CoreView Release Notes

[COREY ACTIONS] Convert user mailbox to shared mailbox

Corey can now convert an eligible user mailbox to a shared mailbox through chat. It validates the mailbox and asks for confirmation before running the action.

[COREY ACTIONS] Revoke user sessions

Corey can now revoke active user sessions through chat in both CoreView and Microsoft 365. After confirmation, Corey executes the action directly.

[COREY REPORTING] In-chat result limit increased to 25

Corey reporting previews shown in chat now return up to 25 results. This change supports quicker investigations without leaving the conversation. This enhancement was inspired by a CoreView customer.

[COREY REPORTING] Sorting added to report queries

sorting is now a standard step in Corey’s reporting flow. When supported, Corey builds report queries by selecting columns, applying filters, applying sorting, and then returning results. Requests for top, bottom, largest, smallest, newest, and oldest results are now handled more reliably across supported workloads. This enhancement was inspired by a CoreView customer.

[COREY UI] Chat management and modal UI updates

chat management in the Corey modal was updated. Users can now favorite chats, access them from a “Favorites” section, and delete chats.

[REPORTS] Additional columns in App Registrations and Service Principals reports

the “Internal notes” property is now available as a column in the “App registrations” report. The “Note” and “Assignment required” properties are now available as columns in the “Service principals” report. These columns support report visibility and, where applicable, filtering. This enhancement was inspired by a CoreVoice.

ANNOUNCEMENT

[COREVIEW APP] Per-user MFA property deprecation

the “Per-user MFA” property will be deprecated on 26 May 2026. Starting on this date, the following capabilities will no longer be available:

• The “Per-user MFA status” field in reports
• The “Per-user MFA status” field in User Cards
• The “Manage MFA” management and workflow action
• The Playbook policies “Users without MFA” and “Admins without MFA”

Automation that depends on this property will also stop working. This includes workflows, custom actions, and custom Playbooks.

COREY REPORTING

Additional license reporting sources available in Corey: Corey can now retrieve data from these license reporting areas: License Pool Center: License Costs License Pool Center: Licenses by Tenant Optimization Center: Licenses Optimization Center: Duplicated Plans This update expands Coreys license reporting coverage, adding visibility into license costs, tenant-level license distribution, and duplicated plan data.

PERMISSIONS

Corey controls in Permissions: a new Corey section is available in the Permissions wizard. It contains two separate sections: Reporting and Management. Reporting permissions are read-only. Management includes a tri-state control with Off, Inherited, and Custom options. Tenant Admins can use this control to block Corey management actions, apply existing delegated permissions, or restrict the delegated actions Corey can run.

RECONCILE

Custom alerts for configuration types: custom alerts can now be created at the configuration type level in Reconcile. In the configuration type row, select More > Create custom alerts for all. This creates a separate drift alert for each configuration in the selected category.

REPORTS

Local-time sign-in columns added to Active users and Sign-in events: in the Active users report, the Last Entra logon column has been renamed to Last interactive sign-in. This data comes from Microsoft sign-in data and Microsoft Unified Audit Log data. A new Last interactive sign-in (local time) column has been added. It shows the time in the operators local time zone. This column is updated as soon as a new event is received and processed. As a result, its value may differ from the corresponding value shown in Microsoft 365. In the Sign-in events report, a new Sign-in date time (local time) column has been added. It shows the sign-in time in the operators local time zone.

WORKFLOWS

Scheduled workflow executions now show scheduler identity: a new Scheduled by property has been added to the Overview section of the Execution detail panel. It shows the identity of the operator who scheduled the workflow execution. The existing Executed by property is unchanged. For scheduled executions, it continues to display Platform.

UI

Organization logo upload for light and dark mode: in Settings > My organization , separate logos can now be uploaded for light and dark mode. The Light theme logo is displayed to operators using the platform in light mode. The Dark theme logo is displayed to operators using the platform in dark mode. A preview is shown as soon as a logo is uploaded. If only one logo is uploaded, that logo is used in both light and dark mode. If no logo is uploaded, the default CoreView logotype is displayed.

Tag design consistency across the platform: tag padding and visual styling have been standardized across the platform to improve consistency.

[COREVIEW APP] Per-user MFA property deprecation

the Per-user MFA property, and features based on this property, will be deprecated by the end of May 2026, following Microsoft guidance. Please review any existing automation that uses this property, such as workflows, custom actions, and Playbooks.

[RECONCILE] CIS Microsoft 365 Foundations baseline updated to v6.0.1

the CIS Microsoft 365 Foundations Benchmark v6.0.1 baseline is now available in Reconcile.This baseline reflects the latest CIS benchmark version, published on 2026-02-26.

[SHAREPOINT ITEM-LEVEL] Access and link counters in item-level reports

The "SharePoint item-level" and "Items with unique permissions" reports now include filterable, sortable, and, in some cases, clickable counters for each item's access and sharing footprint. The following counters are available:

• People with permissions
• Groups with permissions
• Shared link count
• Links shared with anyone
• Link shared with external members
• Guests with unique permissions

This feature is available only with the SharePoint item-level add-on.

[SHAREPOINT ITEM-LEVEL] SharePoint Site Drilldowns report

A new "SharePoint site drilldowns" report summarizes site-level unique permissions, external exposure, and storage indicators. It provides one-click drilldowns into the files and folders listed in the "Items with unique permissions" and "SharePoint item level" reports. All indicators can be filtered and sorted to identify higher-risk sites.

This feature is available only with the SharePoint item-level add-on.

[COREY ACTIONS] Remove user from Microsoft 365 group

Corey can now remove a user from a Microsoft 365 group within a single session. This completes the full group member removal flow without requiring the operator to switch context.

[COREY REPORTING] Guest user queries now support active and inactive user details

Corey can now query both active and inactive guest users. Supported results include properties such as creation date, inactivity, department, license assignment, and admin role presence, and more.

[COREY UI] Stop button for response generation

a “Stop” button is now available in the “Ask Corey” chat box while Corey is generating a response. Clicking the button interrupts the current response and returns the chat box to its idle state.

[COREY UI] Configurable display mode and chat history access

Corey can now be opened in three display modes: modal, panel, or browser tab, with side panel set as the default. A different default mode can be selected from the “More” menu item. Chat history is now collapsed by default. Previous conversations can be accessed from the “Chats” menu item.

IN THE SPOTLIGHT

[COREY ACTIONS] Corey can execute license management actions: Corey can now complete the full license-management flow within a single session. Supported actions include:

• Setting or updating a user’s usage location
• Selecting a License Template
• Validating the target License Pool before applying changes
• Assigning or unassigning individual licenses
• Assigning or unassigning service plans within a license
• Removing licenses (previously available).

OTHER IMPROVEMENTS

[COREY REPORTING] Additional license reporting sources available in Corey: Corey can now retrieve data from these license reporting areas:

• License Pool Center: License Costs
• License Pool Center: Licenses by Tenant
• Optimization Center: Licenses
• Optimization Center: Duplicated Plans

This update expands Corey's license reporting coverage, adding visibility into license costs, tenant-level license distribution, and duplicated plan data.

[PERMISSIONS] Corey controls in Permissions: a new Corey section is available in the Permissions wizard. It contains two separate sections: “Reporting” and “Management”.

Reporting permissions are read-only. Management includes a tri-state control with “Off”, “Inherited”, and “Custom” options.

Tenant Admins can use this control to block Corey management actions, apply existing delegated permissions, or restrict the delegated actions Corey can run.

[RECONCILE] Custom alerts for configuration types: custom alerts can now be created at the configuration type level in Reconcile. In the configuration type row, select “More > Create custom alerts for all”. This creates a separate drift alert for each configuration in the selected category.

[REPORTS] Local-time sign-in columns added to Active users and Sign-in events: in the “Active users” report, the “Last Entra logon” column has been renamed to “Last interactive sign-in”. This data comes from Microsoft sign-in data and Microsoft Unified Audit Log data.

A new “Last interactive sign-in (local time)” column has been added. It shows the time in the operator’s local time zone. This column is updated as soon as a new event is received and processed. As a result, its value may differ from the corresponding value shown in Microsoft 365.

In the “Sign-in events” report, a new “Sign-in date time (local time)” column has been added. It shows the sign-in time in the operator’s local time zone.

[WORKFLOWS] Scheduled workflow executions now show scheduler identity: a new “Scheduled by” property has been added to the “Overview” section of the “Execution detail” panel. It shows the identity of the operator who scheduled the workflow execution. The existing “Executed by” property is unchanged. For scheduled executions, it continues to display “Platform”.

[UI] Organization logo upload for light and dark mode: in “Settings > My organization” , separate logos can now be uploaded for light and dark mode.

• The “Light theme logo” is displayed to operators using the platform in light mode.
• The “Dark theme logo” is displayed to operators using the platform in dark mode.

A preview is shown as soon as a logo is uploaded. If only one logo is uploaded, that logo is used in both light and dark mode. If no logo is uploaded, the default CoreView logotype is displayed.

[UI] Tag design consistency across the platform: tag padding and visual styling have been standardized across the platform to improve consistency.

ANNOUNCEMENTS

[COREVIEW APP] Per-user MFA property deprecation: the “Per-user MFA” property, and features based on this property, will be deprecated by the end of May 2026, following Microsoft guidance. Please review any existing automation that uses this property, such as workflows, custom actions, and Playbooks.

[RECONCILE] CIS Microsoft 365 Foundations baseline updated to v6.0.1: the CIS Microsoft 365 Foundations Benchmark v6.0.1 baseline is now available in Reconcile.This baseline reflects the latest CIS benchmark version, published on 2026-02-26.

BETA

[SHAREPOINT ITEM-LEVEL] Access and link counters in item-level reports: the “SharePoint item-level” and “Items with unique permissions” reports now include filterable, sortable, and, in some cases, clickable counters for each item’s access and sharing footprint.

The following counters are available:

• People with permissions
• Groups with permissions
• Shared link count
• Links shared with anyone
• Link shared with external members
• Guests with unique permissions

This feature is available only with the SharePoint item-level add-on.

[SHAREPOINT ITEM-LEVEL] SharePoint Site Drilldowns report: a new “SharePoint site drilldowns” report summarizes site-level unique permissions, external exposure, and storage indicators. It provides one-click drilldowns into the files and folders listed in the “Items with unique permissions” and “SharePoint item level” reports. All indicators can be filtered and sorted to identify higher-risk sites.

This feature is available only with the SharePoint item-level add-on.

SETTINGS

Corey role delegation and scoped access: Tenant Admins can now delegate the Corey role to individual operators and operator groups. When assigned, Corey respects existing delegated permissions. Operator access to data and actions does not extend beyond current scopes. Corey applies the same restrictions already configured: permission-based access to reports, Virtual Tenant scope, and Virtual Tenant–specific roles and permissions.

Corey usage dashboard: a new “Corey usage” dashboard is available under Settings. It provides Tenant Admins with an overview of Corey role assignment and usage, including requests to Corey over time, management actions executed through Corey, and related operator activity. These insights help assess usage patterns and operational value.

[REPORTS] New “Is active 120” license-usage property

A new property, “Is active 120”, is available in the “Active users”, “Optimization Center”, “Users without licenses” and “Disabled licenses for users” reports. It indicates whether a user has used their assigned licenses at least once within the past 120 days.

[SECURITY DASHBOARD] New “Compliance over time” widget and UI updates

A new “Compliance over time” widget in the Security dashboard shows trend data for “Security score”, “Tenant configuration alignment”, and “Resources” over the last 7/30/60/90 days. The “Recommended actions” widget is now split into two tabs, “Configurations” and “Resources”, to support faster filtering.

[V-TENANT RBAC] Prompt to set a default V-Tenant

When an operator has access to at least two Virtual Tenants, CoreView prompts them to select a default Virtual Tenant at sign-in if all of the following are true:

• at least one Virtual Tenant has privileges enabled
• and no default Virtual Tenant is currently set.

After selection, CoreView automatically applies the chosen default Virtual Tenant at each sign-in.

[MANAGEMENT ACTIONS] Restore group membership when restoring users

When a user is removed and later restored, their group memberships are now restored within a few minutes through delta import.

[SETTINGS] Operator group privilege assignment in V-Tenant delegation

an "Is operator group” column has been added to the Virtual Tenant delegation wizard's “Group selection” step. Tenant Admins may select any groups for delegation. V-Tenant privileges are applied to operator groups. For non-operator groups, V-Tenant-specific permissions apply only to users who are operators or later become operators. Non-operator users are not affected. This feature is available for CoreView ONE and for SKUs released from 2025 onward.

[USER REWIND] User Card tracks calendar-sharing permission changes

the “Changes” tab in the User Card records each calendar-sharing event for both the mailbox owner and the mailbox granted access. Logged changes are informational and cannot be reverted. The User Rewind feature is available as an add-on.

[WORKFLOWS] Multi-column custom lists supported in API, CSV import, and reports

when launching a workflow with a multi-column custom list input from a report, CSV import, or API, select the reference-column value from the “Input” dropdown. The backend will retrieve the corresponding values for the remaining columns and populate those fields automatically.

[SYNC] Email notifications for sync completion

you can configure email alerts for sync completion under “Settings > Notification settings” in Configuration Manager. Each email confirms that the sync ran and summarizes the result, including whether any updates were detected, even when no updates are found.

[SETTINGS] Tenant role inheritance toggle for Virtual Tenants

A new “Set V-Tenant specific roles and permissions” toggle is available during Operator creation and Virtual Tenant setup. When enabled, Tenant Admins can restrict the roles and permissions on a Virtual Tenant, choosing from those assigned at the tenant level. When disabled, all current and future tenant-level roles and permissions are inherited by the Virtual Tenant. This update supports the creation of read-only Virtual Tenants by enabling the toggle and deselecting all available roles and permissions.

[USER REWIND] User Card mailbox audit status tracking

The “Changes” tab in the User Card now logs each instance when mailbox audit is enabled or disabled for the mailbox owner. The most recent status change is shown and can be reverted if needed. The User Rewind feature is available as an add-on.

[SETTINGS] Graph Management renamed to App Management

The “Graph management” tab in “Settings > Organization settings” has been renamed to “App management”.

[CUSTOM ACTIONS] Action required: configure Certificate-Based Authentication for PnP SharePoint custom actions

Microsoft is retiring legacy IDCRL authentication for SharePoint. To continue executing custom actions with SharePoint Online via the PnP PowerShell channel in CoreView, you must configure Certificate-Based Authentication (CBA). Update your authentication method to avoid disruption in functionality.

[SETTINGS] Service account password change

Tenant Admins can now update custom service account passwords in CoreView. After resetting the password in the Microsoft 365 admin center, go to “Settings > My organization > Admin read only” and enter the new password for validation. This enhancement was inspired by a customer’s request.

[USER REWIND] Mailbox forwarding change tracking

the “Changes” tab in the User Card now records mailbox forwarding additions and removals. Operators can review forwarding changes on both the initiating user's and the destination mailbox’s User Card. The latest change for each item can be reverted as needed. The User Rewind feature is available as an add-on.

[WORKFLOWS] Stopped Workflow action status displayed in Execution History

when a workflow is terminated using the “Stop” action, the Workflow “Execution detail” tab will now show the execution status as “Stopped”.

Note: The enhancements below are accessible within CoreView’s new user interface.

Teams Voice Workflow action

The action "unassign phone number" is now available as part of workflow. This was previously only available as a management action. When offboarding a user, customers can unassign any phone number the user had assigned to them, avoiding the risk of forgetting and thus preventing the number from being reassigned to other users.

Consent Management

CoreView is enabling the ability for customers to be able to create and use their own services accounts in lieu of using the CoreView generated account. This grants the customer more control over their M365 tenant. In this release, this is being enabled for new accounts when first onboarding a tenant. However, this ability will be extended to existing customers in a future release.

New UX

Optimization Center

The License by user tab is now available. This gives an overview of how your Office 365 licenses are distributed and used by your users. For each user, it identifies the licenses they have been assigned as well as the services that they are using.

Workflow Approvals

The workflow approval page is now available. From this page you can review all your workflow that have an approval step to check their status, and even override the approval to have the workflow progress.

Execute workflow actions

It is now possible to execute workflow directly from the UserCard (UserVoice) and from the following reports -- Disabled licensed users report & User mailbox security report. (UserVoice)

DASHBOARDS

Security dashboard home page: Tenant Admins who haven’t set a custom home page will now be directed to the Security dashboard when logging in. The Security dashboard delivers a focused, business-level summary of your Microsoft 365 tenant’s security posture, risk, and compliance status. To set a different home page, follow the Default homepage guide. This feature is exclusively available within the CoreView ONE bundle.

OPERATORS

“Set default V-Tenant” placement updated in operator wizard: the option to set a default Virtual Tenant during operator or operator group creation now appears in the “Virtual Tenant privileges” step. After assigning at least one V-Tenant-specific role or permission, the wizard displays a “Default virtual tenant” radio button, enabling selection of a single default V-Tenant for the operator.

RECONCILE

Custom alert creation for configuration changes: you can now create and manage custom email alerts for specific configuration changes. In Reconcile, use the “Create custom alert” action next to any configuration to define the alert name and select recipients. When the configuration is modified, recipients receive an email notification summarizing the change. All custom alerts are accessible for review, editing, or deletion in the new “Custom alerts” section under Sync settings. This feature is exclusively available within the Configuration Manager SaaS solution.

REPORTS

Support all SMTP recipient types in scheduled and emailed reports: you can now select any SMTP address as a recipient for scheduled and emailed reports, including distribution groups, mail-enabled security groups, and Microsoft 365 groups. Note: groups must permit senders from outside their organization to receive these emails. This enhancement was inspired by a CoreVoice idea.

Filtering by UPN in “Authorized users” column: the “Authorized users” column in both “Auto attendants” and “Call queues” reports now supports direct filtering by User Principal Name. This enhancement was inspired by a CoreVoice idea.

RECONCILE, DASHBOARDS

Support for CIS M365 Foundations 6.0.0 baseline: the “CIS M365 Foundations 6.0.0” baseline is now available for tenant comparison on the Reconcile page in Configuration Manager, allowing you to directly assess your tenant’s configuration against the latest CIS Microsoft 365 security standards. The Tenant configuration alignment report in the CoreView Security dashboard now evaluates compliance with the “CIS M365 Foundations 6.0.0” baseline. This feature is available within both the self-hosted and SaaS Configuration Manager solutions.

November 25 enhancements

IN THE SPOTLIGHT

• [DASHBOARDS] Security dashboard: the Security dashboard, available to Tenant Admins, provides a focused, business-level summary of your Microsoft 365 tenant’s security posture, risk, and compliance status. The dashboard is designed to support leadership in assessing security and delegating actions, without requiring them to perform technical tasks. This feature is exclusively available within the CoreView ONE bundle.

• [DASHBOARDS] Identity Risk dashboard: the Identity Risk dashboard provides a daily snapshot of user risk within your Microsoft 365 tenant, with historical trend tracking. By evaluating both attack surface exposure and breach probability, the dashboard identifies users categorized as critical or warning risks, presenting a detailed breakdown of the factors influencing each user’s risk score. This feature is exclusively available within the CoreView ONE bundle.

• [USER TEMPLATES] Assign template to user: the “Assign template to user” management action enables the assignment of one or more user templates to an individual user, or a single template to multiple users who do not yet have a template assigned. During the assignment process, you can review each relevant user property and choose to retain the user's existing value and/or apply the value from the selected template. This feature is exclusively available within the CoreView ONE solution.

• [REPORTS] Tenant Configuration Alignment report: the “Tenant configuration alignment” CoreView report allows you to compare tenant settings against the CIS v5.0.0 security baseline. This report provides a clear assessment of configuration status, highlighting configurations that are aligned, deviating, or missing relative to best practices. Marking a conflicting configuration as accepted in Reconcile will categorize it as an “Accepted deviation” in the report’s insight widget. This feature is exclusively available within the CoreView ONE bundle.

OTHER IMPROVEMENTS

• [OPERATORS] V-Tenant role assignment in operator wizard: Tenant Admins can now define roles and permissions at the Virtual Tenant level when creating or editing individual operators and operator groups.

• [PERMISSIONS] Delegation of Configuration Manager workloads to operators: Tenant Admins can now delegate access to specific Configuration Manager workloads when creating or editing Permission Sets. The “Configuration Manager” section in the Permission Set wizard enables assignment of operator access by workload. Once assigned, the operator can access these workloads across all their assigned tenants. This feature is exclusively available within the CoreView ONE bundle.

• [USER REWIND] Mailbox change tracking: the “Changes” tab in the User Card now displays changes related to personal mailbox settings. Operators can review change details and revert the most recent update for each item as needed. The User Rewind feature is available as an add-on.

ANNOUNCEMENTS

• [EXCHANGE] Improved performance of Exchange mailbox actions: average execution time of Exchange mailbox actions has been reduced from 1 minute 20 seconds to 20 seconds. Ongoing optimizations are in place to further reduce processing times in future updates.

November 11 enhancements

IN THE SPOTLIGHT

• [COREVIEW APP] Redesign of “Privileges” section: the Privileges area, previously known as Global Filter, has been redesigned for improved clarity and usability. It now displays distinct subsections such as roles, permissions, Number Pools, License Pools, and Virtual Tenants, enabling operators to access their assigned segments and narrow their operational scope through direct selection.

• [SETTINGS] V-Tenant-level role and permission assignment: Tenant Admins can now assign specific roles and permissions at the Virtual Tenant level, choosing from any subset of an operator’s tenant-level rights. This capability is available under Settings via the management actions to Create/Edit Virtual Tenants.

OTHER IMPROVEMENTS

• [MY PROFILE] Revamp of “My Profile”: the operator profile now features four clear sections: Personal Info: update details and language/regional settings. Roles: view all assigned and inherited roles. Default settings: select the default homepage and Virtual Tenant, based on allowed permissions (if included in your solution). Privileges: see a grouped summary of your access rights. This redesign simplifies account management and improves visibility into your permissions.

• [MY PROFILE] UK English regional setting: a new "English – UK" regional setting is available in “My profile”. Selecting this option configures the application’s date-picker and all relevant areas to display dates in the UK format (DD/MM/YYYY). Additional regional settings are also supported, with date formatting automatically adjusting based on the selected region.

• [SETTINGS] “Create operator” wizard redesign: the processes for creating and editing individual operators and operator groups are now unified under a single “Create new” button in Settings > Operators. The updated wizard guides users through sequential steps for entering personal information, assigning roles and permissions, and configuring Virtual Tenants, License Pools, and Number Pools as applicable. Tenant Admins will be able to access the same wizard from their “My profile” section.

• [SETTINGS] Configuration Manager consents: a new "Configuration management" section has been added to CoreView’s Organization Settings. This section provides a dedicated interface to view and update permissions for the Configuration Manager app. When new permissions are required, a banner will appear at the top of the CoreView platform, directing you to this section to review and grant consent. This feature is exclusively available within the Configuration Manager SaaS solution.

• [ACCESS REVIEW] V-Tenant scope for Manual reviews: Tenant Admins and Access Review Admins can now assign Manual Access Review tasks with reviewer scope limited to a designated Virtual Tenant. Previously, reviewer scoping by Virtual Tenant was available only for Dynamic Access Reviews.