Sharing information through the Security Update Guide (SUG) is an important part of our ongoing effort to help customers manage security risks and keep systems protected. In January 2022 we introduced Phase One of a new way for customers to receive email notifications about new Microsoft product security content using any email address, not just a Microsoft account, or Live ID as it is sometimes known.
As of June 14, 2022, we have moved into Phase Two and are now sending the monthly Microsoft Security Update Summary and the Microsoft Security Update Revisions notifications through a modern Azure-based service to customers who have created their profile on the SUG. In this phase, we are also still sending text-based notifications in parallel via the Security Notification Service. This will give customers time to create profiles in the SUG and to sign up for the new Azure-based service. We will soon discontinue sending notifications via the legacy Security Notification Service.
Remember, with the new system you can now sign up with any email address, including a group alias, and receive notifications at that email address. This includes corporate addresses, as we have fixed the issue for customers who were unable to create a profile for addresses that use Active Directory. For those who experienced the issue, we apologize for the delay and encourage you to create your profile again. After you create your profile you will receive a verification email to activate the profile, so be sure to respond to the email to complete the process.
Upon creating and verifying your profile, you can manage your settings from within the SUG itself. We encourage you to create your profile and select your notifications preference as soon as possible if you have not already done so.
Your profile on the SUG defines the email address where you wish the notifications to be delivered and the type of notifications you want to receive.
You can create a profile by selecting Sign in at the top right corner of the SUG. Then follow these steps:
- You can see from the option for sign in that you can use any email and password.
- To use your existing Microsoft account (LiveID) or corporate AAD account, select Live, Work, or School Account.
- If you do not have a Microsoft account or corporate AAD account, you can use the sign-in dialog to create either a Microsoft account or a local account:
a. While we no longer require a Microsoft account to receive notifications, it can be preferable to having to enter your username and password each time you sign in. To create a Microsoft account, select Live, Work, or School account. Look next to “No account?” and select Create one!
b. To create a local account in the Sign in dialog, look next to “Don’t have an account?” and select Sign up now to begin creating a local account profile.
- Enter the email you want to use for your profile, then select Send verification code.
You will receive the verification code from the Microsoft Security Response Center. For example,
- Retrieve the email verification code from your email, enter the verification code, and complete the rest of the information to set up your profile.
- Select Continue.
- Now you can sign into the SUG as follows:
• For a Microsoft account, or a work or school account that uses Active Directory, select Live, Work, or School Account.
• For a Gmail account, select Google.
• For any other account, enter your email address and password.
Notifications are sent when information is added or changed in the Security Update Guide. There are two types of notifications – Major Updates and Minor Updates, or revisions. Major revisions include newly published CVEs and existing CVEs that are republished due to a change in software updates in the Security Updates table. These major Revisions are marked with an incremented initial number such as 1.0, 2.0 , etc. Minor revisions are changes to FAQs or Acknowledgements or other information. These types of revisions are marked with an incremented final number such as 1.1, 3.2 , etc.
To sign up for notifications:
- If you have not already signed in, select Sign in at the upper right corner and repeat the steps to sign in depending on your account type. You will know you have successfully signed in when your Profile name is displayed.
- To opt into notifications, select Profile at the upper left.
- Select Edit on the left-hand Email notifications column to choose the type of notifications you would like to receive.
- In the panel that is displayed on the right-hand side, select the types of notifications you want to receive. If you select Major Revisions , you will receive only notifications for major updates. If you select Minor Revisions , you will receive notifications for minor updates. To receive both major and minor revision notifications, select both options. Select Save when you’re finished.
As always, we encourage and appreciate your feedback on the SUG. To submit questions or feedback, please send fill out our feedback form at MSRC Portal Support Form (office.com).