quotas were only displayed for the tenant. Quota usage now displayed per
organization
Added public folders to organization home screen
Added Lync to organization home screen
Added the ability to hide the theme and locale. This can be hidden by adding
the element <HideThemeAndLocale>true</HideThemeAndLocale> to the file
SiteSettings.config
Add the element ExcludedRolesToLogin tp the SiteSettings.config and specify
comma separate which roles are not allowed to login to the panel. e.g.:
<ExcludedRolesToLogin>Administrator,Reseller</ExcludedRolesToLogin>
By doing this you can eliminate the attack surface by publishing the portal
twice. One for the organization administrators and an internal one for the
adminsitrators and reseller admins
All authentication related cookies tagged as httpOnly
web.config: enabledVersionHeader=false
autocomplete disabled
Login url injection redirection fixed
session hijacking implemented
Dont forget to apply ssl to your website with https and to set the requireSSL="false" to true
