Skip to Content

Summary Microsoft is updating backend Exchange support for the Microsoft Teams mobile calendar experience. Organizations using Exchange Web Services (EWS) application access policies may need to adjust allow/block lists so Teams mobile can continue accessing calendar data. Admins managing Exchange Online and Teams calendar access should review tenant-level and mailbox-level EWS configuration before the change …

Read More about MC1422057: Update Exchange Web Services (EWS) allow list configuration for calendar

Summary Microsoft Entra ID is retiring Custom Controls in Conditional Access and moving organizations to External MFA, a standards-based way to use third-party MFA providers. Organizations that use Custom Controls will need to migrate affected Conditional Access policies to External MFA before the retirement deadline. Administrators should review Conditional Access policies, configure the third-party MFA …

Read More about MC1422061: Retirement of Custom Controls in Conditional Access and migration to External MFA

Summary Microsoft 365 Copilot will support OpenAI-operated models as a new subprocessor option, including GPT-5.6, giving tenants access to newer AI model capabilities. A new admin setting in the Microsoft 365 admin center lets eligible tenants enable or disable access to these OpenAI-operated models. The setting is initially disabled for tenants, but if admins take …

Read More about MC1422074: OpenAI models will soon be available as a subprocessor in Microsoft 365 Copilot

Summary The static Dynamics 365 ERP Model Context Protocol (MCP) server (Preview) will be retired and replaced by the new Dynamics 365 ERP MCP server. This change affects Dynamics 365 finance and operations app integrations that use MCP-based agents, Copilot experiences, or other connected workflows. The new dynamic MCP server is available in Dynamics 365 …

Read More about MC1420830 Finance and operations apps: End of support for static Dynamics 365 ERP Model Context Protocol (MCP) server (Preview)

Summary Microsoft Defender for Cloud Apps file policies are being retired, and DLP file policies configured there will no longer be supported or enforced after the retirement date. Organizations using these policies should migrate any policies they want to keep into Microsoft Purview to preserve DLP coverage and administration. SharePoint and OneDrive file DLP capabilities …

Read More about MC1417993: File policies in Microsoft Defender for Cloud Apps are retiring

Summary Windows 365 User settings are being retired in favor of a unified Cloud PC Settings experience in Microsoft Intune. Admins managing Windows 365 Cloud PCs must move configurations for BCDR and local administrator controls into Cloud PC Settings. Existing User settings policies will not migrate automatically, so current assignments and settings need to be …

Read More about MC1418556: Windows 365 User settings transition to the new settings framework

Summary: Microsoft is retiring the EWS-based controls used to enable or disable Personal Bookings (Bookings with me) in Microsoft Bookings. After the change, Personal Bookings access will be controlled only through the OWA Mailbox Policy assigned to each user. Organizations that currently manage this setting with Exchange Online organization-wide EWS settings or per-user CAS mailbox …

Read More about MC1418559 Action required: Retirement of EWS-based Personal Bookings controls (Microsoft Bookings)

Summary Microsoft Purview is enforcing the existing one-capturing-group limit for regular expressions used in custom Sensitive Information Types (SITs). Admins who create or update custom SITs in Purview may see creation or validation failures if a regex contains more than one capturing group. The enforcement applies in both the Purview portal and the related PowerShell …

Read More about MC1413309: Microsoft Purview enforcing one capturing group limit for custom sensitive information types

Summary Microsoft Defender will remove the standalone AIR investigation experience and stop allowing manual triggering of automated investigation and response. AIR capabilities remain built into always-on Microsoft Defender antivirus protection, so detection and response continue automatically by default. Security admins and teams using Microsoft Defender for Endpoint or Microsoft Defender XDR should update any playbooks, …

Read More about MC1411577 Microsoft Defender: Automated investigation and response (AIR) integrated into antivirus with manual triggering removed

Summary SharePoint Online Remote Event Receivers (RERs) are being retired as part of Microsoft’s modernization of SharePoint extensibility and the Azure ACS retirement. Solutions using RERs registered with Microsoft Entra applications will continue to work only until the retirement cutoff, after which all RER-based event handling stops. Organizations using SharePoint customizations, workflows, or third-party products …

Read More about MC1411726: Remote Event Receivers in SharePoint Online will be retired

Summary Exchange Online moderation approvals are moving away from legacy Outlook voting buttons to Actionable Messages adaptive cards. This affects organizations that use Exchange Online message moderation, especially moderators and tenants still using the legacy approval experience. Moderators will need supported Microsoft 365 mailboxes and clients that can receive Actionable Messages; shared mailboxes are not …

Read More about MC1405503 Exchange Online moderation approvals: legacy voting buttons support ends July 31, 2026

Summary Excel Power Query is changing its authentication flow for connections to enterprise data sources that use Organizational Accounts (Microsoft Entra ID). The change affects users running Excel 2021 version 21.08 or older unsupported Excel/Office versions. Affected Power Query connectors include common sources such as SharePoint, SQL Server, Exchange, Power BI, Dataverse, and Azure data …

Read More about MC1403409: Required update for organizational authentication in Excel Power Query (Entra ID)

Summary Microsoft is retiring the Calendar widget in Student Hub; existing widgets will stop working after the end-of-support date and new ones cannot be added. This affects organizations using Student Hub, especially admins who manage Student Hub configurations and the educators, students, and support teams who rely on the widget. There is no direct replacement …

Read More about MC1401297: Calendar widget in Student Hub retiring in July 2026

Summary Microsoft is retiring the legacy Turnitin Similarity integration in Microsoft Teams Assignments and steering customers to Turnitin Feedback Studio for Microsoft Teams. The change affects institutions that currently use Turnitin inside Teams Assignments, especially educators and admins who manage assignment workflows. Teams Assignments workflows that depend on the legacy Similarity integration will stop working …

Read More about MC1401298: Retirement of Turnitin Similarity integration in Microsoft Teams Assignments

Summary Microsoft is retiring the WebRTC-based Teams VDI optimization on Windows endpoints and replacing it with a new VDI optimization aligned to the native Teams desktop media engine. The change affects Windows-based VDI users on Azure Virtual Desktop, Windows 365, and Citrix CVAD/DaaS, including both published desktops and published apps. Admins should verify the new …

Read More about MC1401296 Microsoft Teams VDI: Retirement of WebRTC optimization and transition to new optimization (Windows endpoints)

Summary Microsoft is retiring Restricted SharePoint Search (RSS) in SharePoint Online and recommends moving to Restricted Content Discovery (RCD) or other governance controls. The change affects organizations currently using RSS in Worldwide, GCC, GCC High, and DoD tenants, especially SharePoint and Microsoft 365 admins responsible for search visibility and content governance. Microsoft will not automatically …

Read More about MC1395311: Retirement of Restricted SharePoint Search

Summary Microsoft 365 Copilot Cowork is moving to general availability worldwide, while Frontier remains the early-access channel for new capabilities. Frontier Cowork is changing to usage-based billing, with a grace period for existing users and required billing setup to keep access after the grace period ends. Admins need to configure pay-as-you-go billing and review spending …

Read More about MC1393468 Cowork in Frontier: New Value + Usage-based Billing

Summary Copilot Cowork is now generally available worldwide for eligible users, with a new experience that adds multi-model capabilities, plugins, updated skill management/navigation, Microsoft Purview integration, and branded templates/image creation. Access is limited to users with a Microsoft 365 Copilot license and requires usage-based billing through Copilot Credits; without billing enabled, users cannot use Cowork. …

Read More about MC1393471: Copilot Cowork generally available today

Summary Microsoft Teams is adding new admin controls for governing how applications and agents access meeting transcripts through the Microsoft Graph API. The controls apply to transcripts with and without speaker attribution, giving admins more granular control over transcript data access. Tenant administrators managing Teams and Graph API permissions are affected, especially where apps or …

Read More about MC1393806: Graph API transcript access controls for administrators

Summary Microsoft is retiring support for Microsoft Defender for Endpoint on Amazon Linux 2 (ARM64); devices running AL2 on AMD64/x86_64 are not affected. The last supported MDE agent for AL2 (ARM64) is version 101.25122.0004; later Defender releases will not install on that architecture. Admins must identify devices running Amazon Linux 2 (ARM64), prevent upgrades beyond …

Read More about MC1392568: Microsoft Defender for Endpoint: Support for Amazon Linux 2 (ARM64) retiring October 31, 2026

Summary The OneDrive (Consumer) connector used in Power Platform (flows, apps, and agents) is being deprecated and will be removed; OneDrive for Business connector is not affected. After the deprecation starts, new flows/apps/agents will no longer be able to use the consumer connector; existing items must be reviewed and migrated before retirement. IT must inventory …

Read More about MC1392593: Information regarding the retirement of the OneDrive (Consumer) Connector

Summary File-level archiving for Microsoft 365 Archive will be turned on by default for tenants that already have Microsoft 365 Archive configured. A new “Archive” action will appear in SharePoint on the web for users with edit permissions; archived files are moved to a cold storage tier and must be reactivated to access. Admins can …

Read More about MC1387809 Microsoft 365 Archive: File-level archiving will be enabled by default for existing customers

Summary Microsoft Defender for Endpoint on Linux now retrieves internal configuration updates from new service URLs; these must be allowlisted per your tenant type. Affected: organizations using Defender for Endpoint on Linux endpoints (agents require outbound access to the listed URLs). Admin action: review firewall/proxy rules and allowlist the single URL that matches your tenant …

Read More about MC1388718 Microsoft Defender for Endpoint: Update to Linux connectivity requirements with new service URLs to allowlist

Summary Windows security updates will enforce Kerberos RC4 hardening on domain controllers, removing Audit mode as a rollback option after the final phase. Systems, service accounts, applications, appliances, and non‑Windows Kerberos implementations that still rely on RC4 may experience authentication failures unless remediated. Admins must detect RC4 dependencies (check System event log for Kerberos-related events) …

Read More about MC1388721 30-Day Reminder: Final deployment phase for Kerberos RC4 hardening begins with the July 2026 Windows security update

Summary Outgoing screensharing in Microsoft Teams VDI with the new SlimCore optimization will capture and process shared content on the virtual machine (VM) instead of the endpoint device; enabled by default in supported client versions. Affected: organizations using Teams in VDI environments (Azure Virtual Desktop, Windows 365, Citrix, Amazon WorkSpaces, Omnissa) and users who share …

Read More about MC1387528 Microsoft Teams VDI: Outgoing screensharing changes for SlimCore-based optimization

Summary Microsoft Purview Endpoint DLP Just-in-time protection audit logging is changing from automatic logging to an explicitly scoped setting: admins must configure which users or groups have activities audited. Affected: Purview/Endpoint DLP administrators who manage Just-in-time protection and Activity explorer visibility; audited vs blocked scopes determine whether activities are logged or enforcement occurs. Admin action …

Read More about MC1387575 Microsoft Purview | Endpoint Data Loss Prevention: Scope Just-in-time audit by user or group

Summary Update network/firewall to allow outbound ports 50118 and 50119 and the domain *.rtmpingest.mcr.teams.cloud.microsoft for RTMP-In streaming into Teams meetings, webinars, and town halls. Affected: admins who manage Teams meetings/webinars/town halls and event organizers using external hardware or software encoders; existing RTMP-In events will continue to function through end of 2026 but new events may …

Read More about MC1387814: RTMP-In port and domain changes required

Summary Storage capacity entitlement report in Power Platform admin center was incorrectly displaying data for certain Dynamics 365 applications. A misconfiguration caused incorrect storage capacity from base licenses to be reported with attach and premium licenses. A fix will ensure reporting aligns with standard licensing policy regarding storage entitlements. Attach licenses will no longer show …

Read More about MC1384733: Information about an update to storage capacity entitlement reporting

Summary Dynamics 365 Sales and Dynamics 365 Customer Service license entitlements are not granting expected read-only access to Dynamics 365 Finance and Operations apps. Affected users: anyone using Sales or Customer Service licenses who rely on read-only access to Finance & Operations data. No admin action is required; Microsoft will deploy a fix automatically (see …

Read More about MC1384395 Dynamics 365: Sales and Customer Service licenses are not granting read-only access to finance and operations

Summary Microsoft is retiring the Sora video generation experience (Sora 2) that is available through the Frontier program. Affected: organizations participating in the Frontier program that have access to the Sora experience in Copilot Create. After retirement, users will not be able to generate new videos using Sora; previously generated videos will remain accessible. Microsoft …

Read More about MC1384407: Retirement of Sora video generation experience (Frontier)

Summary Windows 365 Flex shared Cloud PCs will automatically reset to a provisioning snapshot at sign-out, removing both user and system data between user sessions unless you opt out at the provisioning policy level. Snapshots are created during provisioning and refreshed every 24 hours; resets occur on sign-out or session timeout and may show Cloud …

Read More about MC1381108: Snapshot-based reset for Windows 365 Flex shared Cloud PCs

Summary Enforced lifecycle will be applied to unlicensed OneDrive accounts so accounts that remain unlicensed/unpaid go through staged restrictions and can ultimately be permanently deleted if not preserved. Affected tenants: any tenant with OneDrive accounts that became unlicensed after license removal or user deletion. Admins can preserve data by reassigning OneDrive licenses, enabling pay-as-you-go billing …

Read More about MC1381110: Retention enforcement for unlicensed OneDrive accounts

Summary Windows 365 will change the default PowerShell execution policy applied to Cloud PCs during provisioning to RemoteSigned at the LocalMachine scope. This affects organizations that run unsigned downloaded PowerShell scripts on Cloud PCs or that enforce a stricter MachinePolicy (for example AllSigned) via Intune or Group Policy, which can cause provisioning/resize/restore failures. Admins should …

Read More about MC1381113 Windows 365: PowerShell execution policy change during Cloud PC provisioning

Summary File-level archiving for SharePoint Online (Microsoft 365 Archive) is entering General Availability: users with edit permissions will see a new “Archive” action in SharePoint on the web and files are moved to a cold storage tier while remaining discoverable. Feature is enabled by default for all SharePoint sites in tenants that have Microsoft 365 …

Read More about MC1381114: Microsoft 365 Archive: File-level archiving General Availability

Summary Data privacy message published about Microsoft Teams meeting recordings affecting your organization. Details are available only in the Microsoft 365 admin center to Global Administrators or users assigned the Message Center Privacy Reader role. IT admins should sign in to the Message Center to read the full privacy notice and follow any remediation or …

Read More about MC1333582: Issue with Teams meeting recordings [Previously MC1293001]

Summary Microsoft Teams PowerShell on Windows will default to using Web Account Manager (WAM) for Connect-MicrosoftTeams sign-ins (interactive, -Credential, -AccountId/IWA). A temporary -DisableWAM parameter is available to bypass WAM for a single connection; it will be removed in a future release. Preview availability begins in the Teams PowerShell preview (v7.8.1); admins should review and update …

Read More about MC1338817: Microsoft Teams PowerShell: Web Account Manager (WAM) becomes the default authentication broker

Summary Work IQ API is transitioning from public preview to general availability and will use consumption-based billing via Copilot Credits for usage through third-party agents and applications. Administrators must configure credit-based billing and new cost management controls in the Microsoft admin center (enable billing, create spend policies, set usage limits and alerts, and monitor the …

Read More about MC1332672: General availability of the Work IQ API with Copilot Credits billing

Summary Microsoft is introducing Microsoft Scout, the first always-on “Autopilot” personal agent that can act on behalf of users across Microsoft 365 apps (Teams, Outlook, OneDrive, SharePoint) and runs locally on user desktops. Microsoft Scout is available today as a Frontier (preview) desktop experience on Windows and macOS but is OFF by default and requires …

Read More about MC1332811: Introducing Microsoft Scout, an always-on personal agent

Summary Microsoft is updating PowerPoint Live in Teams and Teams Rooms devices must run the latest supported Teams Rooms app versions to preserve PowerPoint Live functionality (synchronized media playback, real-time inking/annotation). Affected devices: Microsoft Teams Rooms on Windows and Android; impacts Teams/PowerPoint experiences in meeting rooms. Action for IT: inventory and update Teams Rooms apps …

Read More about MC1332812 Action required: Update Teams Rooms app to maintain PowerPoint Live functionality

Summary Teams Events and Teams eCDN service plans are currently missing from Microsoft 365 E7 licenses; Microsoft will backfill the missing service plans during a remediation rollout. Affected parties: organizations using or moving to Microsoft 365 E7, licensing admins, and users who create or manage Teams events (webinars, live events, town halls). Admins must manually …

Read More about MC1332813 Microsoft 365 E7: missing Teams events and eCDN service plans – temporary impact and mitigation

Summary OneDrive mobile apps (iOS and Android) will block sign-ins that use SharePoint Server on-premises accounts; personal Microsoft accounts and Microsoft 365/Entra accounts are unaffected. Affected users: anyone signing into OneDrive mobile with SharePoint Server (on-premises 2016/2019) credentials; admins managing identity/SharePoint Server environments need to act. Recommended admin actions: identify affected users/devices, migrate identities to …

Read More about MC1332814: OneDrive mobile apps will no longer support SharePoint Server on‑premises sign-ins