Improved In-app Group Management UX
The in-app group management interface has been updated, allowing easier navigation between the managed groups and create group view. The left side of the in-app group management view provides a menu to navigate between managed groups, creation of a new MCE/UCMA group (dependant on which engines have in-app group management enabled) and the help page.
Managed groups may also be searched by name and filtered with several parameters, including only UCMA/MCE groups, by group properties, for individual security contexts and leveraging regEx expressions.
Administrators may now leverage the Set-MceGroup cmdlet to manage MCE groups through the MCE Admin PowerShell Module. Administration functionality include group name, description, privacy, members and managers.
More information can be found on the Set-MceGroup command page.
Group History Search improvements
Groups may now leverage more advanced search parameters to search message history. 22.2 brings date range searching and regex filtering to the search history interface, allowing users to search more effectively and accurately.
Allow simultaneous in-app MCE group management and External UCMA group management
Administrators may now configure where users can manage MCE and UCMA groups independently, allowing in-app MCE group management while providing External SfB group management.
In-app MCE group management no longer leverages the group management settings on the MindLink Anywhere tab of the management center. This section is now exclusively leveraged by UCMA, where in-app or external management can be set. (and admins may still opt to disable it here, too)
This section has been renamed in the management center interface accordingly.
MCE Group Management may be enabled with the debug key debug.mce.enableinappmcegroupmanagement, set to true. MCE will only leverage in-app group management.
Simultaneous UCMA and MCE in-app management remain supported, too.
Encryption COI client certificate validation against OCSP on server Added optional configurations to enable OCSP COI certificate checking. This allows the COI public key infrastructure to get verified against revocation lists before being used in the generation of new encryption keys, to guard against the unauthorized access of protected information.
Support specifying multiple COI certificate issuers 22.2.1 allows administrators to configure encrypted systems with multiple COI certificate issuers to ensure COIs with multiple providers can be configured. The debug key debug.encryption.publickeyrepository.cacertificates.thumbprint has been pluralised to allow multiple certificates to be configured.
More information can be found on the 22.2 Encryption Configuration page.
Allow user to hide private chats from LiveStream
Livestream favourites now provides a toggle for IM messages, allowing users to opt out of showing IM messages in their livestream.
Custom Brand Names : Tab Title
The tab title is now separately configurable from the application Brand Name. Administrators may use the debug key web.client.custombranding.tabtitle to specify a different title for the browser tab. The tab title configuration will not change the brand name displayed in-app, on the MLA home page.
New Classification UX
The classification picker has had some minor improvements to the layout. The workflow now leads with building the highest possible classification, allowing additional markings to be specified only if required by the users' initial selection.
After picking the highest classification, the ... icon in the top right of the builder may be selectable, if additional markings are available based on the users selection, which will reveal the additional markings when clicked. This ensures more efficient attribute selection by focusing on the highest classification and following up with additional attributes if required, rather than starting with additional markings that may or may not be leveraged by the subsequently built maximum classification.
Optional Dock User Activity
Added a user preference setting to enable/disable dock user activity. Improved user activity was added in 22.1, enabled for all users, but now offers a user preference to keep it enabled or disable it.
Some refinements to the encryption protocol will mean that existing encryption keys won’t be able to be imported anymore
a. Any existing keys will fail to import
b. Any messages encrypted with existing keys won’t decrypt
c. For cleaner testing of this release, we’d suggest you either start with a new MCE DB instance, or at the very least create some new MCE groups.
d. Note: Now that we’re considering this the production-ready build, this won’t happen anymore with subsequent releases.
COI membership attestation
Encryption Key creation flows now incorporate calls to sign (attest) the encryption key payload, and also verify those payloads by fetching corresponding public keys.
As part of changing the classification UX in this release we’ve had to change the way Highest Possible Classification data (classification tokens) are encoded on groups in the MCE DB.
You may find that after installing 22.2 that the Sync-MceGroupClassification cmdlet will find group classifications that require re-syncing.
Don’t be alarmed, the classification hasn’t changed, and the access control on the group won’t change either. We have simply removed some redundant information that can sometimes be encoded in the classification token, so the cmdlet is registering this as a change. Running the cmdlet will only remove this extra information that wasn’t used in the first place.
It is recommended to first run the cmdlet with the -WhatIf flag to confirm this. If it does find some groups then do run the cmdlet properly to clean up their tokens.
Classification and COI configurations remain active when IM is disabled
Both Classification and COI pages have been set to remain active and configurable if the IM modality is disabled in the management center. This ensures administrators are able to modify their security configuration even in cases where IM is disabled.
Improve Get-MceGroup commandlet output
Improvements have been made to the Get-MceGroup cmdlet results.
Improved styling for last seen info in dock
Some minor improvements have been made to the dock user activity, providing cleaner styling and more efficient spacing of information.
22.2 includes the following improvements:
|Verify certificate chain for each COI certificate to get more immediate feedback about invalid certificates
|Dock : Increase spacing between the name of a group and the time since the last post
|Turn on chat history date range searching for all groups MCE and SfB
|Clarifying dock title depending on whether groups or IMs are disabled
|Improve styling for last seen info in dock
|Clarify UX to indicate "To" date shouldn't be specified without "On/From" date in Encrypted History
|Allow simultaneous SfB external group management and MCE in-app group management
|Allow user activity in the dock to be optional
|Allow user to hide private chats from LiveStream
|Add IsEncrypted to data returned from GetMceGroup cmdlet
|MCE Admin PowerShell
|Show EDH headers for a group retrieved in PS
|MCE Admin PowerShell
|Show more detailed classification information for a group
|MCE Admin PowerShell
|Settings buttons don't have tooltips
|Allow the app title to be different to the product name
|Check whether COI certificate is current before wrapping session key
|Show length of time in presence state in contact list
22.2 includes the following bug fixes:
|SfB-only users can still manage groups in-app when SfB group management is configured to be external
|Catchup cursor is not always removed when explicit subscription is removed
|Some API samples cannot send messages with COIs
|Host InfoService status endpoint can return an OK response before the Host can successfully login an MCE
|Classification enable checkbox is not effectively disabled when IM is disabled
|Moussing over private dock nodes triggers user subscription requests unnecessarily
|Management Center : Trusted Application Server settings are greyed out by default in SfB 2015
|SfB autoprovisioning gets initialized even when effectively disabled
|Group participants list is not scrollable
|Disabling instant messaging in management tool does not remove classifications from group creation capabilities
Audio calling between the MindLink client and the Skype Mobile app is currently not supported