Summary Microsoft 365 Copilot Cowork is moving to general availability worldwide, while Frontier remains the early-access channel for new capabilities. Frontier Cowork is changing to usage-based billing, with a grace period for existing users and required billing setup to keep access after the grace period ends. Admins need to configure pay-as-you-go billing and review spending …
Update
Summary Copilot Cowork is now generally available worldwide for eligible users, with a new experience that adds multi-model capabilities, plugins, updated skill management/navigation, Microsoft Purview integration, and branded templates/image creation. Access is limited to users with a Microsoft 365 Copilot license and requires usage-based billing through Copilot Credits; without billing enabled, users cannot use Cowork. …
Summary Microsoft Teams is adding new admin controls for governing how applications and agents access meeting transcripts through the Microsoft Graph API. The controls apply to transcripts with and without speaker attribution, giving admins more granular control over transcript data access. Tenant administrators managing Teams and Graph API permissions are affected, especially where apps or …
Summary Microsoft is retiring support for Microsoft Defender for Endpoint on Amazon Linux 2 (ARM64); devices running AL2 on AMD64/x86_64 are not affected. The last supported MDE agent for AL2 (ARM64) is version 101.25122.0004; later Defender releases will not install on that architecture. Admins must identify devices running Amazon Linux 2 (ARM64), prevent upgrades beyond …
Summary The OneDrive (Consumer) connector used in Power Platform (flows, apps, and agents) is being deprecated and will be removed; OneDrive for Business connector is not affected. After the deprecation starts, new flows/apps/agents will no longer be able to use the consumer connector; existing items must be reviewed and migrated before retirement. IT must inventory …
Summary File-level archiving for Microsoft 365 Archive will be turned on by default for tenants that already have Microsoft 365 Archive configured. A new “Archive” action will appear in SharePoint on the web for users with edit permissions; archived files are moved to a cold storage tier and must be reactivated to access. Admins can …
Summary Microsoft Defender for Endpoint on Linux now retrieves internal configuration updates from new service URLs; these must be allowlisted per your tenant type. Affected: organizations using Defender for Endpoint on Linux endpoints (agents require outbound access to the listed URLs). Admin action: review firewall/proxy rules and allowlist the single URL that matches your tenant …
Summary Windows security updates will enforce Kerberos RC4 hardening on domain controllers, removing Audit mode as a rollback option after the final phase. Systems, service accounts, applications, appliances, and non‑Windows Kerberos implementations that still rely on RC4 may experience authentication failures unless remediated. Admins must detect RC4 dependencies (check System event log for Kerberos-related events) …
Summary Outgoing screensharing in Microsoft Teams VDI with the new SlimCore optimization will capture and process shared content on the virtual machine (VM) instead of the endpoint device; enabled by default in supported client versions. Affected: organizations using Teams in VDI environments (Azure Virtual Desktop, Windows 365, Citrix, Amazon WorkSpaces, Omnissa) and users who share …
Summary Microsoft Purview Endpoint DLP Just-in-time protection audit logging is changing from automatic logging to an explicitly scoped setting: admins must configure which users or groups have activities audited. Affected: Purview/Endpoint DLP administrators who manage Just-in-time protection and Activity explorer visibility; audited vs blocked scopes determine whether activities are logged or enforcement occurs. Admin action …
Summary Update network/firewall to allow outbound ports 50118 and 50119 and the domain *.rtmpingest.mcr.teams.cloud.microsoft for RTMP-In streaming into Teams meetings, webinars, and town halls. Affected: admins who manage Teams meetings/webinars/town halls and event organizers using external hardware or software encoders; existing RTMP-In events will continue to function through end of 2026 but new events may …
Summary Storage capacity entitlement report in Power Platform admin center was incorrectly displaying data for certain Dynamics 365 applications. A misconfiguration caused incorrect storage capacity from base licenses to be reported with attach and premium licenses. A fix will ensure reporting aligns with standard licensing policy regarding storage entitlements. Attach licenses will no longer show …
Summary Dynamics 365 Sales and Dynamics 365 Customer Service license entitlements are not granting expected read-only access to Dynamics 365 Finance and Operations apps. Affected users: anyone using Sales or Customer Service licenses who rely on read-only access to Finance & Operations data. No admin action is required; Microsoft will deploy a fix automatically (see …
Summary Microsoft is retiring the Sora video generation experience (Sora 2) that is available through the Frontier program. Affected: organizations participating in the Frontier program that have access to the Sora experience in Copilot Create. After retirement, users will not be able to generate new videos using Sora; previously generated videos will remain accessible. Microsoft …
Summary Windows 365 Flex shared Cloud PCs will automatically reset to a provisioning snapshot at sign-out, removing both user and system data between user sessions unless you opt out at the provisioning policy level. Snapshots are created during provisioning and refreshed every 24 hours; resets occur on sign-out or session timeout and may show Cloud …
Summary Enforced lifecycle will be applied to unlicensed OneDrive accounts so accounts that remain unlicensed/unpaid go through staged restrictions and can ultimately be permanently deleted if not preserved. Affected tenants: any tenant with OneDrive accounts that became unlicensed after license removal or user deletion. Admins can preserve data by reassigning OneDrive licenses, enabling pay-as-you-go billing …
Summary Windows 365 will change the default PowerShell execution policy applied to Cloud PCs during provisioning to RemoteSigned at the LocalMachine scope. This affects organizations that run unsigned downloaded PowerShell scripts on Cloud PCs or that enforce a stricter MachinePolicy (for example AllSigned) via Intune or Group Policy, which can cause provisioning/resize/restore failures. Admins should …
Summary File-level archiving for SharePoint Online (Microsoft 365 Archive) is entering General Availability: users with edit permissions will see a new “Archive” action in SharePoint on the web and files are moved to a cold storage tier while remaining discoverable. Feature is enabled by default for all SharePoint sites in tenants that have Microsoft 365 …
Summary Data privacy message published about Microsoft Teams meeting recordings affecting your organization. Details are available only in the Microsoft 365 admin center to Global Administrators or users assigned the Message Center Privacy Reader role. IT admins should sign in to the Message Center to read the full privacy notice and follow any remediation or …
Summary Microsoft Teams PowerShell on Windows will default to using Web Account Manager (WAM) for Connect-MicrosoftTeams sign-ins (interactive, -Credential, -AccountId/IWA). A temporary -DisableWAM parameter is available to bypass WAM for a single connection; it will be removed in a future release. Preview availability begins in the Teams PowerShell preview (v7.8.1); admins should review and update …
Summary Work IQ API is transitioning from public preview to general availability and will use consumption-based billing via Copilot Credits for usage through third-party agents and applications. Administrators must configure credit-based billing and new cost management controls in the Microsoft admin center (enable billing, create spend policies, set usage limits and alerts, and monitor the …
Summary Microsoft is introducing Microsoft Scout, the first always-on “Autopilot” personal agent that can act on behalf of users across Microsoft 365 apps (Teams, Outlook, OneDrive, SharePoint) and runs locally on user desktops. Microsoft Scout is available today as a Frontier (preview) desktop experience on Windows and macOS but is OFF by default and requires …
Summary Microsoft is updating PowerPoint Live in Teams and Teams Rooms devices must run the latest supported Teams Rooms app versions to preserve PowerPoint Live functionality (synchronized media playback, real-time inking/annotation). Affected devices: Microsoft Teams Rooms on Windows and Android; impacts Teams/PowerPoint experiences in meeting rooms. Action for IT: inventory and update Teams Rooms apps …
Summary Teams Events and Teams eCDN service plans are currently missing from Microsoft 365 E7 licenses; Microsoft will backfill the missing service plans during a remediation rollout. Affected parties: organizations using or moving to Microsoft 365 E7, licensing admins, and users who create or manage Teams events (webinars, live events, town halls). Admins must manually …
Summary OneDrive mobile apps (iOS and Android) will block sign-ins that use SharePoint Server on-premises accounts; personal Microsoft accounts and Microsoft 365/Entra accounts are unaffected. Affected users: anyone signing into OneDrive mobile with SharePoint Server (on-premises 2016/2019) credentials; admins managing identity/SharePoint Server environments need to act. Recommended admin actions: identify affected users/devices, migrate identities to …
Summary New self-service data retention policy is being added to the Viva Glint admin experience allowing admins to set how long survey data is kept (numeric months; min 6, max 1000). By default Glint data is retained indefinitely while a tenant has an active Viva Glint subscription; when retention periods are met, applicable survey data …
Summary Microsoft is removing SMB signature inspection events (ActionType == “NetworkSignatureInspected” with SignatureName == “SMB_Client”) from Defender for Endpoint Advanced Hunting. Affected: security administrators and analysts with custom detection rules, saved/scheduled hunting queries, or automated workflows that reference SMB_Client signature events. No admin opt-out: the change is on by default; other network signature inspection events …
Summary Microsoft is retiring Teams Live Events; organizations must stop scheduling new Live Events and move to Teams events. Affects organizations using Teams Live Events, event organizers, producers, and admins who manage events and integrations. Integrations or automation that rely on Live Events or the Graph API isBroadcast property may break and need code or …
Summary SSPR will require users to have explicitly registered authentication methods for password reset verification; directory attributes (mobilePhone, businessPhone, otherMails) will no longer be accepted unless registered. This affects all users (including admins) in tenants with SSPR enabled across Public cloud and US Government clouds (GCC, GCC High, DoD). Admins must review registration coverage, ensure …
Summary Microsoft 365 Copilot will support real-time desktop screen and mobile camera sharing during Copilot voice sessions; vision is enabled by default and processes only content shared during the active session. Admins can disable screen and camera sharing in the Microsoft 365 admin center (Copilot > Settings > Copilot Actions > Screen and camera sharing); …
Summary Conditional Access policies scoped to “Register security information” will now be enforced when users set up Windows Hello for Business (WHfB) or register macOS Platform SSO credentials. Users who do not meet the targeted Conditional Access grant requirements (MFA, authentication strength, trusted location, FIDO2 key, etc.) will be blocked from completing WHfB or macOS …
Summary Microsoft Teams will enforce Information Barriers (IB) between users in the same tenant even when they participate in external group chats, calls, or meetings; this enforcement is enabled by default for tenants that have IB configured. Applies to Teams chat, group chat, meetings, and calls across desktop, web, and mobile clients; existing IB policies …
Summary Microsoft 365 Copilot will support real-time desktop screen and mobile camera sharing during Copilot voice sessions; vision is enabled by default and processes only content shared during the active session. Admins can disable screen and camera sharing in the Microsoft 365 admin center (Copilot > Settings > Copilot Actions > Screen and camera sharing); …
Summary SSPR will require users to have explicitly registered authentication methods for password reset verification; directory attributes (mobilePhone, businessPhone, otherMails) will no longer be accepted unless registered. This affects all users (including admins) in tenants with SSPR enabled across Public cloud and US Government clouds (GCC, GCC High, DoD). Admins must review registration coverage, ensure …
Summary Microsoft is retiring Teams Live Events; organizations must stop scheduling new Live Events and move to Teams events. Affects organizations using Teams Live Events, event organizers, producers, and admins who manage events and integrations. Integrations or automation that rely on Live Events or the Graph API isBroadcast property may break and need code or …
Summary Get-MailDetailTransportRuleReport and Get-MailTrafficPolicyReport will only return transport rule data when the caller explicitly includes -EventType TransportRuleHits or -EventType TransportRuleActionHits. Affected parties: Exchange Online administrators, messaging/security/compliance teams, and any automation, scheduled jobs, or reports that rely on these two cmdlets. Action required: review and update all PowerShell scripts and automation that call these cmdlets to …
Summary Visio desktop’s built-in export to Power Automate (BPMN export) is being retired; the Export button/pane and Show Flow Markup will be removed from the Visio UI. Affected users: anyone who uses Visio desktop to export BPMN diagrams as Power Automate cloud flows; existing flows exported from Visio will continue to run and Visio diagrams/templates …
Summary A Data Privacy notice (Microsoft Online Services Subprocessor Disclosure) is available in the Microsoft 365 Message Center. The full disclosure can only be viewed by a Global Administrator or someone assigned the Message Center Privacy Reader role; sign in to the Admin Center > Message center to read it. Applies broadly to the Microsoft …
Summary Microsoft is retiring the Microsoft 365 Usage Analytics Power BI template app; new downloads will be blocked and existing installations will stop receiving data and refreshes at end of support. Affected: admins and analysts who use the template app for Microsoft 365 usage, adoption, or activity reporting; organizations that rely on dashboards built from …
Summary Free upgrade path for eligible K‑12 devices from Windows 11 Home to Windows 11 Pro Education; admin initiation is required (run Clipupgrade.exe) and a restart completes the upgrade. Applies only to K‑12 Education tenants with a verified Academic Entra domain; admins must sign in with a school IT administrator account to validate eligibility. Upgraded …
Summary Microsoft is changing Dataverse ingress IPs which will consolidate and narrow the service tag IP ranges used by Dataverse infrastructure. This impacts outbound connections to Dataverse (including Dataverse TDS) if your network/firewall or web proxy allow-lists specific IP addresses instead of the PowerPlatformInfra regional service tags. Admins must review Power Platform URLs and IP …
Summary Microsoft published updated mitigation guidance and a Microsoft-provided script for CVE-2026-45585 (Windows BitLocker security feature bypass) that replaces previously documented manual mitigation steps. The mitigation applies to BitLocker on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 — review inventory for these OS versions and BitLocker usage. Administrators should review the Microsoft Security …