is uploaded, the default CoreView logotype is displayed.

Tag design consistency across the platform: tag padding and visual styling have been standardized across the platform to improve consistency.

[COREVIEW APP] Per-user MFA property deprecation

the Per-user MFA property, and features based on this property, will be deprecated by the end of May 2026, following Microsoft guidance. Please review any existing automation that uses this property, such as workflows, custom actions, and Playbooks.

[RECONCILE] CIS Microsoft 365 Foundations baseline updated to v6.0.1

the CIS Microsoft 365 Foundations Benchmark v6.0.1 baseline is now available in Reconcile.This baseline reflects the latest CIS benchmark version, published on 2026-02-26.

[SHAREPOINT ITEM-LEVEL] Access and link counters in item-level reports

The "SharePoint item-level" and "Items with unique permissions" reports now include filterable, sortable, and, in some cases, clickable counters for each item's access and sharing footprint. The following counters are available:

• People with permissions
• Groups with permissions
• Shared link count
• Links shared with anyone
• Link shared with external members
• Guests with unique permissions

This feature is available only with the SharePoint item-level add-on.

[SHAREPOINT ITEM-LEVEL] SharePoint Site Drilldowns report

A new "SharePoint site drilldowns" report summarizes site-level unique permissions, external exposure, and storage indicators. It provides one-click drilldowns into the files and folders listed in the "Items with unique permissions" and "SharePoint item level" reports. All indicators can be filtered and sorted to identify higher-risk sites.

This feature is available only with the SharePoint item-level add-on.

[COREY ACTIONS] Remove user from Microsoft 365 group

Corey can now remove a user from a Microsoft 365 group within a single session. This completes the full group member removal flow without requiring the operator to switch context.

[COREY REPORTING] Guest user queries now support active and inactive user details

Corey can now query both active and inactive guest users. Supported results include properties such as creation date, inactivity, department, license assignment, and admin role presence, and more.

[COREY UI] Stop button for response generation

a “Stop” button is now available in the “Ask Corey” chat box while Corey is generating a response. Clicking the button interrupts the current response and returns the chat box to its idle state.

[COREY UI] Configurable display mode and chat history access

Corey can now be opened in three display modes: modal, panel, or browser tab, with side panel set as the default. A different default mode can be selected from the “More” menu item. Chat history is now collapsed by default. Previous conversations can be accessed from the “Chats” menu item.

IN THE SPOTLIGHT

[COREY ACTIONS] Corey can execute license management actions: Corey can now complete the full license-management flow within a single session. Supported actions include:

• Setting or updating a user’s usage location
• Selecting a License Template
• Validating the target License Pool before applying changes
• Assigning or unassigning individual licenses
• Assigning or unassigning service plans within a license
• Removing licenses (previously available).

OTHER IMPROVEMENTS

[COREY REPORTING] Additional license reporting sources available in Corey: Corey can now retrieve data from these license reporting areas:

• License Pool Center: License Costs
• License Pool Center: Licenses by Tenant
• Optimization Center: Licenses
• Optimization Center: Duplicated Plans

This update expands Corey's license reporting coverage, adding visibility into license costs, tenant-level license distribution, and duplicated plan data.

[PERMISSIONS] Corey controls in Permissions: a new Corey section is available in the Permissions wizard. It contains two separate sections: “Reporting” and “Management”.

Reporting permissions are read-only. Management includes a tri-state control with “Off”, “Inherited”, and “Custom” options.

Tenant Admins can use this control to block Corey management actions, apply existing delegated permissions, or restrict the delegated actions Corey can run.

[RECONCILE] Custom alerts for configuration types: custom alerts can now be created at the configuration type level in Reconcile. In the configuration type row, select “More > Create custom alerts for all”. This creates a separate drift alert for each configuration in the selected category.

[REPORTS] Local-time sign-in columns added to Active users and Sign-in events: in the “Active users” report, the “Last Entra logon” column has been renamed to “Last interactive sign-in”. This data comes from Microsoft sign-in data and Microsoft Unified Audit Log data.

A new “Last interactive sign-in (local time)” column has been added. It shows the time in the operator’s local time zone. This column is updated as soon as a new event is received and processed. As a result, its value may differ from the corresponding value shown in Microsoft 365.

In the “Sign-in events” report, a new “Sign-in date time (local time)” column has been added. It shows the sign-in time in the operator’s local time zone.

[WORKFLOWS] Scheduled workflow executions now show scheduler identity: a new “Scheduled by” property has been added to the “Overview” section of the “Execution detail” panel. It shows the identity of the operator who scheduled the workflow execution. The existing “Executed by” property is unchanged. For scheduled executions, it continues to display “Platform”.

[UI] Organization logo upload for light and dark mode: in “Settings > My organization” , separate logos can now be uploaded for light and dark mode.

• The “Light theme logo” is displayed to operators using the platform in light mode.
• The “Dark theme logo” is displayed to operators using the platform in dark mode.

A preview is shown as soon as a logo is uploaded. If only one logo is uploaded, that logo is used in both light and dark mode. If no logo is uploaded, the default CoreView logotype is displayed.

[UI] Tag design consistency across the platform: tag padding and visual styling have been standardized across the platform to improve consistency.

ANNOUNCEMENTS

[COREVIEW APP] Per-user MFA property deprecation: the “Per-user MFA” property, and features based on this property, will be deprecated by the end of May 2026, following Microsoft guidance. Please review any existing automation that uses this property, such as workflows, custom actions, and Playbooks.

[RECONCILE] CIS Microsoft 365 Foundations baseline updated to v6.0.1: the CIS Microsoft 365 Foundations Benchmark v6.0.1 baseline is now available in Reconcile.This baseline reflects the latest CIS benchmark version, published on 2026-02-26.

BETA

[SHAREPOINT ITEM-LEVEL] Access and link counters in item-level reports: the “SharePoint item-level” and “Items with unique permissions” reports now include filterable, sortable, and, in some cases, clickable counters for each item’s access and sharing footprint.

The following counters are available:

• People with permissions
• Groups with permissions
• Shared link count
• Links shared with anyone
• Link shared with external members
• Guests with unique permissions

This feature is available only with the SharePoint item-level add-on.

[SHAREPOINT ITEM-LEVEL] SharePoint Site Drilldowns report: a new “SharePoint site drilldowns” report summarizes site-level unique permissions, external exposure, and storage indicators. It provides one-click drilldowns into the files and folders listed in the “Items with unique permissions” and “SharePoint item level” reports. All indicators can be filtered and sorted to identify higher-risk sites.

This feature is available only with the SharePoint item-level add-on.

SETTINGS

Corey role delegation and scoped access: Tenant Admins can now delegate the Corey role to individual operators and operator groups. When assigned, Corey respects existing delegated permissions. Operator access to data and actions does not extend beyond current scopes. Corey applies the same restrictions already configured: permission-based access to reports, Virtual Tenant scope, and Virtual Tenant–specific roles and permissions.

Corey usage dashboard: a new “Corey usage” dashboard is available under Settings. It provides Tenant Admins with an overview of Corey role assignment and usage, including requests to Corey over time, management actions executed through Corey, and related operator activity. These insights help assess usage patterns and operational value.

[REPORTS] New “Is active 120” license-usage property

A new property, “Is active 120”, is available in the “Active users”, “Optimization Center”, “Users without licenses” and “Disabled licenses for users” reports. It indicates whether a user has used their assigned licenses at least once within the past 120 days.

[SECURITY DASHBOARD] New “Compliance over time” widget and UI updates

A new “Compliance over time” widget in the Security dashboard shows trend data for “Security score”, “Tenant configuration alignment”, and “Resources” over the last 7/30/60/90 days. The “Recommended actions” widget is now split into two tabs, “Configurations” and “Resources”, to support faster filtering.

[V-TENANT RBAC] Prompt to set a default V-Tenant

When an operator has access to at least two Virtual Tenants, CoreView prompts them to select a default Virtual Tenant at sign-in if all of the following are true:

• at least one Virtual Tenant has privileges enabled
• and no default Virtual Tenant is currently set.

After selection, CoreView automatically applies the chosen default Virtual Tenant at each sign-in.

[MANAGEMENT ACTIONS] Restore group membership when restoring users

When a user is removed and later restored, their group memberships are now restored within a few minutes through delta import.

[SETTINGS] Operator group privilege assignment in V-Tenant delegation

an "Is operator group” column has been added to the Virtual Tenant delegation wizard's “Group selection” step. Tenant Admins may select any groups for delegation. V-Tenant privileges are applied to operator groups. For non-operator groups, V-Tenant-specific permissions apply only to users who are operators or later become operators. Non-operator users are not affected. This feature is available for CoreView ONE and for SKUs released from 2025 onward.

[USER REWIND] User Card tracks calendar-sharing permission changes

the “Changes” tab in the User Card records each calendar-sharing event for both the mailbox owner and the mailbox granted access. Logged changes are informational and cannot be reverted. The User Rewind feature is available as an add-on.

[WORKFLOWS] Multi-column custom lists supported in API, CSV import, and reports

when launching a workflow with a multi-column custom list input from a report, CSV import, or API, select the reference-column value from the “Input” dropdown. The backend will retrieve the corresponding values for the remaining columns and populate those fields automatically.

[SYNC] Email notifications for sync completion

you can configure email alerts for sync completion under “Settings > Notification settings” in Configuration Manager. Each email confirms that the sync ran and summarizes the result, including whether any updates were detected, even when no updates are found.

[SETTINGS] Tenant role inheritance toggle for Virtual Tenants

A new “Set V-Tenant specific roles and permissions” toggle is available during Operator creation and Virtual Tenant setup. When enabled, Tenant Admins can restrict the roles and permissions on a Virtual Tenant, choosing from those assigned at the tenant level. When disabled, all current and future tenant-level roles and permissions are inherited by the Virtual Tenant. This update supports the creation of read-only Virtual Tenants by enabling the toggle and deselecting all available roles and permissions.

[USER REWIND] User Card mailbox audit status tracking

The “Changes” tab in the User Card now logs each instance when mailbox audit is enabled or disabled for the mailbox owner. The most recent status change is shown and can be reverted if needed. The User Rewind feature is available as an add-on.

[SETTINGS] Graph Management renamed to App Management

The “Graph management” tab in “Settings > Organization settings” has been renamed to “App management”.

[CUSTOM ACTIONS] Action required: configure Certificate-Based Authentication for PnP SharePoint custom actions

Microsoft is retiring legacy IDCRL authentication for SharePoint. To continue executing custom actions with SharePoint Online via the PnP PowerShell channel in CoreView, you must configure Certificate-Based Authentication (CBA). Update your authentication method to avoid disruption in functionality.

[SETTINGS] Service account password change

Tenant Admins can now update custom service account passwords in CoreView. After resetting the password in the Microsoft 365 admin center, go to “Settings > My organization > Admin read only” and enter the new password for validation. This enhancement was inspired by a customer’s request.

[USER REWIND] Mailbox forwarding change tracking

the “Changes” tab in the User Card now records mailbox forwarding additions and removals. Operators can review forwarding changes on both the initiating user's and the destination mailbox’s User Card. The latest change for each item can be reverted as needed. The User Rewind feature is available as an add-on.

[WORKFLOWS] Stopped Workflow action status displayed in Execution History

when a workflow is terminated using the “Stop” action, the Workflow “Execution detail” tab will now show the execution status as “Stopped”.

Note: The enhancements below are accessible within CoreView’s new user interface.

Teams Voice Workflow action

The action "unassign phone number" is now available as part of workflow. This was previously only available as a management action. When offboarding a user, customers can unassign any phone number the user had assigned to them, avoiding the risk of forgetting and thus preventing the number from being reassigned to other users.

Consent Management

CoreView is enabling the ability for customers to be able to create and use their own services accounts in lieu of using the CoreView generated account. This grants the customer more control over their M365 tenant. In this release, this is being enabled for new accounts when first onboarding a tenant. However, this ability will be extended to existing customers in a future release.

New UX

Optimization Center

The License by user tab is now available. This gives an overview of how your Office 365 licenses are distributed and used by your users. For each user, it identifies the licenses they have been assigned as well as the services that they are using.

Workflow Approvals

The workflow approval page is now available. From this page you can review all your workflow that have an approval step to check their status, and even override the approval to have the workflow progress.

Execute workflow actions

It is now possible to execute workflow directly from the UserCard (UserVoice) and from the following reports -- Disabled licensed users report & User mailbox security report. (UserVoice)