[{"id":"cve-CVE-2026-42897","source":"msrc","kind":"security","title":"Microsoft Exchange Server Spoofing Vulnerability","description":"Spoofing · Critical · CVSS 8.1 · Exploited in the wild. Affects: Exchange Server.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42897","products":["Exchange Server"],"categories":["security","critical","exploited"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.1,"cve":"CVE-2026-42897","vulnType":"Spoofing","exploited":true,"publiclyDisclosed":false,"kb":"KB5094144","kbUrl":"","kev":true,"kevDueDate":"2026-05-29","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42897","kevUrl":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"c2e98d67","srcHash":"a426483a","epss":0.0564,"epssPercentile":0.91944,"impactReason":"Exploited in the wild — CISA fix-by 2026-05-29","urgency":"Immediate","urgencyReason":"Exploited in the wild · CISA deadline passed 25d ago","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-45498","source":"msrc","kind":"security","title":"Microsoft Defender Denial of Service Vulnerability","description":"Denial of Service · Low · CVSS 4 · Exploited in the wild. Affects: Microsoft Defender Antimalware Platform.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498","products":["Microsoft Defender Antimalware Platform"],"categories":["security","exploited","disclosed"],"status":"Low","impact":"high","severity":"Low","cvss":4,"cve":"CVE-2026-45498","vulnType":"Denial of Service","exploited":true,"publiclyDisclosed":true,"kb":"","kbUrl":"","kev":true,"kevDueDate":"2026-06-03","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45498","kevUrl":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"894a9607","srcHash":"21fe413c","epss":0.63076,"epssPercentile":0.99091,"impactReason":"Exploited in the wild — CISA fix-by 2026-06-03","urgency":"Immediate","urgencyReason":"Exploited in the wild · CISA deadline passed 20d ago","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-42901","source":"msrc","kind":"security","title":"Microsoft Entra ID Elevation of Privilege Vulnerability","description":"Elevation of Privilege · Critical · CVSS 10. Affects: Microsoft Entra ID.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42901","products":["Microsoft Entra ID"],"categories":["security","critical","eop"],"status":"Critical","impact":"high","severity":"Critical","cvss":10,"cve":"CVE-2026-42901","vulnType":"Elevation of Privilege","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42901","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"a27ea11b","srcHash":"8a01bc6e","epss":0.00301,"epssPercentile":0.2155,"impactReason":"Critical severity (CVSS 10)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-54130","source":"msrc","kind":"security","title":"M365 Copilot Information Disclosure Vulnerability","description":"Information Disclosure · Critical · CVSS 9.8. Affects: Microsoft 365 Copilot.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54130","products":["Microsoft 365 Copilot"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":9.8,"cve":"CVE-2026-54130","vulnType":"Information Disclosure","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54130","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"883b53c0","srcHash":"4579112b","epss":0.00504,"epssPercentile":0.39112,"impactReason":"Critical severity (CVSS 9.8)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-33823","source":"msrc","kind":"security","title":"Microsoft Team Events Portal Information Disclosure Vulnerability","description":"Information Disclosure · Critical · CVSS 9.6. Affects: Microsoft Teams.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33823","products":["Microsoft Teams"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":9.6,"cve":"CVE-2026-33823","vulnType":"Information Disclosure","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-33823","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"cdc8c3bd","srcHash":"4c019188","epss":0.00719,"epssPercentile":0.49042,"impactReason":"Critical severity (CVSS 9.6)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-48582","source":"msrc","kind":"security","title":"Microsoft Exchange Online Elevation of Privilege Vulnerability","description":"Elevation of Privilege · Critical · CVSS 9.6. Affects: Exchange Server.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48582","products":["Exchange Server"],"categories":["security","critical","eop"],"status":"Critical","impact":"high","severity":"Critical","cvss":9.6,"cve":"CVE-2026-48582","vulnType":"Elevation of Privilege","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-48582","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"4888fee1","srcHash":"2dfcdfb8","epss":0.00398,"epssPercentile":0.31474,"impactReason":"Critical severity (CVSS 9.6)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-40379","source":"msrc","kind":"security","title":"Azure Entra ID Spoofing Vulnerability","description":"Spoofing · Critical · CVSS 9.3. Affects: Microsoft Entra ID.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40379","products":["Microsoft Entra ID"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":9.3,"cve":"CVE-2026-40379","vulnType":"Spoofing","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40379","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"3866401a","srcHash":"6c24881d","epss":0.0091,"epssPercentile":0.55306,"impactReason":"Critical severity (CVSS 9.3)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-41090","source":"msrc","kind":"security","title":"Microsoft Copilot Tampering Vulnerability","description":"Tampering · Critical · CVSS 9.3. Affects: Microsoft 365 Copilot for iOS.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41090","products":["Microsoft 365 Copilot for iOS"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":9.3,"cve":"CVE-2026-41090","vulnType":"Tampering","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41090","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"493c85e9","srcHash":"ff760bea","epss":0.0042,"epssPercentile":0.33516,"impactReason":"Critical severity (CVSS 9.3)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-48579","source":"msrc","kind":"security","title":"Microsoft Exchange Online Information Disclosure Vulnerability","description":"Information Disclosure · Critical · CVSS 9.1. Affects: Exchange Server.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48579","products":["Exchange Server"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":9.1,"cve":"CVE-2026-48579","vulnType":"Information Disclosure","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-48579","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"d53c57fa","srcHash":"de843195","epss":0.01015,"epssPercentile":0.58753,"impactReason":"Critical severity (CVSS 9.1)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-33843","source":"msrc","kind":"security","title":"Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability","description":"Elevation of Privilege · Critical · CVSS 9.1. Affects: Microsoft Entra ID.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33843","products":["Microsoft Entra ID"],"categories":["security","critical","eop"],"status":"Critical","impact":"high","severity":"Critical","cvss":9.1,"cve":"CVE-2026-33843","vulnType":"Elevation of Privilege","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-33843","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"c1b97063","srcHash":"c4178896","epss":0.00473,"epssPercentile":0.37226,"impactReason":"Critical severity (CVSS 9.1)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-40365","source":"msrc","kind":"security","title":"Microsoft SharePoint Server Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.8. Affects: SharePoint Server.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40365","products":["SharePoint Server"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.8,"cve":"CVE-2026-40365","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002868","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108651","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40365","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"b922c7c3","srcHash":"c1cd7de6","epss":0.00961,"epssPercentile":0.5697,"impactReason":"Critical severity (CVSS 8.8)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-47645","source":"msrc","kind":"security","title":"Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability","description":"Elevation of Privilege · Critical · CVSS 8.8. Affects: Microsoft 365 Copilot.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47645","products":["Microsoft 365 Copilot"],"categories":["security","critical","eop"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.8,"cve":"CVE-2026-47645","vulnType":"Elevation of Privilege","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-47645","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"531d3549","srcHash":"269ed180","epss":0.00417,"epssPercentile":0.33236,"impactReason":"Critical severity (CVSS 8.8)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-40364","source":"msrc","kind":"security","title":"Microsoft Word Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC, Microsoft Word.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40364","products":["Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC","Microsoft Word"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-40364","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002858","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108649","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40364","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"cc276af8","srcHash":"ff6c4ac9","epss":0.04421,"epssPercentile":0.90098,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-40361","source":"msrc","kind":"security","title":"Microsoft Outlook and Word Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC, Microsoft Word.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361","products":["Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC","Microsoft Word"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-40361","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002858","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108649","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40361","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"bedcbcc5","srcHash":"b903ad9c","epss":0.00605,"epssPercentile":0.44278,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-40367","source":"msrc","kind":"security","title":"Microsoft Word Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: SharePoint Server, Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC, Microsoft Word.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40367","products":["SharePoint Server","Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC","Microsoft Word"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-40367","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002868","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108651","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40367","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"49356dc9","srcHash":"de559d08","epss":0.00453,"epssPercentile":0.35953,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-45456","source":"msrc","kind":"security","title":"Microsoft Outlook and Word Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office 365 for Mac, SharePoint Server, Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45456","products":["Microsoft Office 365 for Mac","SharePoint Server","Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-45456","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002880","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108696","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45456","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"580ce35b","srcHash":"193d141e","epss":0.00438,"epssPercentile":0.34879,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-45458","source":"msrc","kind":"security","title":"Microsoft Outlook and Word Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office 365 for Mac, SharePoint Server, Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45458","products":["Microsoft Office 365 for Mac","SharePoint Server","Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-45458","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002880","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108696","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45458","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"34359c19","srcHash":"a0bdd298","epss":0.00438,"epssPercentile":0.34879,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-40363","source":"msrc","kind":"security","title":"Microsoft Office Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC, Microsoft Office for Android.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40363","products":["Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC","Microsoft Office for Android"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-40363","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002866","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108647","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40363","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"ecb2d4d1","srcHash":"f9a54df0","epss":0.00383,"epssPercentile":0.29984,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-40366","source":"msrc","kind":"security","title":"Microsoft Word Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC, Microsoft Word.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40366","products":["Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC","Microsoft Word"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-40366","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002858","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108649","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40366","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"83eaa802","srcHash":"6df94c7f","epss":0.00383,"epssPercentile":0.29984,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-40358","source":"msrc","kind":"security","title":"Microsoft Office Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40358","products":["Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-40358","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002866","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108647","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40358","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"fd2f91ff","srcHash":"28312dea","epss":0.00369,"epssPercentile":0.2857,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-45474","source":"msrc","kind":"security","title":"Microsoft Office Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office 365 for Mac, Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC, Microsoft Office for Android.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45474","products":["Microsoft Office 365 for Mac","Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC","Microsoft Office for Android"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-45474","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002878","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108688","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45474","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"7b9fe4d9","srcHash":"f1e8d58","epss":0.00364,"epssPercentile":0.28126,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-45461","source":"msrc","kind":"security","title":"Microsoft Office Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office for Android, Microsoft Office 365 for Mac, Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45461","products":["Microsoft Office for Android","Microsoft Office 365 for Mac","Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-45461","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002878","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108688","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45461","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"631ab313","srcHash":"990c42b6","epss":0.00364,"epssPercentile":0.28125,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-45472","source":"msrc","kind":"security","title":"Microsoft Office Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC, Microsoft Office for Android, Microsoft Office 365 for Mac.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45472","products":["Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC","Microsoft Office for Android","Microsoft Office 365 for Mac"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-45472","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002878","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108688","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45472","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"f4e9e8b7","srcHash":"807c8842","epss":0.00339,"epssPercentile":0.25611,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-45463","source":"msrc","kind":"security","title":"Microsoft Office Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office 365 for Mac, Microsoft Office for Android, Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45463","products":["Microsoft Office 365 for Mac","Microsoft Office for Android","Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-45463","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5002878","kbUrl":"https://www.microsoft.com/en-us/download/details.aspx?id=108688","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45463","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"828fee89","srcHash":"9a330fc8","epss":0.00339,"epssPercentile":0.25611,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-47635","source":"msrc","kind":"security","title":"Microsoft Outlook and Word Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 8.4. Affects: Microsoft Office LTSC.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47635","products":["Microsoft Office LTSC"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":8.4,"cve":"CVE-2026-47635","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-47635","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"164d1734","srcHash":"7cb6217d","epss":0.00333,"epssPercentile":0.24989,"impactReason":"Critical severity (CVSS 8.4)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-44803","source":"msrc","kind":"security","title":"Windows Graphics Component Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 7.8. Affects: Windows 10 Version, Windows Server, Windows 10 Version 21H2 for 32-bit Systems, Windows 10 Version 21H2 for ARM64-based Systems, Windows 10 Version 21H2 for x64-based Systems, Windows 10 Version 22H2 for x64-based Systems.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44803","products":["Windows 10 Version","Windows Server","Windows 10 Version 21H2 for 32-bit Systems","Windows 10 Version 21H2 for ARM64-based Systems","Windows 10 Version 21H2 for x64-based Systems","Windows 10 Version 22H2 for x64-based Systems"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":7.8,"cve":"CVE-2026-44803","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5094123","kbUrl":"https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44803","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"4e05ffc8","srcHash":"4c881ed9","epss":0.00437,"epssPercentile":0.34797,"impactReason":"Critical severity (CVSS 7.8)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-44812","source":"msrc","kind":"security","title":"Windows Graphics Component Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 7.8. Affects: Windows 10 Version, Windows Server, Windows 10 Version 21H2 for 32-bit Systems, Windows 10 Version 21H2 for ARM64-based Systems, Windows 10 Version 21H2 for x64-based Systems, Windows 10 Version 22H2 for x64-based Systems.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44812","products":["Windows 10 Version","Windows Server","Windows 10 Version 21H2 for 32-bit Systems","Windows 10 Version 21H2 for ARM64-based Systems","Windows 10 Version 21H2 for x64-based Systems","Windows 10 Version 22H2 for x64-based Systems"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":7.8,"cve":"CVE-2026-44812","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"KB5094123","kbUrl":"https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5094123","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44812","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"886db78e","srcHash":"dfca553","epss":0.00437,"epssPercentile":0.34796,"impactReason":"Critical severity (CVSS 7.8)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-42831","source":"msrc","kind":"security","title":"Microsoft Office Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 7.8. Affects: Microsoft Office LTSC for Mac, Microsoft Office for Android.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42831","products":["Microsoft Office LTSC for Mac","Microsoft Office for Android"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":7.8,"cve":"CVE-2026-42831","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42831","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"dc9180c4","srcHash":"17dc468d","epss":0.00437,"epssPercentile":0.34797,"impactReason":"Critical severity (CVSS 7.8)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-45497","source":"msrc","kind":"security","title":"Microsoft M365 Copilot Remote Code Execution Vulnerability","description":"Remote Code Execution · Critical · CVSS 7.7. Affects: Microsoft 365 Copilot.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45497","products":["Microsoft 365 Copilot"],"categories":["security","critical","rce"],"status":"Critical","impact":"high","severity":"Critical","cvss":7.7,"cve":"CVE-2026-45497","vulnType":"Remote Code Execution","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45497","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"13e903f5","srcHash":"67ced28c","epss":0.00452,"epssPercentile":0.35901,"impactReason":"Critical severity (CVSS 7.7)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-26129","source":"msrc","kind":"security","title":"M365 Copilot Information Disclosure Vulnerability","description":"Information Disclosure · Critical · CVSS 7.5. Affects: Microsoft 365 Copilot's Business Chat.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26129","products":["Microsoft 365 Copilot's Business Chat"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":7.5,"cve":"CVE-2026-26129","vulnType":"Information Disclosure","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-26129","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"1f9bfba6","srcHash":"b9d4a8f1","epss":0.01135,"epssPercentile":0.62359,"impactReason":"Critical severity (CVSS 7.5)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-26164","source":"msrc","kind":"security","title":"M365 Copilot Information Disclosure Vulnerability","description":"Information Disclosure · Critical · CVSS 7.5. Affects: Microsoft 365 Copilot's Business Chat.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26164","products":["Microsoft 365 Copilot's Business Chat"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":7.5,"cve":"CVE-2026-26164","vulnType":"Information Disclosure","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-26164","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"152d8ddf","srcHash":"e239d74a","epss":0.00799,"epssPercentile":0.51759,"impactReason":"Critical severity (CVSS 7.5)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-23663","source":"msrc","kind":"security","title":"Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability","description":"Elevation of Privilege · Critical · CVSS 7.5. Affects: Microsoft Global Secure Access (GSA).","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23663","products":["Microsoft Global Secure Access (GSA)"],"categories":["security","critical","eop"],"status":"Critical","impact":"high","severity":"Critical","cvss":7.5,"cve":"CVE-2026-23663","vulnType":"Elevation of Privilege","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-23663","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"cd511047","srcHash":"e6a9e11a","epss":0.00551,"epssPercentile":0.41729,"impactReason":"Critical severity (CVSS 7.5)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-42824","source":"msrc","kind":"security","title":"M365 Copilot Information Disclosure Vulnerability","description":"Information Disclosure · Critical · CVSS 6.5. Affects: Microsoft 365 Copilot.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42824","products":["Microsoft 365 Copilot"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":6.5,"cve":"CVE-2026-42824","vulnType":"Information Disclosure","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42824","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"4f8fb513","srcHash":"b0b4a21e","epss":0.0764,"epssPercentile":0.93781,"impactReason":"Critical severity (CVSS 6.5)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-42827","source":"msrc","kind":"security","title":"M365 Copilot Information Disclosure Vulnerability","description":"Information Disclosure · Critical · CVSS 6.5. Affects: Microsoft 365 Copilot.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42827","products":["Microsoft 365 Copilot"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":6.5,"cve":"CVE-2026-42827","vulnType":"Information Disclosure","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42827","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"b63e3a38","srcHash":"edc0f383","epss":0.00503,"epssPercentile":0.39013,"impactReason":"Critical severity (CVSS 6.5)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-42895","source":"msrc","kind":"security","title":"Microsoft Copilot Tampering Vulnerability","description":"Tampering · Critical · CVSS 6.5. Affects: Microsoft 365 Copilot.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42895","products":["Microsoft 365 Copilot"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":6.5,"cve":"CVE-2026-42895","vulnType":"Tampering","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42895","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"34408bb2","srcHash":"96a8350d","epss":0.00388,"epssPercentile":0.30491,"impactReason":"Critical severity (CVSS 6.5)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"cve-CVE-2026-45460","source":"msrc","kind":"security","title":"Microsoft Office Information Disclosure Vulnerability","description":"Information Disclosure · Critical · CVSS 4.7. Affects: Microsoft Office for Android, Microsoft Office 365 for Mac, Microsoft Office, Microsoft 365 Apps, Microsoft Office LTSC for Mac, Microsoft Office LTSC.","link":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45460","products":["Microsoft Office for Android","Microsoft Office 365 for Mac","Microsoft Office","Microsoft 365 Apps","Microsoft Office LTSC for Mac","Microsoft Office LTSC"],"categories":["security","critical"],"status":"Critical","impact":"high","severity":"Critical","cvss":4.7,"cve":"CVE-2026-45460","vulnType":"Information Disclosure","exploited":false,"publiclyDisclosed":false,"kb":"","kbUrl":"","kev":false,"kevDueDate":"","nvdUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45460","kevUrl":"","patchDate":"2026-06-23","created":"2026-06-23T00:00:00.000Z","modified":"2026-06-23T00:00:00.000Z","hash":"209130db","srcHash":"14eb97e6","epss":0.00357,"epssPercentile":0.27402,"impactReason":"Critical severity (CVSS 4.7)","urgency":"Monitor","urgencyReason":"Critical severity, no known exploitation","adminAction":"","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"gr-f793fd36","source":"graph","kind":"api-change","title":"Added the migrate method to the crossTenantMigrationJob resource. Changed the behavior of the validate method on the…","description":"Added the migrate method to the crossTenantMigrationJob resource. Changed the behavior of the validate method on the crossTenantMigrationJob resource to validate an existing job as an entity-bound action. Going forward, use the POST /solutions/migrations/crossTenantMigrationJobs/{crossTenantMigrationJobId}/validate endpoint to trigger the validation of an existing cross-tenant migration job. Removed the displayName parameter from the validate method. Removed the completeAfterDateTime parameter from the validate method. Removed the sourceTenantId parameter from the validate method. Removed the exchangeSettings parameter from the validate method. Removed the workloads parameter from the validate method. Removed the resourceType parameter from the validate method. Removed the resources parameter from the validate method.","link":"db208668-ad3c-46cb-b07c-aceb3e8f0fbfbeta","products":["Microsoft Graph","Tenants"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-06-19T23:11:16.000Z","modified":"2026-06-19T23:11:16.000Z","hash":"1580a32b","srcHash":"b713221a","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Added the migrate method to the crossTenantMigrationJob resource.","lastChange":{"type":"new","detectedAt":"2026-06-23T16:49:09.418Z","diffSummary":"","cosmetic":false}},{"id":"gr-bba89bdb","source":"graph","kind":"api-change","title":"Added the policyTip member to the dlpAction enumeration. Removed the overrideOption property from the notifyUserActio…","description":"Added the policyTip member to the dlpAction enumeration. Removed the overrideOption property from the notifyUserAction resource. Removed the policyTip property from the notifyUserAction resource. Added the policyTipAction resource.","link":"c9d06e62-9da2-47bc-9a90-6940b8078c55beta","products":["Microsoft Graph","Security"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-06-19T16:29:50.000Z","modified":"2026-06-19T16:29:50.000Z","hash":"c18c16b4","srcHash":"327858d5","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the overrideOption property from the notifyUserAction resource.","lastChange":{"type":"new","detectedAt":"2026-06-23T16:49:09.418Z","diffSummary":"","cosmetic":false}},{"id":"gr-8304a64b","source":"graph","kind":"api-change","title":"Added the detectionRuleStatus enumeration type. Added the accountObjectIdAction resource. Added the accountSidAction…","description":"Added the detectionRuleStatus enumeration type. Added the accountObjectIdAction resource. Added the accountSidAction resource. Added the alertCustomDetails resource. Removed the alertTemplate resource. Deprecated the allowFileResponseAction resource. Added the automatedAction resource. Added the automatedActionSet resource. Deprecated the blockFileResponseAction resource. Deprecated the collectInvestigationPackageResponseAction resource. Removed the detectionAction resource. Added the deviceAction resource. Deprecated the disableUserResponseAction resource. Added the emailAction resource. Added the fileAction resource. Deprecated the forceUserPasswordResetResponseAction resource. Deprecated the hardDeleteResponseAction resource. Deprecated the impactedAsset resource. Deprecated the impactedDeviceAsset resource. Deprecated the impactedMailboxAsset resource. Deprecated the impactedUserAsset resource. Deprecated the initiateInvestigationResponseAction resource. Added the isolateDeviceAction resource. Deprecated the isolateDeviceResponseAction resource. Deprecated the markUserAsCompromisedResponseAction resource. Added the mitreTactic resource. Added the mitreTechnique resource. Deprecated the moveToDeletedItemsResponseAction resource. Deprecated the moveToInboxResponseAction resource. Deprecated the moveToJunkResponseAction resource. Added the deviceGroups property to the organizationalScope resource. Deprecated the organizationalScope resource. Deprecated the organizationalScope resource. Deprecated the queryCondition resource. Deprecated the responseAction resource. Deprecated the restrictAppExecutionResponseAction resource. Added the frequency property to the ruleSchedule resource. Deprecated the ruleSchedule resource. Deprecated the ruleSchedule resource. Deprecated the runAntivirusScanResponseAction resource. Deprecated the runDetails resource. Deprecated the softDeleteResponseAction resource. Added the stopAndQuarantineFileAction resource. Deprecated the stopAndQuarantineFileResponseAction resource. Added the accountEntityMapping resource. Added the alertTemplate resource. Added the amazonResourceEntityMapping resource. Added the azureResourceEntityMapping resource. Added the cloudApplicationEntityMapping resource. Added the detectionAction resource. Added the createdBy property to the detectionRule resource. Added the createdDateTime property to the detectionRule resource. Added the description property to the detectionRule resource. Removed the detectionAction property from the detectionRule resource. Deprecated the detectionRule resource. Added the displayName property to the detectionRule resource. Added the id property to the detectionRule resource. Added the isEnabled property to the detectionRule resource. Added the lastModifiedBy property to the detectionRule resource. Added the lastModifiedDateTime property to the detectionRule resource. Deprecated the detectionRule resource. Added the status property to the detectionRule resource. Added the detectionAction relationship to the detectionRule resource. Added the dnsEntityMapping resource. Added the entityMapping resource. Added the entityMappingConfiguration resource. Added the fileEntityMapping resource. Added the googleCloudResourceEntityMapping resource. Added the hostEntityMapping resource. Added the ipEntityMapping resource. Added the mailboxEntityMapping resource. Added the mailClusterEntityMapping resource. Added the mailMessageEntityMapping resource. Added the oAuthApplicationEntityMapping resource. Added the processEntityMapping resource. Removed the protectionRule resource. Added the registryValueEntityMapping resource. Added the securityGroupEntityMapping resource. Added the urlEntityMapping resource.","link":"d00fba97-7866-4478-ad29-386b813a4125beta","products":["Microsoft Graph","Security"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-06-17T09:12:53.000Z","modified":"2026-06-17T09:12:53.000Z","hash":"771e695a","srcHash":"9d8a8783","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the alertTemplate resource.","lastChange":{"type":"new","detectedAt":"2026-06-23T16:49:09.418Z","diffSummary":"","cosmetic":false}},{"id":"rm-561914","source":"roadmap","kind":"feature","title":"Microsoft Teams: Mandatory pre-meeting consent","description":"We are providing a new configuration experience in Teams Admin Center where tenant admins can enable and customize an explicit consent message before joining any meeting hosted in their organization.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=561914","products":["Microsoft Teams"],"categories":["feature","breaking","in-development"],"status":"In development","impact":"high","gaTarget":"August CY2026","targetDate":"2026-08-01","cloudInstances":["Worldwide (Standard Multi-Tenant)","GCC","GCC High","DoD"],"platforms":["Android","Desktop","iOS","Mac"],"created":"2026-05-27T23:15:50.000Z","modified":"2026-06-16T23:00:10.000Z","hash":"c1ba215","srcHash":"c1ba215","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"We are providing a new configuration experience in Teams Admin Center where tenant admins can enable and customize an explicit consent message before joining any meeting hosted in their organization.","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"rm-565905","source":"roadmap","kind":"feature","title":"Microsoft Copilot (Microsoft 365): People Skills- removal and deletion admin control","description":"A new admin control in the People Skills settings lets administrators permanently remove their organization's People Skills data from the tenant. With this new control, organizations can delete their entire skills library along with all users confirmed, inferred, and imported skills data—giving them full control to offboard from People Skills in support of data governance and compliance needs.\nOnce deletion is initiated, skills will no longer appear on user profile cards or be used across Microsoft 365 skills-based experiences such as Copilot and Viva. The control is admin-only with no automatic changes.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=565905","products":["Microsoft Copilot (Microsoft 365)"],"categories":["feature","breaking","in-development"],"status":"In development","impact":"high","gaTarget":"July CY2026","targetDate":"2026-07-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Web"],"created":"2026-06-15T23:00:45.000Z","modified":"2026-06-15T23:00:45.000Z","hash":"f17ba7db","srcHash":"f17ba7db","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"Once deletion is initiated, skills will no longer appear on user profile cards or be used across Microsoft 365 skills-based experiences such as Copilot and Viva.","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"rm-561041","source":"roadmap","kind":"feature","title":"Microsoft Edge: v. 149 - Unifying Copilot Chat policy controls","description":"The Microsoft365CopilotChatIconEnabled policy is becoming the standard for configuring Copilot Chat. Extension and sidebar policies will no longer affect the appearance or functionality of Copilot Chat.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=561041","products":["Microsoft Edge","Microsoft Copilot (Microsoft 365)"],"categories":["feature","breaking","launched"],"status":"Launched","impact":"high","gaTarget":"June CY2026","targetDate":"2026-06-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Web"],"created":"2026-04-29T23:15:48.000Z","modified":"2026-06-09T20:46:16.000Z","hash":"e262fcec","srcHash":"e262fcec","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"Extension and sidebar policies will no longer affect the appearance or functionality of Copilot Chat.","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"rm-553595","source":"roadmap","kind":"feature","title":"Microsoft Copilot (Microsoft 365): Copy Tables in Microsoft 365 Copilot Chat","description":"Users can now copy tables created in Copilot. Leverage Copilot to make your content better and use it anywhere you need to.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=553595","products":["Microsoft Copilot (Microsoft 365)"],"categories":["feature","breaking","launched"],"status":"Launched","impact":"high","gaTarget":"June CY2026","targetDate":"2026-06-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Desktop","Mac","Teams and Surface Devices","Web"],"created":"2026-02-03T00:15:51.000Z","modified":"2026-06-09T20:46:16.000Z","hash":"67a5cb72","srcHash":"67a5cb72","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"Leverage Copilot to make your content better and use it anywhere you need to.","lastChange":{"type":"new","detectedAt":"2026-06-23T08:38:02.953Z","diffSummary":"","cosmetic":false}},{"id":"rm-563807","source":"roadmap","kind":"feature","title":"Outlook: Choose to Show Unread or Total Count for Each Folder","description":"You can now pick whether each folder in your folder pane shows the unread count or the total item count. Until now, Outlook only displayed unread counts, but sometimes you need to see how many items are in a folder overall. Just right-click any folder and choose whether to show the total or unread count. It gives you more control over how you keep track of your email without changing how anything else works. #newoutlookforwindows","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=563807","products":["Outlook"],"categories":["feature","breaking","preview","in-development"],"status":"In development","impact":"high","gaTarget":"October CY2026","targetDate":"2026-10-01","cloudInstances":["Worldwide (Standard Multi-Tenant)","GCC","GCC High","DoD"],"platforms":["Desktop","Web"],"created":"2026-05-21T23:15:57.000Z","modified":"2026-05-21T23:15:57.000Z","hash":"f225b710","srcHash":"f225b710","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"Until now, Outlook only displayed unread counts, but sometimes you need to see how many items are in a folder overall."},{"id":"gr-4fc994c3","source":"graph","kind":"api-change","title":"Removed the troubleshootDetailsReport member from the cloudPCTroubleshootReportType enumeration. Removed the troubles…","description":"Removed the troubleshootDetailsReport member from the cloudPCTroubleshootReportType enumeration. Removed the troubleshootTrendCountReport member from the cloudPCTroubleshootReportType enumeration. Removed the troubleshootRegionalReport member from the cloudPCTroubleshootReportType enumeration. Removed the troubleshootIssueCountReport member from the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantGlobalFilterReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantNetworkTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantNetworkAggregatedReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantConnectionFailureRateTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantConnectionFailureRateAggregatedReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantCloudPCHealthTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantCloudPCHealthAggregatedReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantActiveConnectionCountTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantActiveConnectionCountAggregatedReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantMeanTimeToFailureTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantMeanTimeToFailureAggregatedReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantRemoteSignInTimeTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantRemoteSignInTimeAggregatedReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootEventsOfViewDataTableReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantEnvironmentMetricsOfViewDataTableReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCMetricsOfViewDataTableReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootConfigurationConnectionCountTrendV1Report member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootConfigurationTotalConnectionCountBarV1Report member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootConfigurationGlobalFilterV1Report member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootConnectionConfigurationOfViewDataTableV1Report member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootTenantConnectedDevicesOfViewDataTableReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootEnvironmentOverviewOfViewDataTableReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCNetworkTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCNetworkAggregatedReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCErrorTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCErrorAggregatedReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCDurationTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCDurationAggregatedReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCRemoteSignInTimeTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCRemoteSignInTimeAggregatedReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCListReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootCloudPCHealthTrendReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootMatchedUserReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootMatchedCloudPCReport member to the cloudPCTroubleshootReportType enumeration. Added the troubleshootUserListReport member to the cloudPCTroubleshootReportType enumeration.","link":"a509d571-b0c7-4e88-a1ea-c034f854bd73beta","products":["Microsoft Graph","Device and app management"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-05-20T00:00:00.000Z","modified":"2026-05-20T00:00:00.000Z","hash":"5051f681","srcHash":"810dc68b","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the troubleshootDetailsReport member from the cloudPCTroubleshootReportType enumeration."},{"id":"rm-558442","source":"roadmap","kind":"feature","title":"Outlook: Improved handling of disallowed and failed email reactions","description":"Emails with reactions disallowed will now see the Reactions button grayed out correctly. Additionally, when any attempt to react fails, the local update will no longer remain onscreen and be properly undone.","link":"https://learn.microsoft.com/en-us/microsoft-365-apps/outlook/manage/manage-outlook-reactions?view=o365-worldwide","products":["Outlook"],"categories":["feature","breaking","preview","launched"],"status":"Launched","impact":"high","gaTarget":"May CY2026","targetDate":"2026-05-01","cloudInstances":["Worldwide (Standard Multi-Tenant)","GCC","GCC High","DoD"],"platforms":["Desktop"],"created":"2026-03-23T23:15:39.000Z","modified":"2026-05-18T22:30:51.000Z","hash":"d7e81bfd","srcHash":"d7e81bfd","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"Additionally, when any attempt to react fails, the local update will no longer remain onscreen and be properly undone."},{"id":"gr-fca66526","source":"graph","kind":"api-change","title":"Removed the GET operation from the photoUpdateSettings resource. Removed the POST operation from the photoUpdateSetti…","description":"Removed the GET operation from the photoUpdateSettings resource. Removed the POST operation from the photoUpdateSettings resource. Removed the DELETE operation from the photoUpdateSettings resource.","link":"b700e7e9-db00-4dd0-971c-f707508ec7ccbeta","products":["Microsoft Graph","People and workplace intelligence"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-05-14T14:35:08.000Z","modified":"2026-05-14T14:35:08.000Z","hash":"2f5a5f19","srcHash":"79fbeebc","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the GET operation from the photoUpdateSettings resource."},{"id":"entra-6abea325","source":"entra","kind":"entra","title":"Enhanced admin authorization for Microsoft Entra Connect Sync configuration changes","description":"We're enhancing the security posture of Microsoft Entra Connect Sync by introducing interactive admin authorization for configuration changes. With this update, an authorized administrator will need to sign in and explicitly approve changes to sync settings, ensuring that configuration updates are intentional and made by the right person.","link":"https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#upcoming-change-enhanced-admin-authorization-for-microsoft-entra-connect-sync-configuration-changes","products":["Microsoft Entra ID","Entra Connect"],"categories":["entra","retiring"],"status":"Upcoming","impact":"high","ring":"Upcoming","serviceCategory":"Entra Connect","created":"2026-05-01T00:00:00.000Z","modified":"2026-05-01T00:00:00.000Z","hash":"6abea325","srcHash":"5190432c","impactReason":"Retirement / removal — plan migration","urgency":"Soon","urgencyReason":"Retirement / migration planned","adminAction":"With this update, an authorized administrator will need to sign in and explicitly approve changes to sync settings, ensuring that configuration updates are intentional and made by the right person."},{"id":"rm-406948","source":"roadmap","kind":"feature","title":"Outlook: Replace quick compose pop-up with inline appointment creation in new Outlook for Windows and web","description":"Following further review, this feature continues in development. We apologize for any inconvenience. When single clicking on an empty time slot on the calendar surface, the quick compose pop-up will no longer be shown - instead, you will be able to create an appointment by typing directly in the time slot on the calendar grid, just as you can in classic Outlook for Windows. There will be no change to double click behavior, the full compose form will still open as it does today. #newoutlookforwindows","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=406948","products":["Outlook"],"categories":["feature","breaking","launched"],"status":"Launched","impact":"high","gaTarget":"October CY2025","targetDate":"2025-10-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Desktop","Web"],"created":"2024-07-16T23:15:43.000Z","modified":"2026-04-13T23:15:13.000Z","hash":"1373d0f8","srcHash":"1373d0f8","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"When single clicking on an empty time slot on the calendar surface, the quick compose pop-up will no longer be shown - instead, you will be able to create an appointment by typing directly in the t…"},{"id":"rm-558543","source":"roadmap","kind":"feature","title":"Microsoft Teams: Spoken language detection is now automatic","description":"Spoken language detection is now fully automatic. Teams will automatically detect each speaker’s spoken language and update it in real time as the conversation evolves. Manual spoken language selection will no longer be available. This applies to both live captions and transcripts when Interpreter is enabled or when multilingual speech recognition is turned on in meeting options, helping deliver more accurate language recognition and a more consistent multilingual meeting experience.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=558543","products":["Microsoft Teams","Microsoft Copilot (Microsoft 365)"],"categories":["feature","retiring","breaking","rolling-out"],"status":"Rolling out","impact":"high","gaTarget":"April CY2026","targetDate":"2026-04-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Android","Desktop","iOS","Mac","Web"],"created":"2026-03-12T23:00:54.000Z","modified":"2026-04-06T23:15:32.000Z","hash":"2e5db022","srcHash":"2e5db022","impactReason":"Retirement / removal — plan migration","urgency":"Immediate","urgencyReason":"Retirement date passed","adminAction":"Manual spoken language selection will no longer be available."},{"id":"rm-392456","source":"roadmap","kind":"feature","title":"Microsoft Purview compliance portal: Data Lifecycle Management - Bulk replacement or removal of a retention label","description":"Admins can perform a bulk replacement or removal of a retention label using the Purview compliance portal. They can perform the action across the entire tenant or targeted to specific content using KQL and static or adaptive scopes.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=392456","products":["Microsoft Purview"],"categories":["feature","retiring","preview","in-development"],"status":"In development","impact":"high","gaTarget":"December CY2026","targetDate":"2026-12-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Web"],"created":"2024-04-12T22:15:37.000Z","modified":"2026-04-03T22:15:57.000Z","hash":"863d7e12","srcHash":"863d7e12","impactReason":"Retirement / removal — plan migration","urgency":"Soon","urgencyReason":"Retirement / migration planned","adminAction":""},{"id":"gr-3ee000f6","source":"graph","kind":"api-change","title":"Added the keyCredentials property to the appManagementConfiguration resource. Added the passwordCredentials property…","description":"Added the keyCredentials property to the appManagementConfiguration resource. Added the passwordCredentials property to the appManagementConfiguration resource. Removed the keyCredentials relationship from the appManagementConfiguration resource. Removed the passwordCredentials relationship from the appManagementConfiguration resource. Added the customSecurityAttributes property to the appManagementPolicyActorExemptions resource. Removed the customSecurityAttributes relationship from the appManagementPolicyActorExemptions resource. Changed the customSecurityAttributeExemption resource from an entity type to a complex type. Changed the customSecurityAttributeStringValueExemption resource from an entity type to a complex type. Changed the keyCredentialConfiguration resource from an entity type to a complex type. Changed the passwordCredentialConfiguration resource from an entity type to a complex type.","link":"f2b5b750-90b4-4c8a-a9a6-cd06636331c0beta","products":["Microsoft Graph","Identity and access"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-04-01T14:40:09.000Z","modified":"2026-04-01T14:40:09.000Z","hash":"f25bb2db","srcHash":"f987e74a","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the keyCredentials relationship from the appManagementConfiguration resource."},{"id":"entra-287e2359","source":"entra","kind":"entra","title":"Migrate from Microsoft Entra Connect Sync to Microsoft Entra Cloud Sync","description":"As organizations look to strengthen identity security and advance their Zero Trust strategies, many are looking for simpler, more reliable ways to manage hybrid identity. To support these needs, we’re beginning the transition from Microsoft Entra Connect Sync to the cloud‑native Microsoft Entra Cloud Sync - helping reduce on‑premises complexity while improving security, reliability, and day‑to‑day manageability.","link":"https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#upcoming-change-migrate-from-microsoft-entra-connect-sync-to-microsoft-entra-cloud-sync","products":["Microsoft Entra ID","Entra Connect"],"categories":["entra","retiring"],"status":"Upcoming","impact":"high","ring":"Upcoming","serviceCategory":"Entra Connect","created":"2026-04-01T00:00:00.000Z","modified":"2026-04-01T00:00:00.000Z","hash":"287e2359","srcHash":"2573ba91","impactReason":"Retirement / removal — plan migration","urgency":"Soon","urgencyReason":"Retirement / migration planned","adminAction":""},{"id":"entra-6ce3d2fe","source":"entra","kind":"entra","title":"Update SCIM provisioning applications to use modern authentication","description":"SCIM provisioning applications that use the OAuth 2.0 Authorization Code grant will be updated to support modern authentication methods, such as OAuth 2.0 Client Credentials and workload identity federation.","link":"https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#plan-for-change-update-scim-provisioning-applications-to-use-modern-authentication","products":["Microsoft Entra ID","Provisioning"],"categories":["entra","retiring"],"status":"Upcoming","impact":"high","ring":"Upcoming","serviceCategory":"Provisioning","created":"2026-04-01T00:00:00.000Z","modified":"2026-04-01T00:00:00.000Z","hash":"6ce3d2fe","srcHash":"c86f777d","impactReason":"Retirement / removal — plan migration","urgency":"Soon","urgencyReason":"Retirement / migration planned","adminAction":""},{"id":"entra-1dabb335","source":"entra","kind":"entra","title":"Switch from basic auth to workload identity based auth for SAP SuccessFactors provisioning integrations","description":"Microsoft Entra is introducing workload identity–based authentication for SAP SuccessFactors provisioning. This new capability allows the Microsoft Entra provisioning service to authenticate to SAP SuccessFactors using Entra workload identity and short‑lived tokens instead of static credentials (username and password).","link":"https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#plan-for-change-switch-from-basic-auth-to-workload-identity-based-auth-for-sap-successfactors-provisioning-integrations","products":["Microsoft Entra ID","Provisioning"],"categories":["entra","retiring"],"status":"Upcoming","impact":"high","ring":"Upcoming","serviceCategory":"Provisioning","created":"2026-04-01T00:00:00.000Z","modified":"2026-04-01T00:00:00.000Z","hash":"1dabb335","srcHash":"38428175","impactReason":"Retirement / removal — plan migration","urgency":"Soon","urgencyReason":"Retirement / migration planned","adminAction":""},{"id":"rm-543423","source":"roadmap","kind":"feature","title":"Microsoft Copilot (Microsoft 365): Chat History Landing page: Filtering UI Refresh","description":"To help you quickly find the conversations that matter, we’re updating the Chat History filtering experience. This refresh makes the interface simpler and makes it easier to clear filters whenever you need to.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=543423","products":["Microsoft Copilot (Microsoft 365)"],"categories":["feature","breaking","launched"],"status":"Launched","impact":"high","gaTarget":"January CY2026","targetDate":"2026-01-01","cloudInstances":["Worldwide (Standard Multi-Tenant)","GCC","GCC High","DoD"],"platforms":["Web"],"created":"2025-12-23T00:00:28.000Z","modified":"2026-03-06T23:00:47.000Z","hash":"4726ba78","srcHash":"4726ba78","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"This refresh makes the interface simpler and makes it easier to clear filters whenever you need to."},{"id":"gr-c20e3cf2","source":"graph","kind":"api-change","title":"Added the samsungEFotaFirmwareVersion resource. Added the samsungEFotaFirmwareVersionTarget resource. Added the samsu…","description":"Added the samsungEFotaFirmwareVersion resource. Added the samsungEFotaFirmwareVersionTarget resource. Added the samsungEFotaFirmwareVersions property to the deviceManagement resource. Removed the samsungEFotaFirmwareVersions relationship from the deviceManagement resource. Removed the samsungEFotaFirmwareVersion resource. Removed the samsungEFotaFirmwareVersionTarget resource. Added the androidAppCredentialProviderRoleState enumeration type. Added the credentialProviderRoleState property to the androidForWorkMobileAppConfiguration resource. Added the credentialProviderRoleState property to the androidManagedStoreAppConfiguration resource. Added the wpa3Personal member to the wiFiSecurityType enumeration. Added the isKioskModeExitCodeSet property to the androidDeviceOwnerGeneralDeviceConfiguration resource. Added the controlledConfigurationEnabled property to the windowsProtectionState resource. Added the windowsZtdnsExemptionRule resource. Added the deviceConfiguration resource. Added the windowsZtdnsConfiguration resource. Added the releaseAppleDevices method to the depOnboardingSetting resource. Added the deviceAndAppManagementAssignmentFilterType enumeration type. Added the deviceAndAppManagementAssignmentSource enumeration type. Added the deviceAndAppManagementPayloadType enumeration type. Added the devicePlatformType enumeration type. Added the allDevicesAssignmentTarget resource. Added the allLicensedUsersAssignmentTarget resource. Added the configurationManagerCollectionAssignmentTarget resource. Added the deviceAndAppManagementAssignmentTarget resource. Added the exclusionGroupAssignmentTarget resource. Added the groupAssignmentTarget resource. Added the deviceManagement resource.","link":"1ef2d0c3-3ec9-407b-acd4-1ee9791691cebeta","products":["Microsoft Graph","Microsoft.Intune.AndroidFOTA"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-03-04T05:09:51.000Z","modified":"2026-03-04T05:09:51.000Z","hash":"4dfc0e86","srcHash":"645dac6e","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the samsungEFotaFirmwareVersions relationship from the deviceManagement resource."},{"id":"rm-392457","source":"roadmap","kind":"feature","title":"Microsoft Purview compliance portal: Data Lifecycle Management - Bulk replacement or removal of a retention label","description":"Admins can perform a bulk replacement or removal of a retention label using the Purview compliance portal. They can perform the action across the entire tenant or targeted to specific content using KQL and static or adaptive scopes.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=392457","products":["Microsoft Purview"],"categories":["feature","retiring","in-development"],"status":"In development","impact":"high","gaTarget":"December CY2026","targetDate":"2026-12-01","cloudInstances":["GCC","GCC High","DoD"],"platforms":["Web"],"created":"2024-04-18T23:15:11.000Z","modified":"2026-03-04T00:15:19.000Z","hash":"863d7e12","srcHash":"863d7e12","impactReason":"Retirement / removal — plan migration","urgency":"Soon","urgencyReason":"Retirement / migration planned","adminAction":""},{"id":"gr-65afc44c","source":"graph","kind":"api-change","title":"Removed the domain property from the externalTokenBasedSapIagConnectionInfo resource.","description":"Removed the domain property from the externalTokenBasedSapIagConnectionInfo resource.","link":"8c6bfd24-a94d-4fb2-b1df-9f1539efadc7beta","products":["Microsoft Graph","Identity and access"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-03-02T17:16:43.000Z","modified":"2026-03-02T17:16:43.000Z","hash":"2101cefa","srcHash":"fbabe44b","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the domain property from the externalTokenBasedSapIagConnectionInfo resource."},{"id":"entra-74151c31","source":"entra","kind":"entra","title":"Plan for change – Agent Registry consolidation into Microsoft Agent 365","description":"We’re consolidating agent management experiences to make it easier to observe, govern, and secure all agents in your tenant. Agent 365 will be the single source of truth, offering a unified catalog, consistent visibility, and simplified management.","link":"https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#plan-for-change-agent-registry-consolidation-into-microsoft-agent-365","products":["Microsoft Entra ID","Other"],"categories":["entra","retiring"],"status":"Upcoming","impact":"high","ring":"Upcoming","serviceCategory":"Other","created":"2026-03-01T00:00:00.000Z","modified":"2026-03-01T00:00:00.000Z","hash":"74151c31","srcHash":"3b3a2dd6","impactReason":"Retirement / removal — plan migration","urgency":"Soon","urgencyReason":"Retirement / migration planned","adminAction":""},{"id":"gr-e3d5aef0","source":"graph","kind":"api-change","title":"Updated the FileStorageContainerType.Manage.All delegated permission to no longer require admin consent. Updated the…","description":"Updated the FileStorageContainerType.Manage.All delegated permission to no longer require admin consent. Updated the FileStorageContainerTypeReg.Manage.All delegated permission to no longer require admin consent. Updated the ThreatSubmission.Read delegated permission to now require admin consent. Updated the ThreatSubmission.ReadWrite delegated permission to now require admin consent.","link":"74c50b70-259d-4c6e-80fb-2c15dde1e827v1.0","products":["Microsoft Graph","Permissions"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"v1.0","created":"2026-02-23T10:54:33.000Z","modified":"2026-02-23T10:54:33.000Z","hash":"d68eef94","srcHash":"fb9a836a","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Updated the FileStorageContainerType.Manage.All delegated permission to no longer require admin consent."},{"id":"gr-6c71e109","source":"graph","kind":"api-change","title":"Removed the allowedAudiences property from the profilePropertySetting resource. Added the displayName property to the…","description":"Removed the allowedAudiences property from the profilePropertySetting resource. Added the displayName property to the profilePropertySetting resource. Removed the isUserOverrideForAudienceEnabled property from the profilePropertySetting resource.","link":"1184eb27-ecdb-488f-b59c-24a35ecd8688beta","products":["Microsoft Graph","People and workplace intelligence"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-02-20T13:49:03.000Z","modified":"2026-02-20T13:49:03.000Z","hash":"92c61a12","srcHash":"2de703d6","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the allowedAudiences property from the profilePropertySetting resource."},{"id":"gr-a07d5aaf","source":"graph","kind":"api-change","title":"Added the fotaConnectorState enumeration type. Added the fotaDeploymentErrorCode enumeration type. Added the fotaDepl…","description":"Added the fotaConnectorState enumeration type. Added the fotaDeploymentErrorCode enumeration type. Added the fotaDeploymentState enumeration type. Added the fotaDownloadPeriodType enumeration type. Added the fotaFirmwareUpdateType enumeration type. Added the fotaNetworkType enumeration type. Added the fotaOemType enumeration type. Added the fotaRegistrationErrorCode enumeration type. Added the fotaRegistrationState enumeration type. Added the samsungEFotaScheduleMode enumeration type. Added the fotaDeploymentSetting resource. Added the fotaDeploymentStatus resource. Added the fotaDeviceRegistrationStatus resource. Added the samsungEFotaDeploymentSetting resource. Added the fotaConnector relationship to the deviceManagement resource. Added the fotaConnectors relationship to the deviceManagement resource. Added the fotaDeployments relationship to the deviceManagement resource. Added the samsungEFotaDeployments relationship to the deviceManagement resource. Added the samsungEFotaFirmwareVersions relationship to the deviceManagement resource. Added the fotaConnector resource. Added the fotaDeployment resource. Added the samsungEFotaDeployment resource. Added the samsungEFotaFirmwareVersion resource. Added the samsungEFotaFirmwareVersionTarget resource. Added the cancel method to the fotaDeployment resource. Added the connect method to the fotaConnector resource. Added the deregister method to the fotaConnector resource. Added the disconnect method to the fotaConnector resource. Added the oem parameter to the getZebraFotaDeploymentReport method. Added the register method to the fotaConnector resource. Added the retrieveFotaDeploymentReport method to the deviceManagementReports resource. Added the retrieveFotaDeviceRegistrationReport method to the deviceManagementReports resource. Added the hasActiveDeployments method to the fotaConnector resource. Added the retrieveConsumerSoftwareCustomizationCode method to the fotaConnector resource. Added the retrieveDeployment method to the fotaDeployment resource. Added the retrieveDeployments method to the fotaDeployment resource. Added the retrieveFotaAuthorizationUrl method to the fotaConnector resource. Added the retrieveFotaConnector method to the fotaConnector resource. Added the retrieveFotaDeviceModels method to the fotaConnector resource. Added the retrieveSalesCodes method to the fotaConnector resource. Added the productDescription property to the mobileAppCatalogPackage resource. Added the branchId property to the win32MobileAppCatalogPackage resource. Added the windowsAutoUpdateCatalogApp resource. Removed the iosDdmLobAppAssignmentSettings resource. Added the windowsRecoveryAndRemediationConfiguration member to the deviceManagementConfigurationTemplateFamily enumeration. Removed the sendDeviceOwnershipChangePushNotification property from the intuneBrand resource. Added the suspendManagedHomeScreen member to the remoteAction enumeration. Added the restoreManagedHomeScreen member to the remoteAction enumeration. Added the deviceLocalAdminAccountDetail resource. Added the macOSDeviceLocalAdminAccountDetail resource. Added the restoreManagedHomeScreen method to the managedDevice resource. Added the rotateRecoveryLockPasscode method to the managedDevice resource. Added the suspendManagedHomeScreen method to the managedDevice resource. Added the retrieveDeviceLocalAdminAccountDetail method to the managedDevice resource. Added the retrieveRecoveryLockPasscode method to the managedDevice resource. Added the usePlatformSSODuringSetupAssistant property to the depMacOSEnrollmentProfile resource. Removed the deviceWipe member from the operationApprovalPolicyType enumeration. Added the deviceRetire member to the operationApprovalPolicyType enumeration. Added the deviceDelete member to the operationApprovalPolicyType enumeration. Added the tenantConfiguration member to the operationApprovalPolicyType enumeration. Added the id property to the deviceManagementReports resource. Removed the sendDeviceOwnershipChangePushNotification property from the intuneBrandingProfile resource.","link":"ecdc4a82-2cc6-4e2c-93b5-cc79d8e012c1beta","products":["Microsoft Graph","Microsoft.Intune.AndroidFOTA"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-02-09T06:37:12.000Z","modified":"2026-02-09T06:37:12.000Z","hash":"9a39e2c0","srcHash":"b312d963","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the iosDdmLobAppAssignmentSettings resource."},{"id":"gr-3ea332d4","source":"graph","kind":"api-change","title":"Added the resourceAccessStatus enumeration type. Added the resourceAccessType enumeration type. Added the aiAgentInfo…","description":"Added the resourceAccessStatus enumeration type. Added the resourceAccessType enumeration type. Added the aiAgentInfo resource. Added the aiInteractionEntity resource. Removed the identifier property from the aiInteractionPlugin resource. Removed the name property from the aiInteractionPlugin resource. Removed the version property from the aiInteractionPlugin resource. Deprecated the processConversationMetadata resource. Deprecated the accessedResources property in the processConversationMetadata resource. Use the accessedResources_v2 property instead. Added the accessedResources_v2 property to the processConversationMetadata resource. Added the agents property to the processConversationMetadata resource. Added the resourceAccessDetail resource.","link":"f96a028e-2d2a-441a-a2c3-8801ca553fa4v1.0","products":["Microsoft Graph","Security"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"v1.0","created":"2026-02-06T23:35:19.000Z","modified":"2026-02-06T23:35:19.000Z","hash":"18018271","srcHash":"5f21fea4","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the identifier property from the aiInteractionPlugin resource."},{"id":"gr-b64e9e55","source":"graph","kind":"api-change","title":"Removed the group member from the siteTemplateType enumeration.","description":"Removed the group member from the siteTemplateType enumeration.","link":"63571f7b-e1cf-4ebc-8002-4fd80c16828bv1.0","products":["Microsoft Graph","Sites and lists"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"v1.0","created":"2026-02-06T15:52:02.000Z","modified":"2026-02-06T15:52:02.000Z","hash":"a42802ca","srcHash":"b64e9e55","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"Removed the group member from the siteTemplateType enumeration."},{"id":"entra-7249c67f","source":"entra","kind":"entra","title":"Upcoming change – Microsoft Entra Connect security update to block hard match for users with Microsoft Entra roles","description":"What is Hard-matching in Microsoft Entra Connect Sync and Cloud Sync?","link":"https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#upcoming-change-microsoft-entra-connect-security-update-to-block-hard-match-for-users-with-microsoft-entra-roles","products":["Microsoft Entra ID","Entra Connect"],"categories":["entra","retiring"],"status":"Upcoming","impact":"high","ring":"Upcoming","serviceCategory":"Entra Connect","created":"2026-02-01T00:00:00.000Z","modified":"2026-02-01T00:00:00.000Z","hash":"7249c67f","srcHash":"235a8ba","impactReason":"Retirement / removal — plan migration","urgency":"Soon","urgencyReason":"Retirement / migration planned","adminAction":""},{"id":"rm-542795","source":"roadmap","kind":"feature","title":"Microsoft Teams: Automatic removal of EXIF data from shared images","description":"Teams will automatically remove hidden metadata (EXIF) from images shared in conversations. This privacy protection helps prevent sensitive information such as photo location and device details from being shared without your knowledge.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=542795","products":["Microsoft Teams"],"categories":["feature","retiring","rolling-out"],"status":"Rolling out","impact":"high","gaTarget":"February CY2026","targetDate":"2026-02-01","cloudInstances":["Worldwide (Standard Multi-Tenant)","GCC","GCC High","DoD"],"platforms":["Desktop"],"created":"2025-12-19T00:15:46.000Z","modified":"2026-01-30T23:15:49.000Z","hash":"f82d7949","srcHash":"9e971745","impactReason":"Retirement / removal — plan migration","urgency":"Immediate","urgencyReason":"Retirement date passed","adminAction":""},{"id":"rm-498922","source":"roadmap","kind":"feature","title":"Microsoft Viva: Focus Area simplification and enhancements","description":"Beginning with this feature release, Focus Areas will be associated with survey cycles and goal periods will be retired. Users will be able to select the same Focus Area across multiple cycles. The Focus Area Overview report will be filterable to groups of interest (e.g. managers only). Draft/deleted Focus Areas will no longer be included in Focus Area calculations.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=498922","products":["Microsoft Viva"],"categories":["feature","breaking","launched"],"status":"Launched","impact":"high","gaTarget":"January CY2026","targetDate":"2026-01-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Web"],"created":"2025-07-24T23:15:15.000Z","modified":"2026-01-28T00:00:53.000Z","hash":"66b9f2f4","srcHash":"afee0578","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"Draft/deleted Focus Areas will no longer be included in Focus Area calculations."},{"id":"gr-6b89ea54","source":"graph","kind":"api-change","title":"Added the resourceAccessStatus enumeration type. Added the resourceAccessType enumeration type. Added the aiAgentInfo…","description":"Added the resourceAccessStatus enumeration type. Added the resourceAccessType enumeration type. Added the aiAgentInfo resource type. Added the aiInteractionEntity resource type. Removed the identifier property from the aiInteractionPlugin resource in favor of the identifier property inherited from its base type. Removed the name property from the aiInteractionPlugin resource in favor of the name property inherited from its base type. Removed the version property from the aiInteractionPlugin resource in favor of the version property inherited from its base type. Deprecated the accessedResources property of the processConversationMetadata resource. The accessedResources property is deprecated and stopped returning data on August 20, 2025. Going forward, use the accessedResources_v2 property. Added the accessedResources_v2 property to the processConversationMetadata resource. Added the agents property to the processConversationMetadata resource. Added the resourceAccessDetail resource type.","link":"e72bfd48-4fdc-4e10-9d29-89785912a3bebeta","products":["Microsoft Graph","Security"],"categories":["api-change","deprecation"],"status":"Deprecation","impact":"high","ring":"beta","created":"2026-01-14T00:00:00.000Z","modified":"2026-01-14T00:00:00.000Z","hash":"70579c60","srcHash":"b412894b","impactReason":"API deprecation — update before it's removed","urgency":"Soon","urgencyReason":"API deprecation — update before removal","adminAction":"By August 20, 2025: Removed the identifier property from the aiInteractionPlugin resource in favor of the identifier property inherited from its base type."},{"id":"rm-489454","source":"roadmap","kind":"feature","title":"Microsoft Purview: Data Loss Prevention OCR Cost Estimator Support for MAC Endpoints","description":"OCR Cost Estimator allows you to estimate the potential cost for using Optical Character Recognition. This means that you will no longer be required to set up an Azure Subscription for billing first and can accurately estimate the cost you would have incurred while using OCR. This will help you to identify the optimal configuration settings for OCR as per your requirements. Cost Estimator can be used for 30 days and will not scan images for sensitive content.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=489454","products":["Microsoft Purview"],"categories":["feature","breaking","rolling-out"],"status":"Rolling out","impact":"high","gaTarget":"December CY2025","targetDate":"2025-12-01","cloudInstances":["GCC","GCC High","DoD"],"platforms":["Web"],"created":"2025-04-14T23:15:33.000Z","modified":"2025-12-02T00:16:00.000Z","hash":"f9e4e798","srcHash":"82e8d2c0","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"This means that you will no longer be required to set up an Azure Subscription for billing first and can accurately estimate the cost you would have incurred while using OCR."},{"id":"rm-500380","source":"roadmap","kind":"feature","title":"Microsoft Teams: Private channels increased limits and transition to group compliance","description":"We are updating private channels to align with compliance model for all channels. After this change, compliance policies applied to the team (M365 Group) will apply to all channels in the team - across standard, private, and shared. Private channels will no longer need user level targeting of policies different from other channels, and private channel compliance messages will no longer be copied to user mailboxes, relying on a dedicated, internal mailbox per channel like shared channels. In addition, limits for private channels will be increased so each team can have more than 30 private channels, up to the 1000 total channel limit per team. Private channel member limits will increase from 250 to 5000. You will also be able to schedule meetings in private channels.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=500380","products":["Microsoft Teams"],"categories":["feature","breaking","rolling-out"],"status":"Rolling out","impact":"high","gaTarget":"October CY2025","targetDate":"2025-10-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Android","Desktop","iOS","Mac"],"created":"2025-08-19T23:15:40.000Z","modified":"2025-10-28T23:15:02.000Z","hash":"2555ab45","srcHash":"5f2a98b5","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"Private channels will no longer need user level targeting of policies different from other channels, and private channel compliance messages will no longer be copied to user mailboxes, relying on a…"},{"id":"rm-493324","source":"roadmap","kind":"feature","title":"Microsoft Viva: Viva Glint - Delete survey cycles","description":"This feature enables Glint Admins to delete survey cycles within a configured program. When a cycle is deleted, all associated data—including reporting—will be removed from the platform. The feature is intended for removing obsolete or test cycles that are no longer needed.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=493324","products":["Microsoft Viva"],"categories":["feature","retiring","launched"],"status":"Launched","impact":"high","gaTarget":"November CY2025","targetDate":"2025-11-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Web"],"created":"2025-06-27T22:15:28.000Z","modified":"2025-10-21T23:15:01.000Z","hash":"4fe9525a","srcHash":"4fe9525a","impactReason":"Retirement / removal — plan migration","urgency":"Immediate","urgencyReason":"Retirement date passed","adminAction":"When a cycle is deleted, all associated data—including reporting—will be removed from the platform."},{"id":"rm-481155","source":"roadmap","kind":"feature","title":"Microsoft Viva: Group-less campaigns in Viva Amplify","description":"We are streamlining the campaign management experience in Viva Amplify and campaigns will no longer be tied to M365 groups. As such, M365 Group admins will no longer be a required role to configure Viva Amplify and only SharePoint admin role will be required. Also, when you create a campaign, there will no longer be a campaign channel tied to the Viva Amplify campaign, simplifying the campaign creation experience.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=481155","products":["Microsoft Viva"],"categories":["feature","breaking","launched"],"status":"Launched","impact":"high","gaTarget":"June CY2025","targetDate":"2025-06-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Web"],"created":"2025-03-21T23:15:06.000Z","modified":"2025-09-04T23:15:49.000Z","hash":"a88da2cd","srcHash":"a88da2cd","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"We are streamlining the campaign management experience in Viva Amplify and campaigns will no longer be tied to M365 groups."},{"id":"rm-420946","source":"roadmap","kind":"feature","title":"Microsoft Viva: Viva Engage - Leaders updated via group sync","description":"Currently, leaders are managed in Viva Engage manually. If you wish to add or remove leaders, you need to go to Engage to do so. This feature will allow you to define a group that includes users who should be designated as leaders. As you add or remove people from that group, they will gain or lose privileges accordingly. The manual method will continue to be available.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=420946","products":["Microsoft Viva"],"categories":["feature","breaking","in-development"],"status":"In development","impact":"high","gaTarget":"May CY2025","targetDate":"2025-05-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Web"],"created":"2024-10-09T23:15:44.000Z","modified":"2025-04-14T16:45:06.000Z","hash":"4194722","srcHash":"4194722","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"If you wish to add or remove leaders, you need to go to Engage to do so."},{"id":"rm-405753","source":"roadmap","kind":"feature","title":"Microsoft Copilot (Microsoft 365): Copilot takes emails and meetings into account while drafting content in Word","description":"You will no longer need to reference certain types of organizational data for Copilot to generate contextually relevant content. People and chats will still need to be referenced explicitly.","link":"https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=405753","products":["Microsoft Copilot (Microsoft 365)","Word"],"categories":["feature","breaking","in-development"],"status":"In development","impact":"high","gaTarget":"March CY2025","targetDate":"2025-03-01","cloudInstances":["Worldwide (Standard Multi-Tenant)"],"platforms":["Web"],"created":"2024-07-09T18:30:38.000Z","modified":"2025-03-04T00:30:04.000Z","hash":"eb1ae440","srcHash":"eb1ae440","impactReason":"Breaking change — admin action may be required","urgency":"Soon","urgencyReason":"Breaking change — admin action may be required","adminAction":"You will no longer need to reference certain types of organizational data for Copilot to generate contextually relevant content."}]