The following versions of the M365 Apps Deployment Toolkit are currently supported with security updates:

We take the security of the M365 Apps Deployment Toolkit seriously. If you believe you've found a security vulnerability, please follow these steps:

1. Do not disclose the vulnerability publicly or to any third parties.
2. Email your findings to [email protected]. Include as much information as possible:
   • A detailed description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact of the vulnerability
   • Any potential solutions you've identified

After you've submitted a vulnerability report, you can expect:

• Acknowledgment: We will acknowledge receipt of your report within 24-48 hours.
• Verification: Our team will work to verify the issue and may ask for additional information.
• Resolution Planning: For confirmed vulnerabilities, we will develop a plan to address the issue.
• Fix Development: We will work on a fix and test it thoroughly.
• Public Disclosure: Once the vulnerability has been addressed, we may publish details about the vulnerability, giving you credit for the discovery (unless you request anonymity).

• We request a reasonable disclosure period to address vulnerabilities before any public disclosure.
• We will acknowledge your contribution (unless you request anonymity) when we publish information about the vulnerability.

When using the M365 Apps Deployment Toolkit:

1. Always download releases directly from the official GitHub repository.
2. Verify script integrity through the hash values provided with each release.
3. Review the configuration XML files before deployment in your environment.
4. Run the toolkit in a test environment before deploying to production.
5. Ensure you have the necessary permissions to install software in your environment.
6. Keep the toolkit up-to-date by using the latest release.

Thank you for helping keep the M365 Apps Deployment Toolkit and its users safe!