Update

Summary New auto-labeling actions for SharePoint and OneDrive will allow administrators to override or remove existing sensitivity labels automatically. Admins must configure these actions in the Microsoft Purview portal; they are not enabled by default. This change impacts organizations using auto-labeling policies, improving data governance and consistency. Relevant stakeholders should be informed that sensitivity labels …

Summary Microsoft Purview network data security now integrates with Island, enhancing data protection for browser-based workflows. This integration allows for the configuration of DLP policies to inspect data shared with unmanaged cloud apps. It requires admin action to enable; the feature is not activated by default. Existing Purview policies will apply automatically if the integration …

Summary Live transcription capabilities are being added to Microsoft Teams Rooms on Android, providing real-time transcription with speaker attribution and timestamps. Transcripts are displayed on the front-of-room screen. Only organizations with Teams Rooms Pro licenses will receive this feature. Users can start transcription easily from the room console; notifications will inform participants when transcription is …

Summary A new soft purge mitigation action will be added in Data Security Investigations (DSI) for quick removal of sensitive items. Soft purge allows items to be deleted but remain recoverable until the retention period expires. The feature is enabled by default with no need for configuration; existing DLP, labeling, and retention policies remain unchanged. …

Summary Microsoft will retire the Semi-Annual Enterprise Channel installation option for unmanaged devices in April 2026. This change affects admins managing installation options for unmanaged devices and tenants using this channel exclusively. Existing unmanaged devices on this channel will not change until manually updated; however, the channel selection will appear grayed out if switched. Devices …

Summary The Semi-Annual Enterprise Channel option will be retired from the Office Deployment Service. Organizations using the Semi-Annual Enterprise Channel will have this option removed from new deployment configurations, but existing configurations will remain unaffected. Only the Current Channel and Monthly Enterprise Channel will be available for new configurations. No immediate action is required, but …

Summary Windows 2011 Secure Boot certificates will expire, requiring updates to new certificates issued in 2023 for ongoing security. Devices will still function normally but will not receive new boot-level security protections without updated certificates. Intune can be used to manage and deploy Secure Boot certificate updates on Windows clients. Administrators should enable specific settings …

Summary The March 2026 security update is available for all supported Windows versions. It includes quality improvements and enhancements to the servicing stack. New high-confidence device targeting is added for Secure Boot certificate delivery. File Explorer search reliability is improved when searching across multiple drives. A warning dialog is added to confirm the trustworthiness of …

Summary Microsoft 365 Copilot Chat will allow users to draft, edit, and send Outlook emails directly within the chat interface. An embedded Outlook compose form will appear when users request to draft an email. The feature will be enabled by default for all users with eligible licenses. The feature will be available in the Copilot …

Summary A new “Follow” option will be available for meetings in Outlook Mobile, allowing users to stay informed when they cannot attend. The “Follow” option appears in the mobile RSVP menu, while the “Maybe” response moves to an overflow menu. The feature is enabled by default for all tenants, with prompts for organizers to record …

Summary The -Credential parameter will be removed from Connect-ExchangeOnline and Connect-IppsSession cmdlets in Exchange Online PowerShell, affecting automation scripts that use it. Organizations must migrate to supported authentication methods before upgrading to module versions released after the removal. Alternatives include switching to modern authentication with MFA, using app-only authentication for non-Azure automation, or managed identity …

Summary Windows Autopatch will enable hotpatch security updates by default for eligible Intune devices, improving security speed. Devices will receive updates without requiring a restart, securing them faster and saving an average of three to five days. A tenant setting to opt out of hotpatch updates will be available for those not ready for the …

Summary Updates to Microsoft 365 Apps released for Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel. Users on automatic updates from Office CDN will need no action; manual managers can download updates now. Release notes available for detailed information on each channel’s updates. Admin Impact: Medium User Impact: Low Release Start: 10 Mar 2026 …

Summary Private chat will be introduced in Teams Rooms on Windows for organizers, co-organizers, and presenters during structured meetings and webinars. Two chat options will be available: one for private communication among event teams and another for all attendees. Users can switch between the two chat panels using a new dropdown on the chat button. …

Summary Anthropic Claude Sonnet is now available for Microsoft 365 Copilot licensed users, alongside OpenAI models. Users can select Claude Sonnet in the model selector within Copilot Chat. Regions where Anthropic is set to “Off by default” require admin opt-in for model availability. Data protection standards remain unchanged; Anthropic is a Microsoft subprocessor. Users in …

Summary Windows Autopatch will enable hotpatch security updates by default for eligible Intune devices. Hotpatch updates allow devices to be secured faster without waiting for a restart, reducing update delay by three to five days on average. Devices will still require restarts during specified baseline months (January, April, July, and October). Recommended to ensure devices …

Summary Microsoft Agent 365 will be Generally Available (GA) after extensive customer feedback from the Frontier program. Administrator planning or evaluating Agent 365 deployment will be affected. Customers in the Frontier program will maintain access to early features and continue to provide feedback. Trial and paid options for Agent 365 will be made available before …

Summary AI citations analytics will be added to SharePoint for better tracking of document references by Microsoft Copilot and other AI agents. New metrics will include popular content based on citations, total citations for pages, and an AI citations analytics page under Site Usage. No admin action is required for enabling this feature, which will …

Summary Microsoft Entra passkeys will enable phishing-resistant, passwordless sign-in using Windows Hello methods. No impact on organizations unless they opt in to enable passkeys. Users can authenticate on both managed and unmanaged Windows devices through individual passkeys. Each passkey is device-bound and does not sync across devices, requiring separate registration for each account. Existing authentication …

Summary Outlook for iOS and Android will support recommended and automatic sensitivity labels during email composition. Users will be prompted to review suggested labels when sensitive information is detected. Automatic labels will be applied without any action required by the user. The feature is enabled by default for organizations with existing Microsoft Purview sensitivity labeling …

Summary Copilot highlights in Viva Glint will provide AI-generated summaries of employee survey results in supported reports. The feature will automatically appear as a collapsible card at the top of relevant reports, showing key insights and trends. No additional configuration is needed; it will be available when Copilot in Viva Glint is enabled. Users must …

Summary New policy configuration options in Microsoft Purview Data Loss Prevention (DLP) enhance data security for unmanaged cloud apps and Edge for Business. Administrators gain more granular controls, including scoping collection policies by sensitivity labels and defining conditions for DLP policies. Email notifications can be configured to alert users when activities are blocked. Existing policies …

Summary New feature allows switching from offline to online mode in Canvas apps to access Dataverse data. Real-time updates will be available when online mode is enabled. No action is required from users; this message is for awareness. Admin Impact: Low User Impact: High Release Start: 03 Apr 2026 Release End: 03 Apr 2026 Services: …

Summary New feature allows configuration of offline profiles using the FetchXML editor in Power Apps. Direct control over query logic for offline profiles enhances the app-building workflow. Access the FetchXML editor directly within Power Apps Studio for easier customization of data filters. No action required; message is for awareness only. For more details, visit the …

Summary Teams Meeting Recording expiration notification emails will be disabled to reduce notification noise. All Microsoft 365 tenants and users receiving these emails will be affected. Users will no longer receive notifications for recording expirations, but policies regarding recording expiration and deletion remain the same. No action is required from administrators or users; however, optional …

Summary A Data Privacy message is available in Message Center for the organization. Access is limited to Global Administrators or designated Message Center Privacy Readers. Change is categorized under ‘GDPR’ and ‘PreventOrFixIssue.’ The change is of high importance, requiring action to avoid service disruptions. Message Center contains further details to be reviewed by the appropriate …

Summary Windows 365 will enforce stricter endpoint validations for Azure Network Connection health checks. Health check failures will result in an “Error” status, blocking new provisioning attempts until resolved. Acesss to the following endpoints is required: *.service.windows.cloud.microsoft.com, *.windows.cloud.microsoft.com, and *.windows.static.microsoft.com. Review network configurations to ensure these endpoints are accessible through firewalls and security devices. No …

Summary A new Defender XDR Unified RBAC permission allows admins to preview and download email content tied to specific alerts without broad email access. The new permission is called “Emails associated with alerts (read)” and currently applies to alerts for emails reported as malware or phishing. Existing roles and workflows remain unaffected, and admins with …

Summary Update Secure Boot certificates across your organization before June 2026 to avoid potential issues. Participate in a fast-paced walkthrough event for guidance on testing firmware, monitoring device readiness, and deploying updated certificates. Join a Q&A session with the engineering team to address any questions regarding Secure Boot updates. Registration isn’t required, but a Microsoft …

Summary Microsoft Copilot features, including Copilot Chat, will be available in shared and delegated mailboxes in Outlook. Users can interact with Copilot directly while using shared mailboxes without specifying mailbox-specific phrases. Copilot features such as Summarize and Draft will function within shared and delegated mailboxes. Conversation history will be saved to the user’s primary account, …

Summary The Data Security Triage Agent in Microsoft Purview Insider Risk Management is being enhanced for better alert triage and investigation focus. This update prioritizes alerts based on user risk and activity, summarizes behavioral risk patterns, and provides expanded user context. Admins need to enable the Triage Agent; it is not on by default. Organizations …

Summary Phase 2 of always-on diagnostics for Endpoint DLP allows admins to collect diagnostics from Windows endpoints without user interaction. Diagnostic traces can be uploaded directly to Microsoft Support, improving troubleshooting efficiency. Admins must enable the feature; it does not turn on automatically. Existing Endpoint DLP policies remain unchanged. Review and update documentation and processes …

Summary Always-on diagnostics for Endpoint DLP will automatically be enabled for onboarded Windows devices. Diagnostic data will be stored locally on devices for up to 90 days to assist troubleshooting. Admins can opt out of this setting until the change takes effect, and can choose to opt out at any time thereafter. Opting out may …

Summary The AI Administrator role will be updated to support Agent 365, enabling efficient day-to-day agent management without needing Global Administrator involvement for routine actions. AI Administrators will have new permissions to manage agent lifecycles, grant tenant-wide admin consent for most apps and agents, and perform CRUD operations on agents. Administrators can view risky agents …

Summary Users can reserve available rooms directly from the Microsoft Teams Rooms on Windows console without a personal device. The feature supports spontaneous meetings and reduces scheduling conflicts. Admins will control this feature via the Teams Rooms Pro Management portal. No action is required before rollout; users should be informed about the new reservation workflow. …

Summary The People agent in Frontier will be retired, impacting those who manage or use it. Key capabilities will be integrated into M365 Copilot experiences for greater user benefit. No configuration changes are required for admins, and there’s no user action needed. Users can still utilize the People companion app and Copilot for skills discovery …

Summary Users can send locally stored Word, Excel, and PowerPoint files as email attachments in the new Outlook for Windows. This feature eliminates the need to use classic Outlook for Windows for sending local file attachments. The feature is enabled by default, with no changes to existing admin controls or policies. Organizations are encouraged to …

Summary Microsoft Defender for iOS will stop supporting devices running iOS 16. Existing installations on iOS 16 will lose access to new features, security updates, and technical support. New installations on iOS 16 will no longer be available. Full support will continue for devices updated to iOS 17 or later. Organizations should identify iOS 16 …

Summary Introduction of granular restore capabilities in Microsoft 365 Backup for SharePoint and OneDrive. Admins can browse, search, and restore individual files or folders instead of entire sites or drives. Only SharePoint Backup Administrators can perform granular restores for these services. No direct impact on users; restore operations will still be initiated by admins. Review …

Summary Access to Copilot in Word will be unified and streamlined through the introduction of Word Agent in the chat pane as the main interface. Existing Copilot entry points will be replaced with a consistent location for easier access. Contextual entry points will be available based on user actions, depending on the platform being used. …

Summary Introduction of a reimagined SharePoint experience enhancing knowledge discovery, content publishing, and solution building. Microsoft 365 Copilot license required for accessing new AI capabilities. Redesigned SharePoint app bar, with features like Discover, Publish, and Build for improved user experience. Updated page, news, library, and list experiences with enhanced content elevation and neutral theming. No …

Summary SharePoint One-Time Passcode (SPO OTP) authentication will be retired in OneDrive and SharePoint, transitioning to Microsoft Entra B2B for external sharing. Users without a B2B guest account will be denied access to previously shared links after the retirement of SPO OTP. Admins can create guest accounts for external users manually or through file/folder/site sharing …