Update

Summary Microsoft Teams Direct Routing will switch to certificates from a new Certificate Authority during a validation test. Organizations using Teams Direct Routing with SBCs for TLS connections may experience connection failures if SBCs do not trust the new Root CAs. This may impact PSTN calling for affected tenants. Administrators should ensure SBCs trust the …

Summary Planned changes to Advanced Security Information Model (ASIM) KQL functions in Microsoft Sentinel for Developers will enhance consistency and performance. Organizations using ASIM functions will need to transition to using the new parameter name, targetusername_has. Outdated parameters will be removed after ensuring they are not in use, enabling smoother transition for users. Security teams …

Summary The Resource Assignment tab in Microsoft Project will be deprecated and not supported, marking it as a legacy experience. Existing installations will keep the tab enabled but will highlight its deprecated status; new installations will have it disabled by default. The tab can be managed via feature control until it is completely removed in …

Summary Browsers and platforms related to Mozilla and Chrome trust stores will begin distrusting DigiCert Global Root CA (G1), affecting some organizations accessing Microsoft 365 services. Most organizations will not experience any issues, but rare legacy scenarios may lead to TLS connection failures, resulting in common error messages. No action is needed unless certificate or …

Summary A workaround is available for Windows Server 2016 devices in Egypt to address a Daylight Saving Time issue affecting calendar events. Without the workaround, clocks will not advance by one hour on April 24, 2026, but will automatically adjust on May 1, 2026. Applying the workaround allows affected devices to avoid issues during the …

Summary Power BI will retire support for embedding R and Python visuals in “Embed for your customers” and “Publish to web” scenarios. Post-retirement, reports with R or Python visuals will load but the visuals will be blank; unaffected reports will function normally. Affected users should review embedded reports and update them using supported visuals or …

Summary Microsoft released out-of-band updates to resolve issues caused by the April 2026 Windows security update. Affected devices include Windows Server 2025, which may face installation failures and repeated domain controller restarts. The OOB update for Windows Server 2025 fixes both installation failure and domain controller restart issues, while updates for other versions focus only …

Summary Microsoft 365 Copilot will transition API endpoints from the legacy office.com domain to cloud.microsoft domain, enhancing reliability and security. Users will not see changes in the interface or workflows, ensuring no impact on their experience as long as network configuration follows established guidelines. Organizations with restricted access to the cloud.microsoft domain or WSS connectivity …

Summary The Global Discovery Service (GDS) API will be retired, and its REST API endpoints will no longer be available. Applications and scripts using GDS endpoints need to be identified and updated to use the Power Platform List Environments API. Testing of updated integrations against the new endpoints is required to ensure compatibility. Authentication must …

Summary Windows 365 Cloud PCs with Secure Boot enabled must transition to Secure Boot 2023 certificates. Using expired 2011 certificates may lead to decreased protection against boot-level malware and inability to validate newer boot components. Cloud PCs without Secure Boot enabled are not affected by this change. IT administrators should ensure Secure Boot remains enabled …

Summary Microsoft Registration Campaigns will support Passkeys (FIDO2) as an additional authentication method to enhance security against phishing. Changes will automatically update from Microsoft Authenticator to Passkeys (FIDO2) for eligible tenants under certain conditions. Affected users will receive Passkey registration nudges at sign-in after completing MFA to encourage registration. Administrators can opt users into Passkey …

Summary Simplification of Planner and Project licensing with specific SKUs being retired. New purchases of Planner and Project Plan 5 will no longer be available post-End of Sale. Project Online Essentials is already End of Sale and not available for new purchases. Existing customers should plan to transition to supported SKUs based on their needs. …

Summary Licensing updates to simplify the Planner and Project SKU lineup are being implemented. Project Online will be retired on September 30, 2026. New purchases of Planner and Project Plan 5 will end after the designated date. Existing customers need to transition to supported SKUs based on their usage needs. Immediate service impact is not …

Summary DirectQuery support in the Viva Insights Connector for Power BI is being retired, encouraging a shift to Import connectivity mode. Existing DirectQuery-based Power BI reports will not refresh, and attempts to connect using DirectQuery will fail. Unpivoted schema type and Aggregated data granularity options will also be retired. Analysts need to convert DirectQuery reports …

Summary For tenants with more the 2000 users Copilot will no longer be available in Word, Excel, PowerPoint, and OneNote for users without a Microsoft 365 Copilot license. Users without the license will see the “Copilot Chat (Basic)” label, while licensed users will see “M365 Copilot (Premium).” Copilot will continue to be accessible in the …

Summary Windows updates in April 2026 will change default Kerberos ticket behavior to AES-SHA1-only for accounts without explicit encryption type settings, potentially causing authentication issues for environments relying on RC4. Audit mode will be available until July 2026 for manual rollback; after that, only Enforcement mode will remain. Organizations should monitor System event logs for …

Summary Custom theming for model-driven apps using the modern look allows for branding alignment through color, font, and header style customization. Classic theming will not be supported in the modern look, necessitating a transition to custom modern themes. Custom theming enables a cohesive color scheme, customizable app header, custom logo integration, and font overrides. The …

Summary Microsoft is retiring support for several legacy Teams Phone devices that will no longer function post-retirement. Impacted devices will not be able to sign in, make, or receive calls. Hardware replacement is necessary, as there is no automatic upgrade path. Organizations should plan to replace affected devices and communicate this change to users. Review …

Summary New auto-labeling actions for SharePoint and OneDrive will allow administrators to override or remove existing sensitivity labels automatically. Admins must configure these actions in the Microsoft Purview portal; they are not enabled by default. This change impacts organizations using auto-labeling policies, improving data governance and consistency. Relevant stakeholders should be informed that sensitivity labels …

Summary Microsoft Purview network data security now integrates with Island, enhancing data protection for browser-based workflows. This integration allows for the configuration of DLP policies to inspect data shared with unmanaged cloud apps. It requires admin action to enable; the feature is not activated by default. Existing Purview policies will apply automatically if the integration …

Summary Live transcription capabilities are being added to Microsoft Teams Rooms on Android, providing real-time transcription with speaker attribution and timestamps. Transcripts are displayed on the front-of-room screen. Only organizations with Teams Rooms Pro licenses will receive this feature. Users can start transcription easily from the room console; notifications will inform participants when transcription is …

Summary A new soft purge mitigation action will be added in Data Security Investigations (DSI) for quick removal of sensitive items. Soft purge allows items to be deleted but remain recoverable until the retention period expires. The feature is enabled by default with no need for configuration; existing DLP, labeling, and retention policies remain unchanged. …

Summary Microsoft will retire the Semi-Annual Enterprise Channel installation option for unmanaged devices in April 2026. This change affects admins managing installation options for unmanaged devices and tenants using this channel exclusively. Existing unmanaged devices on this channel will not change until manually updated; however, the channel selection will appear grayed out if switched. Devices …

Summary The Semi-Annual Enterprise Channel option will be retired from the Office Deployment Service. Organizations using the Semi-Annual Enterprise Channel will have this option removed from new deployment configurations, but existing configurations will remain unaffected. Only the Current Channel and Monthly Enterprise Channel will be available for new configurations. No immediate action is required, but …

Summary Windows 2011 Secure Boot certificates will expire, requiring updates to new certificates issued in 2023 for ongoing security. Devices will still function normally but will not receive new boot-level security protections without updated certificates. Intune can be used to manage and deploy Secure Boot certificate updates on Windows clients. Administrators should enable specific settings …

Summary The March 2026 security update is available for all supported Windows versions. It includes quality improvements and enhancements to the servicing stack. New high-confidence device targeting is added for Secure Boot certificate delivery. File Explorer search reliability is improved when searching across multiple drives. A warning dialog is added to confirm the trustworthiness of …

Summary Microsoft 365 Copilot Chat will allow users to draft, edit, and send Outlook emails directly within the chat interface. An embedded Outlook compose form will appear when users request to draft an email. The feature will be enabled by default for all users with eligible licenses. The feature will be available in the Copilot …

Summary A new “Follow” option will be available for meetings in Outlook Mobile, allowing users to stay informed when they cannot attend. The “Follow” option appears in the mobile RSVP menu, while the “Maybe” response moves to an overflow menu. The feature is enabled by default for all tenants, with prompts for organizers to record …

Summary The -Credential parameter will be removed from Connect-ExchangeOnline and Connect-IppsSession cmdlets in Exchange Online PowerShell, affecting automation scripts that use it. Organizations must migrate to supported authentication methods before upgrading to module versions released after the removal. Alternatives include switching to modern authentication with MFA, using app-only authentication for non-Azure automation, or managed identity …

Summary Windows Autopatch will enable hotpatch security updates by default for eligible Intune devices, improving security speed. Devices will receive updates without requiring a restart, securing them faster and saving an average of three to five days. A tenant setting to opt out of hotpatch updates will be available for those not ready for the …

Summary Updates to Microsoft 365 Apps released for Current Channel, Monthly Enterprise Channel, and Semi-Annual Enterprise Channel. Users on automatic updates from Office CDN will need no action; manual managers can download updates now. Release notes available for detailed information on each channel’s updates. Admin Impact: Medium User Impact: Low Release Start: 10 Mar 2026 …

Summary Private chat will be introduced in Teams Rooms on Windows for organizers, co-organizers, and presenters during structured meetings and webinars. Two chat options will be available: one for private communication among event teams and another for all attendees. Users can switch between the two chat panels using a new dropdown on the chat button. …

Summary Anthropic Claude Sonnet is now available for Microsoft 365 Copilot licensed users, alongside OpenAI models. Users can select Claude Sonnet in the model selector within Copilot Chat. Regions where Anthropic is set to “Off by default” require admin opt-in for model availability. Data protection standards remain unchanged; Anthropic is a Microsoft subprocessor. Users in …

Summary Windows Autopatch will enable hotpatch security updates by default for eligible Intune devices. Hotpatch updates allow devices to be secured faster without waiting for a restart, reducing update delay by three to five days on average. Devices will still require restarts during specified baseline months (January, April, July, and October). Recommended to ensure devices …

Summary Microsoft Agent 365 will be Generally Available (GA) after extensive customer feedback from the Frontier program. Administrator planning or evaluating Agent 365 deployment will be affected. Customers in the Frontier program will maintain access to early features and continue to provide feedback. Trial and paid options for Agent 365 will be made available before …

Summary AI citations analytics will be added to SharePoint for better tracking of document references by Microsoft Copilot and other AI agents. New metrics will include popular content based on citations, total citations for pages, and an AI citations analytics page under Site Usage. No admin action is required for enabling this feature, which will …

Summary Microsoft Entra passkeys will enable phishing-resistant, passwordless sign-in using Windows Hello methods. No impact on organizations unless they opt in to enable passkeys. Users can authenticate on both managed and unmanaged Windows devices through individual passkeys. Each passkey is device-bound and does not sync across devices, requiring separate registration for each account. Existing authentication …

Summary Outlook for iOS and Android will support recommended and automatic sensitivity labels during email composition. Users will be prompted to review suggested labels when sensitive information is detected. Automatic labels will be applied without any action required by the user. The feature is enabled by default for organizations with existing Microsoft Purview sensitivity labeling …

Summary Copilot highlights in Viva Glint will provide AI-generated summaries of employee survey results in supported reports. The feature will automatically appear as a collapsible card at the top of relevant reports, showing key insights and trends. No additional configuration is needed; it will be available when Copilot in Viva Glint is enabled. Users must …

Summary New policy configuration options in Microsoft Purview Data Loss Prevention (DLP) enhance data security for unmanaged cloud apps and Edge for Business. Administrators gain more granular controls, including scoping collection policies by sensitivity labels and defining conditions for DLP policies. Email notifications can be configured to alert users when activities are blocked. Existing policies …

Summary New feature allows switching from offline to online mode in Canvas apps to access Dataverse data. Real-time updates will be available when online mode is enabled. No action is required from users; this message is for awareness. Admin Impact: Low User Impact: High Release Start: 03 Apr 2026 Release End: 03 Apr 2026 Services: …

Summary New feature allows configuration of offline profiles using the FetchXML editor in Power Apps. Direct control over query logic for offline profiles enhances the app-building workflow. Access the FetchXML editor directly within Power Apps Studio for easier customization of data filters. No action required; message is for awareness only. For more details, visit the …