Everything detected changing across Microsoft 365 this ISO week.
PreviewMicrosoft Defender XDR
Entity enrichments with threat intelligence: Entity pages for IP addresses, domains, URLs, and files now include a Threat Intelligence Insights tab that surfaces enrichment data from Microsoft Threat Intelligence directly in the investigation workflow. Enrichments include reputation scores, attributed threat reports, infrastructure relationships, and sandbox analysis, eliminating the need to switch between separate tools during investigations. For more information, see View threat intelligence in entity pages.
betaMicrosoft GraphTenants
Added the migrate method to the crossTenantMigrationJob resource. Changed the behavior of the validate method on the crossTenantMigrationJob resource to validate an existing job as an entity-bound action. Going forward, use the POST /solutions/migrations/crossTenantMigrationJobs/{crossTenantMigrationJobId}/validate endpoint to trigger the validation of an existing cross-tenant migration job. Removed the displayName parameter from the validate method. Removed the completeAfterDateTime parameter from the validate method. Removed the sourceTenantId parameter from the validate method. Removed the exchangeSettings parameter from the validate method. Removed the workloads parameter from the validate method. Removed the resourceType parameter from the validate method. Removed the resources parameter from the validate method.
betaMicrosoft GraphSecurity
Added the policyTip member to the dlpAction enumeration. Removed the overrideOption property from the notifyUserAction resource. Removed the policyTip property from the notifyUserAction resource. Added the policyTipAction resource.
betaMicrosoft GraphTasks and plans
Added the historyEntityType enumeration type. Added the historyEventType enumeration type. Added the completionInHostedApp member to the plannerTaskCompletionRequirements enumeration. Added the plannerTaskData resource. Added the plannerTaskDetailsData resource. Added the plannerHistoryItem resource and an associated method. Added the historyItems relationship to the plannerPlan resource. Added the taskHistoryItem resource.
betaMicrosoft GraphTeamwork and communications
Added the cloudVideoInteropInfo resource. Added the cloudVideoInteropInfo property to the onlineMeetingBase resource. Added the cloudVideoInteropInfo property to the onlineMeeting resource. Added the cloudVideoInteropInfo property to the virtualEventSession resource.
betaMicrosoft GraphTeamwork and communications
Added the isRegistrationRequired property to the virtualEvent resource. Added the isRegistrationRequired property to the virtualEventTownhall resource. Added the isRegistrationRequired property to the virtualEventWebinar resource.
v1.0Microsoft GraphIdentity and access
Added the accessPackageSuggestionFilterByCurrentUserOptions enumeration type. Added the accessPackageSuggestionRelatedPeopleInsightLevel enumeration type. Added the approverInformationVisibility enumeration type. Added the approverInformationVisibility property to the accessPackageApprovalStage resource. Added the accessPackageSuggestionReason resource. Added the accessPackageSuggestionRelatedPeopleBased resource. Added the accessPackageSuggestionSelfAssignmentHistoryBased resource. Added the identity resource. Added the accessPackageSuggestion resource. Added the availableAccessPackage resource. Added the controlConfiguration resource. Added the endUserSettings resource. Added the accessPackageSuggestions relationship to the entitlementManagement resource. Added the availableAccessPackages relationship to the entitlementManagement resource. Added the controlConfigurations relationship to the entitlementManagement resource. Added the filterByCurrentUser method to the accessPackageSuggestion resource.
betaMicrosoft GraphTeamwork and communications
Added the meetingType property to the onlineMeetingBase resource. Added the meetingType property to the onlineMeeting resource. Added the meetingType property to the virtualEventSession resource. Added the onlineMeetingType enumeration type.
v1.0Microsoft GraphIdentity and access
Added the roleType enumeration type. Added the type property to the accessPackageResourceRole resource.
betaMicrosoft GraphApplications
Added the redirectUris property to the appManagementApplicationConfiguration resource. Added the redirectUris property to the customAppManagementApplicationConfiguration resource. Added the redirectUriAllowedDomainConfiguration resource. Added the redirectUriAllowedSchemeConfiguration resource. Added the redirectUriBlockedDomainConfiguration resource. Added the redirectUriBlockedSchemeConfiguration resource. Added the redirectUriConfiguration resource. Added the redirectUriPlatformAllowedDomainConfiguration resource. Added the redirectUriPlatformAllowedSchemeConfiguration resource. Added the redirectUriPlatformBlockedDomainConfiguration resource. Added the redirectUriPlatformBlockedSchemeConfiguration resource. Added the redirectUriWildcardConfiguration resource. Added the redirectUriWildcardExcludeFormats resource.
betaMicrosoft GraphSecurity
Added the detectionRuleStatus enumeration type. Added the accountObjectIdAction resource. Added the accountSidAction resource. Added the alertCustomDetails resource. Removed the alertTemplate resource. Deprecated the allowFileResponseAction resource. Added the automatedAction resource. Added the automatedActionSet resource. Deprecated the blockFileResponseAction resource. Deprecated the collectInvestigationPackageResponseAction resource. Removed the detectionAction resource. Added the deviceAction resource. Deprecated the disableUserResponseAction resource. Added the emailAction resource. Added the fileAction resource. Deprecated the forceUserPasswordResetResponseAction resource. Deprecated the hardDeleteResponseAction resource. Deprecated the impactedAsset resource. Deprecated the impactedDeviceAsset resource. Deprecated the impactedMailboxAsset resource. Deprecated the impactedUserAsset resource. Deprecated the initiateInvestigationResponseAction resource. Added the isolateDeviceAction resource. Deprecated the isolateDeviceResponseAction resource. Deprecated the markUserAsCompromisedResponseAction resource. Added the mitreTactic resource. Added the mitreTechnique resource. Deprecated the moveToDeletedItemsResponseAction resource. Deprecated the moveToInboxResponseAction resource. Deprecated the moveToJunkResponseAction resource. Added the deviceGroups property to the organizationalScope resource. Deprecated the organizationalScope resource. Deprecated the organizationalScope resource. Deprecated the queryCondition resource. Deprecated the responseAction resource. Deprecated the restrictAppExecutionResponseAction resource. Added the frequency property to the ruleSchedule resource. Deprecated the ruleSchedule resource. Deprecated the ruleSchedule resource. Deprecated the runAntivirusScanResponseAction resource. Deprecated the runDetails resource. Deprecated the softDeleteResponseAction resource. Added the stopAndQuarantineFileAction resource. Deprecated the stopAndQuarantineFileResponseAction resource. Added the accountEntityMapping resource. Added the alertTemplate resource. Added the amazonResourceEntityMapping resource. Added the azureResourceEntityMapping resource. Added the cloudApplicationEntityMapping resource. Added the detectionAction resource. Added the createdBy property to the detectionRule resource. Added the createdDateTime property to the detectionRule resource. Added the description property to the detectionRule resource. Removed the detectionAction property from the detectionRule resource. Deprecated the detectionRule resource. Added the displayName property to the detectionRule resource. Added the id property to the detectionRule resource. Added the isEnabled property to the detectionRule resource. Added the lastModifiedBy property to the detectionRule resource. Added the lastModifiedDateTime property to the detectionRule resource. Deprecated the detectionRule resource. Added the status property to the detectionRule resource. Added the detectionAction relationship to the detectionRule resource. Added the dnsEntityMapping resource. Added the entityMapping resource. Added the entityMappingConfiguration resource. Added the fileEntityMapping resource. Added the googleCloudResourceEntityMapping resource. Added the hostEntityMapping resource. Added the ipEntityMapping resource. Added the mailboxEntityMapping resource. Added the mailClusterEntityMapping resource. Added the mailMessageEntityMapping resource. Added the oAuthApplicationEntityMapping resource. Added the processEntityMapping resource. Removed the protectionRule resource. Added the registryValueEntityMapping resource. Added the securityGroupEntityMapping resource. Added the urlEntityMapping resource.
betaMicrosoft GraphIdentity and access
Added the customTaskExtensionReplyMode enumeration type. Added the extensibility member to the lifecycleTaskCategory enumeration. Added the extensibility member to the lifecycleWorkflowCategory enumeration. Added the provisioningObject member to the subjectType enumeration. Added the extensibilityOnDemand member to the workflowExecutionType enumeration. Added the attributeSetEntry resource. Added the awaitedWorkflowProcessingResult resource. Added the targetSubject property to the customTaskExtensionCalloutData resource. Added the customTaskExtensionResponseData resource. Added the provisioningAttributeMapping resource. Added the provisioningObjectWorkflowSubject resource. Added the workflowSubject resource. Added the replyMode property to the customTaskExtension resource. Added the subjectProcessingResults relationship to the run resource. Added the subjectProcessingResult resource. Added the subjectProcessingResults relationship to the taskReport resource. Added the workflowSubject property to the taskProcessingResult resource. Added the activateAndWait method to the workflow resource. Added the List subjectProcessingResults method to the run resource. Added the List subjectProcessingResults method to the taskReport resource. Added the Get subjectProcessingResult method to the subjectProcessingResult resource.
betaMicrosoft GraphMail
Added the distributionList resource type. Added the distributionListMember resource type. Added the member complex type. Added the recipientType enumeration type. Added the distributionLists relationship to the user resource. Added the List distributionLists method to the user resource. Added the Create distributionList method to the user resource. Added the Get distributionList method. Added the Update distributionList method. Added the Delete distributionList method. Added the addMembers method to the distributionList resource. Added the deleteMembers method to the distributionList resource. Added the List distributionListMembers method. Added the Get distributionListMember method.
v1.0Microsoft GraphSecurity
Added the microsoftSecurityForAI member to the serviceSource enumeration type for the alert resource.
v1.0Microsoft GraphPeople and workplace intelligence
Added the isVisible property to the profileCardProperty resource.
betaMicrosoft GraphSecurity
Added the tenantId property to the userAccount resource.
v1.0Microsoft GraphSecurity
Added the tenantId property to the userAccount resource.
v1.0Microsoft GraphSecurity
Added the correlationReason enumeration type. Added the mergeResponse resource. Added the mergeIncidents method to the incident resource. Added the moveAlerts method to the alert resource.
betaMicrosoft GraphIdentity and access
Added the delegatedBy property to the accessReviewInstance resource to identify the users who delegated an access review to the current reviewer. Added the delegatedBy property to the accessReviewInstanceDecisionItem resource to identify the users who delegated an access review to the current reviewer. Added the directReviewer member to the filter options for the accessReviewScheduleDefinition: filterByCurrentUser , accessReviewInstance: filterByCurrentUser , accessReviewStage: filterByCurrentUser , and accessReviewInstanceDecisionItem: filterByCurrentUser APIs to return items directly assigned to the current reviewer. Added the delegatedReviewer member to the filter options for the accessReviewScheduleDefinition: filterByCurrentUser , accessReviewInstance: filterByCurrentUser , accessReviewStage: filterByCurrentUser , and accessReviewInstanceDecisionItem: filterByCurrentUser APIs to return items delegated to the current reviewer.
betaMicrosoft GraphReports
Added the passwordSubmit member to the authenticationEventType enumeration.
betaMicrosoft GraphFiles
Added the Get fileStorageContainer permission method to the fileStorageContainer resource. Updated the Update fileStorageContainer permission method to support the PATCH /storage/fileStorage/containers/{containerId}/permissions(email='{email}') and PATCH /storage/fileStorage/containers/{containerId}/permissions(userPrincipalName='{userPrincipalName}') endpoints. Updated the Delete fileStorageContainer permission method to support the DELETE /storage/fileStorage/containers/{containerId}/permissions(email='{email}') and DELETE /storage/fileStorage/containers/{containerId}/permissions(userPrincipalName='{userPrincipalName}') endpoints.
betaMicrosoft GraphFiles
Added the @microsoft.graph.conflictBehavior annotation parameter to the Create fileStorageContainer permissions method to control the behavior when an identity already exists with a different role. Specify fail to return a 409 Conflict error, or replace to update the existing role.
v1.0Microsoft GraphFiles
Added the Get fileStorageContainer permission method to the fileStorageContainer resource.
v1.0Microsoft GraphFiles
Added the @microsoft.graph.conflictBehavior annotation parameter to the Create fileStorageContainer permissions method to control the behavior when an identity already exists with a different role. Specify fail to return a 409 Conflict error, or replace to update the existing role.
betaMicrosoft GraphSecurity
Added the microsoftSecurityForAI member to the serviceSource enumeration type for the alert resource.
v1.0Microsoft GraphSecurity
Added the recipientType enumeration type. Added the caseMembers relationship to the ediscoveryCase resource. Added the ediscoveryCaseMember resource.
v1.0Microsoft GraphSecurity
Added the retryPolicy method to the ediscoveryHoldPolicy resource.
betaMicrosoft GraphDevice and app management
Added new supported media sizes to the mediaSizes property of the printerCapabilities resource.
betaMicrosoft GraphCalendars
Added the workHoursAndLocationsSetting resource and associated methods. Added the workPlanRecurrence resource and associated methods. Added the workPlanOccurrence resource and associated methods. Added the timeOffDetails resource type. Added the workLocationType enumeration type. Added the maxWorkLocationDetails enumeration type. Added the workLocationUpdateScope enumeration type. Added the workHoursAndLocations relationship to the userSettings resource. Added the occurrencesView method to the workHoursAndLocationsSetting resource. Added the setCurrentLocation method to the workPlanOccurrence resource.
betaMicrosoft GraphReports
Removed the conditionalAccessAudience resource type.
betaMicrosoft GraphTeamwork and communications
Added the layoutType property to the channel resource. Added the channelLayoutType enumeration to the channel resource. The enumeration defines layout types for channels with values post (traditional post-reply), chat (chat-like threading), and unknownFutureValue . Updated the Create channel method to support the layoutType optional property in the request body. Users can now specify the channel layout type during creation. Updated the Update channel method to support updating the layoutType property. Users can switch between post and chat layouts at any time.
betaMicrosoft GraphApplications
Added the isDisabled property to the application resource. Added the isDisabled property to the servicePrincipal resource.
v1.0Microsoft GraphIdentity and access
Added the adhocCalls relationship to the user resource.
betaMicrosoft GraphCalendar
Added the placeOperationStatus enumeration type. Added the placeExecutionResult resource. Added the placeOperationProgress resource. Added the children relationship to the place resource and its derived types. Added the placeOperation resource and associated methods. Added the getOperation method to the place resource. Added the Upsert places method to the place resource. Added the listOperations method to the place resource.
v1.0Microsoft GraphTeamwork
Added the adhocCall resource. Added the adhocCalls relationship to the cloudCommunications resource.
betaMicrosoft GraphTeamwork and communications
Removed the POST /users/{usersId}/presence/clearAutomaticLocation (application) and POST /communications/presences/{presenceId}/clearAutomaticLocation endpoints from the clearAutomaticLocation method. Removed the POST /users/{usersId}/presence/clearLocation (application) and POST /communications/presences/{presenceId}/clearLocation endpoints from the clearLocation method. Removed the POST /users/{usersId}/presence/setAutomaticLocation and POST /communications/presences/{presenceId}/setAutomaticLocation endpoints from the setAutomaticLocation method. Removed the POST /users/{usersId}/presence/setManualLocation and POST /communications/presences/{presenceId}/setManualLocation endpoints from the setManualLocation method.
betaMicrosoft GraphApplications
Added the scopeCollectionKind enumeration type. Added the allAllowedScopes resource. Added the enumeratedScopes resource. Added the inheritableScopes resource. Added the noScopes resource. Added the inheritablePermission resource.
betaMicrosoft GraphMail
Added the structuredDataEntryValueType enumeration type. Added the structuredDataEntry resource. Added the structuredDataEntryTypedValue resource. Added the userConfiguration resource. Added the structuredData property to the userConfiguration resource. Added the xmlData property to the userConfiguration resource. Added the binaryData property to the userConfiguration resource. Added the Create method to the mailFolder resource. Added the Get method to the userConfiguration resource. Added the Update method to the userConfiguration resource. Added the Delete method to the userConfiguration resource. Added the userConfigurations relationship to the mailFolder resource.
betaMicrosoft GraphExternal data connections
Added the personEmails member to the label enumeration. Added the personAddresses member to the label enumeration. Added the personAnniversaries member to the label enumeration. Added the personName member to the label enumeration. Added the personNote member to the label enumeration. Added the personPhones member to the label enumeration. Added the personCurrentPosition member to the label enumeration. Added the personWebAccounts member to the label enumeration. Added the personWebSite member to the label enumeration. Added the personSkills member to the label enumeration. Added the personProjects member to the label enumeration. Added the personAccount member to the label enumeration. Added the personAwards member to the label enumeration. Added the personCertifications member to the label enumeration. Added the personAssistants member to the label enumeration. Added the personColleagues member to the label enumeration. Added the personManager member to the label enumeration. Added the personAlternateContacts member to the label enumeration. Added the personEmergencyContacts member to the label enumeration.
betaMicrosoft GraphTeamwork and communications
Added the Get member from channel allMembers collection method to the channel resource.
betaMicrosoft GraphIdentity and access
Added the purviewInsiderRiskManagementLevel enumeration type. Added the riskLevel enumeration type. Added the controlConfiguration resource. Added the controlConfigurations relationship to the entitlementManagement resource. Added the entraIdProtectionRiskyUserApproval resource. Added the insiderRiskyUserApproval resource.
betaMicrosoft GraphReports
Added the microsoftRevokedSessions member to the riskDetail enumeration.
betaMicrosoft GraphIdentity and access
Added the microsoftRevokedSessions member to the riskDetail enumeration.
betaMicrosoft GraphFiles
Added the sharePointMigrationTaskStatus enumeration type. Added the sharePointGroupMigrationTaskParameters resource. Added the sharePointMigrationTaskParameters resource. Added the sharePointSiteMigrationTaskParameters resource. Added the sharePointUserMigrationTaskParameters resource. Added the crossOrganizationMigrationTasks relationship to the sharePointMigrationsRoot resource. Added the sharePointMigrationTask resource and associated methods. Added the cancel method to the sharePointMigrationTask resource. Added the getBySourceGroupMailNickname method to the sharePointMigrationTask resource. Added the getBySourceSiteUrl method to the sharePointMigrationTask resource. Added the getBySourceUserPrincipalName method to the sharePointMigrationTask resource. Added the groupIdentity resource.
v1.0Microsoft GraphCalendar
Added the resourceLinkType enumeration type. Added the assignedPlaceMode resource. Added the dropInPlaceMode resource. Added the importBuildingMapSetting resource. Added the mailboxDetails resource. Added the placeMode resource. Added the reservablePlaceMode resource. Added the resourceLink resource. Added the baseMapFeature resource. Added the building resource. Added the buildingMap resource. Added the desk resource. Added the fixtureMap resource. Added the floor resource. Added the footprintMap resource. Added the levelMap resource. Added the isWheelChairAccessible property to the place resource. Added the label property to the place resource. Added the parentId property to the place resource. Added the tags property to the place resource. Removed the isWheelChairAccessible property from the room resource. Removed the label property from the room resource. Removed the tags property from the room resource. Added the workspaces relationship to the roomList resource. Added the section resource. Added the sectionMap resource. Added the unitMap resource. Added the workspace resource. Added the ingestMapFile method to the building resource. Added the descendants method to the place resource.
betaMicrosoft GraphIdentity and access
Added the onPremAuthenticationPolicy resource. Added the onPremAuthenticationPolicies relationship to the policyRoot resource.
v1.0Microsoft GraphFiles
Added the migrationJobs relationship to the fileStorageContainer resource. Added the provisionMigrationContainers method to the fileStorageContainer resource. Added the sharePointMigrationJobErrorLevel enumeration type. Added the sharePointMigrationObjectType enumeration type. Added the sharePointMigrationContainerInfo resource type. Added the sharePointMigrationEvent resource and an associated method. Added the sharePointMigrationFinishManifestFileUploadEvent resource type. Added the sharePointMigrationJob resource and associated methods. Added the sharePointMigrationJobCancelledEvent resource type. Added the sharePointMigrationJobDeletedEvent resource type. Added the sharePointMigrationJobErrorEvent resource type. Added the sharePointMigrationJobPostponedEvent resource type. Added the sharePointMigrationJobProgressEvent resource type. Added the sharePointMigrationJobQueuedEvent resource type. Added the sharePointMigrationJobStartEvent resource type.
betaMicrosoft GraphIdentity and access
Added the accessPackageSuggestionFilterByCurrentUserOptions enumeration type. Added the accessPackageSuggestionRelatedPeopleInsightLevel enumeration type. Added the approverInformationVisibility enumeration type. Added the approverInformationVisibility property to the accessPackageApprovalStage resource. Added the accessPackageSuggestionReason resource. Added the accessPackageSuggestionRelatedPeopleBased resource. Added the accessPackageSuggestionSelfAssignmentHistoryBased resource. Added the approverInformationVisibility property to the approvalStage resource. Added the identity resource. Added the accessPackageSuggestion resource. Added the availableAccessPackage resource. Added the endUserSettings resource. Added the accessPackageSuggestions relationship to the entitlementManagement resource. Added the availableAccessPackages relationship to the entitlementManagement resource. Added the filterByCurrentUser method to the accessPackageSuggestion resource.
betaMicrosoft GraphTeamwork and communications
Added the workLocationSource enumeration type. Added the workLocationType enumeration type. Added the userWorkLocation resource. Added the workLocation property to the presence resource. Added the clearAutomaticLocation method to the presence resource. Added the clearLocation method to the presence resource. Added the setAutomaticLocation method to the presence resource. Added the setManualLocation method to the presence resource.
v1.0Microsoft GraphIdentity and access
Added the userInactivityTrigger resource.
betaMicrosoft GraphIdentity and access
Added the isApproverInformationVisible enumeration type to control the visibility of approver information to requestors. Added the isApproverInformationVisible property to the unifiedApprovalStage resource for PIM role activation requests to control whether approver information is visible to requestors.
GAMicrosoft Entra IDAuthentications (Logins)
Windows has many user experiences that use webview’s to gather web information to present web information to users that looks like native content. One of the common scenarios for this is for authentication flows, where a user is prompted for their username and provides credentials.
GAMicrosoft Entra IDEntra Connect
When Microsoft Entra Connect adds new objects from Active Directory, the Microsoft Entra ID service tries to match the incoming object with an Entra object by looking up the incoming object’s sourceAnchor value against the OnPremisesImmutableId attribute of existing cloud managed objects in Microsoft Entra ID. If there's a match, Microsoft Entra Connect Sync takes over the source or authority (SoA) of that object and updates it with the properties of the incoming Active Directory object in what
PreviewMicrosoft Entra IDB2C - Consumer Identity Management
The Just-in-Time (JIT) Password Migration feature is designed to provide a seamless and secure experience for customers transitioning to Microsoft Entra External ID. This capability enables external identity providers to migrate user credentials during sign-in, eliminating the need for bulk password resets and minimizing disruption for end users. When a user meets the migration conditions at sign-in, their credentials are securely transferred as part of the process, ensuring continuity and reduc
PreviewMicrosoft Entra IDInternet Access
Block prompt injection attacks to enterprise GenAI apps in real-time with universal policy controls, extending Azure AI Prompt Shield to all network traffic. For more information, see: Protect enterprise generative AI apps with prompt injection protection (preview).
PreviewMicrosoft Entra IDB2B
You can now enable the B2B guest access feature for your guest users with the Global Secure Access client, signed in to their home organization's Microsoft Entra ID account. The Global Secure Access client automatically discovers partner tenants where the user is a guest and offers the option to switch into the customer's tenant context. The client routes only private traffic through the customer's Global Secure Access service. For more information, see: Learn about Global Secure Access External
PreviewMicrosoft Entra IDN/A
Microsoft Security Copilot in Microsoft Entra now supports data exploration when prompts return datasets with more than 10 items. This feature is in preview and available for select Microsoft Entra scenarios. From the Copilot chat response, select Open list to access a comprehensive data grid. This allows you to explore large datasets with complete and accurate results, enabling more efficient decision-making. Each data grid displays the underlying Microsoft Graph URL, helping you verify query a
PreviewMicrosoft Defender XDR
The Identity Security dashboard now includes a new Human identities card that shows your human identities by source (Entra ID, SaaS, and on-premises), giving you a single view of where your human identities live. For more information, see Identity Security dashboard.
PreviewMicrosoft Defender XDR
On the Coverage and maturity page, the Review and improve coverage side panel for SaaS Identities now includes an Observed column and a Show Only Observed Applications toggle. By default, the panel shows only SaaS applications detected in your environment. Turn off the toggle to see other supported SaaS applications you can onboard to expand your identity coverage. For more information, see Coverage and maturity.
PreviewMicrosoft Defender XDRAdvanced Hunting
Local AI agent discovery on Windows endpoints: as part of the Defender AI agents experience, Microsoft Defender now automatically discovers supported local AI agents running on onboarded Windows devices - including coding agents and IDE extensions, desktop AI assistants, local AI runtimes, and agent platforms. Discovered agents appear as assets in the AI agent inventory, exposure map, and advanced hunting, giving security teams visibility into local AI agent usage across the organization. For more information, see Discover local AI agents.
PreviewMicrosoft Defender XDRDefender for Endpoint
Local AI agent runtime protection on Windows endpoints: as part of the Defender AI agents experience, runtime protection for supported local AI agents on Windows endpoints is now available in public preview. Microsoft Defender inspects the agent loop (user prompts, tool calls, and tool responses) and can block risky activity before it executes, helping stop prompt injection and unsafe agent actions at the device level. Blocked and audited events appear as alerts in Microsoft Defender to support incident correlation and investigation workflows. For more information, see Set up AI agent runtime protection with Microsoft Defender for Endpoint.
GAMicrosoft Defender XDRDefender for CloudAdvanced Hunting
The following advanced hunting schema tables are now generally available: The `CloudAuditEvents` table contains information about cloud audit events for various cloud platforms protected by the organization's Microsoft Defender for Cloud. The `CloudDnsEvents` table contains information about DNS activity events from cloud infrastructure environments. The `CloudProcessEvents` table contains information about process events in multicloud hosted environments.
PreviewMicrosoft Defender XDRAdvanced Hunting
The `AgentsInfo` table in advanced hunting is now available in preview. The `AIAgentsInfo` table is transitioning to this new table, which provides a unified schema that supports agent inventory and governance for all agent types, including Copilot Studio, Microsoft Foundry, Microsoft 365 Copilot, third-party, and endpoint-discovered agents. Microsoft Agent 365 customers should use the `AgentsInfo` table today. The `AIAgentsInfo` table remains accessible until July 1, 2026. Update your queries to use `AgentsInfo` before this date. For more information, see Advanced hunting schema - Naming changes.
CriticalExploitedExchange Server
Spoofing · Critical · CVSS 8.1 · Exploited in the wild. Affects: Exchange Server.
LowExploitedMicrosoft Defender Antimalware Platform
Denial of Service · Low · CVSS 4 · Exploited in the wild. Affects: Microsoft Defender Antimalware Platform.
In developmentMicrosoft Teams
Extending the admin controls provided for managing external AI bots and regulating their access to your meetings, we are adding the option to automatically block all identified bots.
In developmentMicrosoft Viva
We are introducing a new feature for leaders and analysts of Viva Insights, where they can view a Power BI report, and edit time range, filters, attributes and change visuals as per their organizations' needs. They can then save the report for viewing later.
In developmentMicrosoft VivaMicrosoft Copilot (Microsoft 365)
Insights into AI spend (Copilot credit usage) at a group or team level will be available in Viva Insights as a dashboard and in Advanced insights. The services in scope of this release are Cowork and Work IQ API. The dashboard experience is available to managers with at least 5 direct reports (scoped access), the Insights analysts, and Global administrators and is enabled by default to ensure immediate access to usage-based cost insights. For users to be able to use Cowork or WorkIQ API, your tenant must have usage-based billing setup via Cost Management in the Microsoft 365 admin center. Leader access to tenant-wide data is out of scope for this release. The same insights will be available for Insights Analysts and Global Administrators in Advanced Insights.
In developmentMicrosoft Purview
Adaptive Protection in Microsoft Purview helps you protect your organization’s data by integrating dynamic insider risk levels, determined by data related activities, with various policy engines to automatically moving users in and out of policies as their risk levels change over time. The integration with Data Lifecycle Management will automatically apply retention labels to preserve deleted emails and files based on a user’s insider risk level.
In developmentMicrosoft Purview
A new feature will be introduced on the main Classification page, allowing users to test files against all available classifiers to identify the presence of sensitive information. Users will have the option to select a single classifier or run tests across all classifiers. This capability is designed to help users identify sensitive content within files and troubleshoot classification issues more efficiently.
In developmentOneNote
Capture on Windows helps you bring conversations and ideas from meetings, brainstorming sessions, and everyday work into Copilot Notebooks. Capture audio, images, and notes in one experience, then let Copilot turn them into structured notes with key insights, decisions, and action items, in a Copilot Notebook of your choice
In developmentMicrosoft Purview
A new export functionality will be introduced in two locations: the Data Loss Prevention > Policies page and the Information Protection > Label publishing policies page. This feature will allow users to export their existing DLP configurations and label policies, including schema, as a downloadable ZIP file. The exported file can be attached to support tickets to accelerate troubleshooting.
In developmentMicrosoft 365 app
Copilot Notebooks in the Microsoft 365 Copilot app (iOS) now lets users organize related chats, output creations, and references into a persistent AI workspace. Copilot uses the Notebook's accumulated context to ground responses, so work continues across sessions instead of starting over each time.
In developmentOneDrive
OneDrive is making it easier to find and work with files across Microsoft 365. We're refreshing the filtering experience across OneDrive Web, updating existing filters in views like Home, Shared, People, Meetings, and Favorites to support multiple filters at once, and bringing those same filtering capabilities to folder-based experiences such as My files and shared folders. Users can also filter content by file type using both filter pills and the filter pane.
We're also bringing the modern SharePoint document library experience to OneDrive Web, with an updated layout, improved navigation, and familiar file management capabilities. Together, these updates make it easier to browse, filter, and manage content, while providing a more seamless experience across OneDrive and SharePoint.
In developmentOneDrive
We're replacing the existing More places experience in OneDrive Web with a refreshed Libraries view. Users can see more recently accessed libraries, navigate to default document libraries for Teams and favorite SharePoint sites, and use new filtering, sorting, and view options.
In developmentOneDrive
Users can now work with SharePoint document library views directly from OneDrive. In addition to switching between existing views, users can create and manage views to customize how library content is organized and displayed. This helps teams surface the information that matters most while staying within the OneDrive experience.
In developmentOneDrive
We’re making it easier for users to find document libraries directly from OneDrive search results. When users search in OneDrive, relevant SharePoint document libraries may appear alongside files and folders, helping users quickly get back to shared team content without needing to navigate across multiple sites.
In developmentMicrosoft Teams
Users can now choose their preferred meeting language in Teams Rooms on Android. Select from up to 69 languages using the language button on the console. The room system must restart after a language is selected.
In developmentOneDriveSharePoint
We’re adding inline commenting support for Markdown files in OneDrive and SharePoint, making it easier for teams to review, discuss, and collaborate on Markdown content directly in Microsoft 365. Users will be able to leave comments on specific parts of a Markdown file and receive notifications when they are mentioned or when there is activity that needs their attention.
In developmentOutlook
Outlook on the web and the new Outlook for Windows now support will support new settings for loading external images. New settings will allow customers to block all external content, or to load all content by default if the customer admin allows. Existing default behavior will not be changed (load external content only for safe senders).
In developmentMicrosoft Teams
Teams Rooms on Windows users can now benefit from next generation IntelliFrame features on certified AI-capable cameras with on-device video processing. With IntelliFrame’s expanded AI data channel, participants experience faster active speaker framing, people recognition and labels, and more responsive meeting views—even when network conditions are limited. These capabilities are available with Teams Rooms Pro.
In developmentOutlook
This feature adds support for exporting PST files into Outlook for Mac.
In developmentMicrosoft Edge
Users can now sign in to Microsoft Edge using a Google account in addition to the Microsoft account from the profile menu and Edge sign-in screen. Available for Windows and macOS devices. Admins can control availability to this feature using the NonMicrosoftAccountSignInEnabled policy.
In developmentMicrosoft Copilot (Microsoft 365)
A new admin control in the People Skills settings lets administrators permanently remove their organization's People Skills data from the tenant. With this new control, organizations can delete their entire skills library along with all users confirmed, inferred, and imported skills data—giving them full control to offboard from People Skills in support of data governance and compliance needs.
Once deletion is initiated, skills will no longer appear on user profile cards or be used across Microsoft 365 skills-based experiences such as Copilot and Viva. The control is admin-only with no automatic changes.
In developmentMicrosoft Teams
Teams now lets you set and manage reminders directly on chat and channel messages, helping you keep track of important items. Create, update, complete, and delete reminders, track them in a dedicated Reminders view, and receive timely notifications when they become due. Reminders are private to each user and include message context, making them easy to revisit and act on when needed.
In developmentMicrosoft Purview
Endpoint DLP support for FTP and SFTP enables organizations to monitor and protect sensitive data transferred from managed endpoints using FTP and SFTP, helping prevent unauthorized data exfiltration while maintaining visibility and control.
In developmentMicrosoft Purview
Ability to apply Retention labels and policies to items on OneDrive and SharePoint based on when the items were last accessed by an user.
In developmentMicrosoft Purview
Azure PST Import is a migration method that enables PST files stored in Azure Blob Storage to be imported directly into Exchange Online mailboxes. It follows the standard two‑step Exchange Migration Service pattern: an initial analysis phase to validate and assess PST data, followed by execution of the actual migration. The process also involves creating a migration endpoint, running an analysis-only migration batch, using the analysis results to configure the final batch, and then starting the batch to import PST content into target mailboxes.
In developmentOutlook
New Outlook for Windows will extend S/MIME support to shared mailboxes and delegate mailboxes associated with a user's primary account. Users will be able to sign, encrypt, decrypt, and reply to S/MIME-protected messages while working from shared and delegated mailboxes. #newoutlookforwindows
In developmentMicrosoft Purview
This release of eDiscovery features the implementation of customer-managed key (CMK) options, allowing users to manage their own encryption keys for the data included in the direct export workflow in eDiscovery, adding to the Microsoft-managed encryption already in place.
In developmentMicrosoft Viva
This enables users to export Identifiable row-level Copilot metrics from the Copilot Dashboard for reporting and deeper analysis. This capability can be tuned On by Admins in a tenant.
In developmentExcel
Copilot can analyze columns of text to generate related categories or tags. For example, Copilot will find the main themes in survey responses from open-ended questions.
In developmentOneDriveSharePoint
We’re bringing co-authoring and autosave to Markdown files in OneDrive and SharePoint, making it easier for teams to collaborate on Markdown content directly in Microsoft 365. Multiple users will be able to edit the same Markdown file together in the web experience, with changes saved automatically, reducing the risk of lost work and removing the need to manually manage versions.
In developmentOneNote
Copilot Notebook, an AI-powered workspace for a project or topic built on reference materials, is coming to OneNote on Mac. Bring together your work context behind a project in one place.
In developmentMicrosoft Purview
The Data Security Triage Agent in Data Loss Prevention now offers a new sensitive data remediation function, which empowers organizations to proactively identify and remediate sensitive information—such as Social Security Numbers, passwords, and credit card data—across thousands of files stored in SharePoint or OneDrive locations, dramatically increasing the percentage of remediated files with sensitive information, resulting in reduced compliance risk. Seamlessly integrated with Microsoft Purview, this new agent function automatically detects file(s) with a Data Loss Prevention (DLP) policy match “Needs Attention” alerts and pushes a remediation notification to the end user who last modified the file guiding them to remove sensitive data through targeted Microsoft Teams messages. Its’ closed-loop workflow ensures that remediation progress is tracked and confirmed, giving admins real-time visibility and control via the Data Security Posture Management dashboard. By streamlining sensitive data cleanup and automating user engagement, this agent helps organizations achieve their remediation goals at scale. Let the Data Security Triage Agent handle the heavy lifting of pushing remediation requests directly to the end user, so Purview admins don't have to!
In developmentMicrosoft Teams
We are improving how users request access to apps and agents blocked by admins in Teams by introducing a clear, guided, and end-to-end request experience. This work reduces end-user friction by driving clarity into the request process and notifying users when there's been an update to their request. In addition to enhancements in Teams, we've also improved the admin experience in Teams Admin Center, to simplify the process for admins to review requests and take action. Additionally, we're introducing a new capability to increase admin awareness of new requests, ensuring that user requests don't get stalled.
In developmentMicrosoft Teams
Teams brings desktop-style emoji shortcuts to mobile (iOS and Android), allowing you to insert emojis by typing colon-based commands like :smile:. Real-time autocomplete suggestions help you quickly find the right emoji as you type, while support for custom emojis enables more personalized and expressive communication on the go.
In developmentMicrosoft Teams
Teams now enables links within chat and channel messages to open in a new window, so you can compare information side by side without losing the context of your ongoing conversation. Access this capability through the More options menu or by using Ctrl/Cmd + click.
In developmentMicrosoft Teams
Users can more easily use their laptop for meetings and collaboration in spaces like focus or huddle rooms that don’t yet have a Teams Rooms system. The new room optimization mode replaces shared display mode, has a new location, and enables or disables room-specific features. When room peripherals are connected, Teams can automatically select audio and video devices, enable speaker recognition and shared display, and disable voice isolation.
In developmentMicrosoft Teams
Admins now have a dedicated dashboard in the Teams Admin Center to view Interpreter usage across their organization. Track adoption and usage trends in one place to better understand how Interpreter is being used.
In developmentMicrosoft Purview
AI-powered visibility into DLP policy deployment across devices, helping admins track sync progress and understand enforcement coverage. They proactively identify impacted devices, explain root causes of sync failures, and guide admins with recommended actions to quickly diagnose and resolve issues.
In developmentMicrosoft Purview
The Advanced Review Set Explorer empowers reviewers to harness the power of real-time big data analytics on their review set data. This tool enhances data analysis by offering insights such as identifying top item types, spotting patterns, and trends within the review set. Reviewers can utilize powerful Kusto query constructs like complex filtering, pattern-based text extraction, and data format parsing to analyze and find key information specific to their case or organization. The results can then be visualized using various flexible charting solutions, providing a comprehensive understanding of the data's story.
In developmentMicrosoft Teams
Teams now displays assistant information in the Organization view on the profile card and in the Org Explorer, making it easier to identify a key support contact for executive coordination and scheduling. This designation is informational only and does not grant permissions, change roles, or affect organizational hierarchy.
In developmentMicrosoft Teams
We’re excited to announce that the Queues app is now available in the GCC High and DoD clouds. This Teams-native app helps organizations manage customer engagements more efficiently by bringing advanced call queue and auto attendant capabilities directly into Teams. Queues app is a Teams Premium feature. For more information about Queues app, including licensing information, please see Manage Queues app for Microsoft Teams in your organization.
In developmentMicrosoft Teams
Administrators can enable automatic recording and transcription for Teams call queues. When enabled, calls answered by calling representatives are automatically recorded without manual action. Admins configure the feature per queue via Teams admin center or PowerShell, with controls for recording, transcription and agent access to recordings. Recordings are stored in SharePoint and available through the Queues app call history. Note: Queues app requires a Teams Premium license.
In developmentMicrosoft Teams
Microsoft Teams introduces flexible presets for channel notifications, allowing you to choose between All new messages, @mentions and replies, or Mute. You can further customize alerts for unfollowed threads, tags, and channel or team mentions, as well as control banner notifications for the channel. This added flexibility enables you to set notifications to match to your work style and reduce unnecessary distractions.
In developmentMicrosoft Purview
Self-service diagnostics help identify common issues with case permissions, security filters, and policy status. The experience highlights potential misconfigurations and provides simple guidance to help customers understand and resolve them. This brings basic troubleshooting into the product and helps eDiscovery admins overcome common challenges.
In developmentMicrosoft Teams
The meeting recap app brings all your meeting recaps into one place, making it easier to find, filter, and catch up. Quick filters help you surface the right meetings instantly, while audio recap lets you efficiently review multiple meetings at once. You can also browse and revisit any recap from the past 30 days.
In developmentMicrosoft Teams
Make and receive calls using multiple assigned phone numbers directly from your mobile device - choose the right line for every call, with unified call history and seamless switching across all your lines.
In developmentOneDriveSharePoint
Provides a visual heatmap of agent activity to help admins quickly detect patterns, hotspots, and unusual access behavior.
In developmentMicrosoft 365 admin center
With this feature, organizational data source admins receive email notifications when data processing through one of their configured connectors completes successfully or requires attention. Notifications are enabled by default with the option to unsubscribe.
In developmentOutlook
The new Microsoft Outlook for Windows will be available for US Government clouds (GCC-H and DoD sovereign environments).
In developmentOneDrive
OneDrive makes it easy to add shortcuts to the files and folders you use most. Now you can choose to keep those shortcuts neatly together in one place instead of mixed in with everything else. When you add a shortcut, you can send it to a dedicated "Shortcuts" folder rather than your OneDrive root. The folder is created automatically the first time you use it and is easy to spot, with a distinct color and building icon. The Shortcuts folder behaves like any other folder—move it, rename it, share it, or remove it whenever you like.
In developmentMicrosoft Clipchamp
Clipchamp Editor will support simple animations for text layers. Users can apply preset in/out animations, adjust how long the animation lasts, choose its direction, and preview the animated text in the editor prior to exporting. This capability will be available across web and native desktop versions of Clipchamp.
In developmentMicrosoft Purview
The Microsoft Rights Management (RMS) connector is moving from shared-secret authentication to certificate-based authentication, improving its security posture. With this update, administrators configure their own Microsoft Entra app registration and certificate, then use the new PowerShell module to configure the certificate for each workload (Connector, Exchange, SharePoint, and FCI). New PowerShell cmdlets handle certificate import, registry configuration, private-key permissions, and validation. As part of this change, the connector setup no longer provisions an Entra service principal or issues a shared secret on the customer's behalf. Customers should plan to register an Entra ID application and upload a certificate before installing or upgrading the connector.
In developmentMicrosoft Purview
DLP Policy Optimizer uses AI to analyze your organization’s DLP policies, rule structure, and activity signals to identify optimization opportunities that are difficult to detect manually. It highlights overlapping rules, redundant conditions, misconfigurations, and sources of excessive noise, and presents prioritized recommendations with supporting evidence and suggested actions. This enables you to reduce false positives and alert noise, improve policy precision, and simplify policy management with confidence.
In developmentOutlook
MIP-label protected PDFs are now supported in the PDF previewer along with a built-in control's toolbar for easier navigation.
In developmentMicrosoft Teams
Organizers and presenters who have access to production tools will see updated layout options when sharing content in the "Manage what attendees see" experience for Teams events. The available layouts are "Speaker focused", "Content focused", and "Content only". The new Speaker focused layout prioritizes presenter video alongside shared content for greater visibility. This feature is available for Teams events organizers with a Teams Enterprise license. This feature is available on Teams for Windows desktop and Mac desktop.
In developmentMicrosoft Copilot (Microsoft 365)
Outlook Emails as References in Copilot Notebooks bring email content into the notebook experience, enabling users to ground Copilot in the conversations, decisions, and context that drive their work.
By adding emails as knowledge sources, users can connect context from their emails directly to their projects, enriching notebooks beyond files alone and improving downstream outputs like presentations and briefs. Available in Copilot Notebooks across Microsoft 365.
In developmentMicrosoft 365 admin center
We are introducing enhanced access policy management for Organizational Data in Microsoft 365. This update enables admins to release custom attributes to specific users or groups, rather than broadly to all employees or all managers. This provides a more conservative default approach for managing sensitive organizational data, while also supporting staged rollout of new attributes. Additionally, admins can configure whether leaders and managers are permitted to share non-public data with Workforce Insights delegates. This enhancement improves governance, flexibility, and control over organizational data access.
In developmentMicrosoft Copilot (Microsoft 365)
Users can select from multiple voice style options for their voice experience in M365 Copilot.
In developmentMicrosoft Teams
Admins will be able to manage Teams built-in agents across core Teams experiences, including chats, channels, and meetings, through a dedicated experience in the Teams admin center. From a centralized location, admins can control agents’ availability for users and groups. These agents will be enabled by default for licensed users and managed independently from org-wide Microsoft app settings.
In developmentMicrosoft Purview
Enable aggregation of DLP alerts based on common entities user even when multiple rules are matched. This feature should consolidate related alert events into a single alert object to: Reduce alert noise, simplify investigation workflows, enhance contextual understanding of violations.
In developmentMicrosoft Teams
Teams enables search directly within the compose box using @mentions, allowing you to quickly find and insert Files, Chats, Channels, and Meetings without leaving your message. By extending @mentions beyond people, Teams provides a more unified and efficient way to reference content in context. This experience reduces context switching and helps streamline collaboration within conversations.
In developmentMicrosoft Copilot (Microsoft 365)
Enables metered, pay‑as‑you‑go access to Work IQ endpoints, allowing developers to invoke agents and capabilities without requiring pre‑assigned licenses, with usage billed based on the agents and models invoked per request.
In developmentOneDriveMicrosoft Copilot (Microsoft 365)
Copilot Suggested Rename is an AI-powered OneDrive feature that automatically recommends clear, descriptive file names based on a file’s content—helping users organize and find their files more easily with minimal effort. What the feature does:
- Analyzes the content of a file to generate context-aware filename suggestions
- Presents 3 recommended names directly within the rename dialog
- Allows users to pick a suggestion with a single click
Where it shows up:
- Within the rename dialog for supported files
- Within the post-upload toast notification when a single supported file is uploaded
Supported file types:
- Microsoft Office documents
Word (DOCX)
PowerPoint (PPTX)
Excel (XLSX)
- Other document formats
PDF
Markdown (MD)
- Images
In developmentOutlook
When sorting on Outlook for Web or Outlook for Windows, if the Sort By field is not one of From, Subject, or Date Received, we will now show an additional column for the Sort By value (e.g., Size). We will also support sorting by Flag Due Date.
In developmentMicrosoft Purview
We’re introducing a new unified alert triage experience in Insider Risk Management that brings agent‑driven insights directly into the standard Alerts queue. With this update, analysts can view agent categorizations alongside traditional alert filters and columns in a single, consolidated workflow. The updated alert details panel, enables faster investigation and action from the alerts list page by embedding agent insights directly into the alert experience. To support customer transition, the existing alert and agent triage experience will remain available for 60 days and can be accessed via the Alerts tabs under Users in the left navigation. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
We’re introducing a new collaboration capability in Insider Risk Management that enables analysts and investigators to add notes directly within alerts. With this feature, users can document investigation progress, share findings, and capture key context throughout the triage process. In addition to manually added notes, system‑generated notes will automatically record updates such as alert status changes or user assignments — helping teams maintain a clear and auditable investigation timeline. By centralizing investigation history directly within alerts, this update helps improve collaboration and ensures all stakeholders stay aligned throughout the investigation lifecycle. These note enhancements will also be made available in Cases. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
We’re enhancing the User section within Insider Risk Management alerts to provide investigators with more contextual user profile and risk attributes directly within their workflow. With this update, analysts can now view key user details such as employee type, office location, start date, policy inclusion, priority user group status, and last working day—helping them build a more complete understanding of the user during investigations without navigating away from the alert experience. This feature will be available as part of the new alert workflow through the Alert Details panel. Additional user attributes will continue to be introduced over time, with pseudo‑anonymization honored to support privacy‑by‑design investigation practices. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentOutlook
Outlook for Windows and Outlook for Web will now allow users to modify how the preview text for emails show in the message list. The preview text can now take up 2 lines, 1 whole line, or 0 additional lines.
In developmentOutlook
The All-Accounts view, also known as Unified Inbox, lets you see emails from multiple accounts in a single inbox view in the new Outlook for Windows, without merging your mailboxes. Each account's inbox stays separate; the view brings them together so you can triage in one place. Users can read, delete, move, archive, and mark messages across accounts without switching between mailboxes. The experience integrates with Copilot for AI-assisted email workflows and supports Immersive Search for finding messages across your primary account. Advanced scenarios such as cross-account search and shared mailbox support will follow in later releases.
In developmentMicrosoft Copilot (Microsoft 365)
Feature description: Model Context Protocol (MCP) based agents in Microsoft 365 Copilot Chat will now be able to surface rich, interactive UI widgets directly within chat. This enhancement enables developers to deliver more engaging and structured agent interactions. Users will experience these widgets when interacting with agents that implement them, and admins will continue to manage these agents through the Microsoft 365 Admin Center.
In developmentMicrosoft Copilot (Microsoft 365)
We’re introducing support for Model Context Protocol (MCP)-based agents in Microsoft 365 Copilot . This update enables developers to build Copilot agents using MCP servers and allows users to interact with these agents using familiar experiences. This change supports extensibility and improves agent capabilities for organizations.
In developmentMicrosoft Copilot (Microsoft 365)
Declarative Agents with Actions enable Microsoft 365 Copilot to take real-world actions by invoking APIs, plugins, and enterprise workflows directly within the chat experience. Using custom actions, declarative agents can call external systems, execute operations, and retrieve or update data, moving beyond Q&A to full task completion. These actions are powered through API plugins, MCP tools, and enterprise connectors, allowing seamless integration with line-of-business applications and services. The Copilot platform dynamically reasons over available actions and selects the appropriate tool to fulfill user intent, enabling multi-step workflows such as creating records, submitting requests, or triggering business processes within a single conversational flow
In developmentMicrosoft Purview
Endpoint DLP now includes a pre curated list of file extensions for the file extension condition. Previously, file extensions were entered as free form text, which could result in unsupported or non-scannable extensions being used. This could lead to gaps in protection and increase processing overhead on endpoints. With the pre curated list, you can select only supported file extensions. This helps improve policy reliability and reduces unnecessary processing on endpoints.
In developmentMicrosoft 365 app
The new Copilot Notebooks design in the Microsoft 365 Copilot app now lets users organize related chats, output creations, and references into a persistent AI workspace. Copilot uses the Notebook's accumulated context to ground responses, so work continues across sessions instead of starting over each time. While this is the quicker, light-weight Notebooks experience, you can still find the fuller, workspace-forward experience in OneNote.
In developmentMicrosoft Teams
We are providing a new configuration experience in Teams Admin Center where tenant admins can enable and customize an explicit consent message before joining any meeting hosted in their organization.
In developmentPlanner
A redesigned My Tasks experience that brings your tasks into one place, making it easier to capture work, prioritize what matters, and stay focused. Copilot helps surface your top priorities.
In developmentMicrosoft Copilot (Microsoft 365)
Let people search and query Dataverse business data from Microsoft 365 Copilot.
In developmentOutlook
Users can now collaborate with Copilot to make improvements to email drafts. Select a section of the draft and ask Copilot to make changes, like changing its length, tone, or structure.
In developmentMicrosoft Purview
Endpoint DLP now extends protection to files stored in commonly excluded Windows folders, including Temp and AppData. This helps improve coverage by detecting and protecting sensitive data in these locations.
In developmentMicrosoft Purview
Enable customers to include or exclude users/user groups from Just‑In‑Time (JIT) Audit, ensuring audits are generated only for the selected users or groups.
In developmentOneDrive
New pay-as-you-go, consumption-based meter for additional OneDrive storage. Control which OneDrive accounts can grow beyond their licensed storage limits and give selected users more space as needed.
Rolling outExchangeOutlook
The External tag on an email, set by the ExternalInOutlook feature, will now be usable as a condition in Outlook Inbox Rules. This change also makes available the ability to create or modify these Rules on the new Outlook for Windows, Outlook Web, and Outlook for Mac.
Rolling outMicrosoft Teams
Auto Assign Open Shifts is a Microsoft Teams Shifts feature that automatically fills unassigned (open) shifts for you. It lets managers automatically assign open shifts to available employees instead of doing it manually. The system considers factors like employee availability, approved time off, past scheduling patterns, and scheduling rules (e.g., max hours, rest time); and generates a draft schedule that you can review and adjust before publishing.
In developmentMicrosoft Purview
Retention based file archiving moves inactive content to low-cost storage, lowering costs with no compromise on Compliance, keeping data discoverable and making Copilot results highly relevant.
Rolling outMicrosoft Teams
Easily find keyboard shortcuts with a new searchable experience in Microsoft Teams. Search by shortcut name or enter part of a key combination directly in the dialog.
In developmentMicrosoft 365 appMicrosoft Copilot (Microsoft 365)
Request feedback from Copilot on your Page by selecting "Suggested edits" in the Copilot Shortcuts menu. Copilot will analyze the content on your page and provide actionable suggestions about what you can change to improve clarity and quality of your written content. You can then apply suggestions directly to the page.
Rolling outMicrosoft Teams
Empower Chiefs of Staff and delegated roles to efficiently organize events on behalf of leaders or teams using shared or delegated mailboxes. By sending trusted invites from the chosen mailbox, this capability ensures consistent identity, improved trust, and smoother event setup.
In developmentMicrosoft Purview
Data Lifecycle Management (DLM) billing will be based on the volume of data retained. For example, any number of non‑Microsoft 365 generative AI prompts and responses that collectively amount to 1 GB of retained data will be billed at $0.25 per GB per month (equivalent to ~$0.0082 per GB per day). In the updated model, DLM is billed based on the total volume of text messages managed by a DLM policy. Each non‑Microsoft 365 generative AI prompt and response is treated as an individual text message and is retained and deleted according to the configured Microsoft Purview retention settings. Billing is calculated on the managed text messages in storage, at a rate equivalent to $6 per one million text messages per month. Customer impact Customers will need to migrate from the legacy meter to the new meter. Based on current analysis, the overall cost impact is expected to be cost‑neutral or lower for customers under the new billing model.
In developmentMicrosoft Teams
Users can now upload videos directly into a Teams event or meeting from OneDrive from the "Manage view" options when an organizer has turned on Manage What Attendees See mode. This ensures a smoother high quality video playback with a more consistent experience for attendees.
In developmentMicrosoft Teams
We’re raising the bar on clarity and control with Interpreter. Admins can fully disable voice simulation via PowerShell when needed. Each speaker is automatically assigned a distinct voice, making multi-speaker conversations easier to follow. We’re reducing distractions by showing shimmer effects only to Interpreter users. We’ve added audio notifications to confirm activation, and we’ve introduced in-product feedback mechanisms so users can easily share their input.
Rolling outMicrosoft Teams
Organizers for Teams events instances will now be able to reuse their event configurations in the Events app in Teams. Organizers can save these configurations as a template in the Events app to use again for future Teams events.
In developmentMicrosoft Purview
AI agent skill to detect and alert unhealthy policy sync and device configuration.
In developmentMicrosoft Edge
The protected downloads feature for Intune MAM will now save downloaded files to the Documents > Microsoft Edge > Downloads folder in OneDrive.
In developmentMicrosoft Copilot (Microsoft 365)
Vision in Microsoft 365 Copilot helps you make faster, more informed decisions by understanding context from what you share on screen or camera. Copilot can analyze visual inputs from shared desktop screens and provide detailed insights about the content. You can also use vision on mobile during a real-time voice session to share your device camera, front or back, and ask questions about what is in front of you. Copilot analyzes the live camera feed or desktop screen in real time and provides spoken, context-aware answers grounded in work and web data.
Rolling outMicrosoft Teams
In the Events app in Teams, Teams events organizers will now be able to see if the chosen room or space they have selected for their event is available at the designated time or not. This feature is available for any Teams event organizer with a Teams Enterprise license.
In developmentMicrosoft Edge
Microsoft Edge is introducing support for passkey synchronization for enterprise users, enabling secure, passwordless authentication across devices. Passkeys created in Edge can now be synced seamlessly, improving sign-in experience while maintaining strong security standards.
Rolling outMicrosoft Teams
The chat panel will open by default in gallery view, allowing participants in Teams Room on Android to quickly see ongoing meeting chat when they join. Admins can configure this default device behavior, and users can close the panel in one tap during meetings.
Rolling outMicrosoft Teams
Organizers and presenters who have access to production tools can now upload custom backgrounds in the "Manage what attendees see" experience for Teams events. This enhancement allows organizations to display their brand identity by replacing the default backgrounds with their own images, such as company logos, event-specific artwork, or themed visuals. Custom backgrounds appear behind presenters and content, giving attendees a polished viewing experience. This feature is available for Teams events organizers with a Teams Premium license. This feature is available on Teams for Windows desktop and Mac desktop.
In developmentMicrosoft Purview
When files are opened in Windows, the operating system, and applications (for example, Microsoft Office and browsers) can create, rename, and delete temporary files as part of normal behavior. The Endpoint client audits these activities, resulting in high-volume, low-signal events that appear as “noise” for Insider Risk Management (IRM) customers. While global exclusions exist (file type, keyword, file path, etc.), some temporary file naming patterns are not easily captured with the current exclusions, leaving customers without a practical way to reduce noise without over-excluding. This feature introduces built-in filtering for well-known temporary file name patterns so that Endpoint file operations are excluded from IRM activity explorer and scoring reducing noise allowing customers to focus on the most relevant alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Rolling outMicrosoft Purview
Improves eDiscovery workflows for Loop and Copilot pages by enabling full indexing of page content for keyword search within review sets and adding HTML format support for export from search.
In developmentOutlook
You will now be able to access different Copilot settings directly in classic Outlook for Windows.
LaunchedMicrosoft Edge
Administrators can temporarily roll back specific applications to a previous WebView2 Evergreen Runtime version (N-1 or N-2) using the new Downgrade Version policy in msedgewebview2.admx. This policy allows enterprises to mitigate critical regressions by specifying per-application exe-to-version mappings. The Edge Updater installs the target version side-by-side, and the WebView2 Loader redirects targeted apps accordingly. Downgrades auto-expire with each new WebView2 release: apps pinned to N-1 remain on the same version (now N-2) and auto-update in the next release, while apps pinned to N-2 revert to the current Evergreen version. The policy applies only to enterprise-managed devices (domain-joined or MDM-enrolled).
Rolling outMicrosoft Teams
Presenters can take advantage of proximity join with Teams Rooms on Windows or Android for fast, effortless connection to nearby room systems during Teams events, such as town halls, webinars, and structured meetings. This feature enables seamless live presentations.
Rolling outMicrosoft Teams
The Teams room builder is a user-friendly, visually engaging tool to help IT managers design and configure Teams Rooms traditional, signature, and flex meeting spaces. This feature, available in the Teams Rooms Pro Management portal, enables faster design, standards creation, and rollout. With a variety of equipment options and helpful criteria filters, device and license selection and purchase is simplified. Available with Teams Rooms Pro.
Rolling outMicrosoft Teams
Microsoft Teams on desktop now shows rich link previews when you share SharePoint pages. Links automatically expand into a visually appealing card with a thumbnail image and page description, making it easier to understand and engage with shared SharePoint content directly in Teams.
In developmentMicrosoft Purview
Retention based file archiving moves inactive content to low-cost storage, lowering costs without compromising on Compliance - while keeping data discoverable and Copilot results highly relevant.
In developmentMicrosoft Purview
Ability to select hard delete configuration for a Priority cleanup policy for OneDrive and SharePoint content and skip recycle bins.
In developmentMicrosoft Purview
Microsoft Purview Data Security Investigations (DSI) is extending our investigations by adding optical character recognition (OCR), extracting text from images and incorporating it into investigation data. This enables AI-powered deep content analysis to uncover data security risks that are often hidden within visual content.
In developmentMicrosoft Edge
Microsoft Edge is introducing improvements to help users quickly resolve website issues directly from the browser. When a site is not functioning as expected, users may be guided to relevant troubleshooting options such as adjusting tracking prevention settings (e.g., Strict mode) and reviewing site-specific configurations. This experience surfaces relevant actions in-context to help users restore site functionality without navigating deep into settings.
LaunchedSharePointMicrosoft Copilot (Microsoft 365)
Authoritative Sites feature empowers administrators to designate specific SharePoint sites as official, trusted sources of information. By classifying these sites as authoritative these high-quality, credible content, such as company news, policies, and updates, are prioritized across Copilot Chat and Copilot Search experiences
Rolling outOneNoteMicrosoft Copilot (Microsoft 365)
Meetings as References in Copilot Notebooks bring Teams meeting content into the notebook experience, enabling users to ground Copilot on the discussions, decisions, and context that drive their work. By adding meetings as knowledge sources, users can connect transcripts, notes, chats, and shared content directly to their projects, enriching notebooks beyond files alone and improving downstream outputs like presentations and briefs.
Available in Copilot Notebooks across Microsoft 365.
LaunchedMicrosoft EdgeMicrosoft Copilot (Microsoft 365)
The Microsoft365CopilotChatIconEnabled policy is becoming the standard for configuring Copilot Chat. Extension and sidebar policies will no longer affect the appearance or functionality of Copilot Chat.
In developmentMicrosoft Purview
Today, Insider Risk Management (IRM) provides policy-driven protection for data leaks, data theft, and risky AI usage. However, while policy-driven protections are powerful, customers may not always have clear visibility into where coverage can be optimized or expanded to address latent insider risk.
IRM now provides guidance on what protections are missing or which policy configurations deliver the most incremental value, providing customers with more comprehensive coverage to mitigate their most critical insider risk.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Teams
Microsoft Teams is improving the call transfer experience on desktop (Windows and Mac) with a streamlined workflow that makes transferring calls faster and more intuitive. These changes reduce the number of steps to initiate a transfer and introduce transfer suggestions to help users find the right transfer target more quickly.
Rolling outMicrosoft Teams
Download manager updates in Microsoft Teams make it easier to track file progress with improved visibility, control, and accessibility. You can now open the manager from the title bar or by using a keyboard shortcut, and view downloads without blocking key chat and channel actions.
LaunchedExchange
We're updating dynamic distribution groups (DDGs) in Exchange Online to make group membership available sooner after creation or a filter change. For DDGs with 5,000 members or fewer, membership is now populated as part of the creation or modification operation — no more waiting up to 2 hours.
Rolling outMicrosoft Teams
Microsoft Teams extends Quick Share to images, making it fast and easy to share visual content across chats and channels. With access from hover, right click, overflow menus, and shared tabs, you can quickly copy links or share images while preserving existing permissions.
Rolling outMicrosoft Teams
Microsoft Teams makes it easier to find and attach files by enabling search directly within the quick sharing experience. You can now locate cloud based files while attaching content, reducing friction when sharing files across chats and channels.
In developmentMicrosoft Teams
Large file sharing in Teams today introduces blocking behavior, forcing users to wait for uploads to complete and disrupting real-time collaboration. To improve productivity and reduce perceived latency, we are introducing asynchronous file uploads. This allows users to continue sending messages while the file uploads in the background, enabling a more seamless and uninterrupted collaboration experience.
In developmentMicrosoft 365SharePoint
Recipient groups in eSignature allow a recipient slot to be assigned to multiple people, such that any one of those people can fulfil the signing requirement on behalf of the group.
In developmentOutlook
Users can now bulk select/deselect all calendars within a group on left rail in calendar in #newoutlookforwindows, similar to classic Outlook.
LaunchedOutlook
Users can now see colleagues’ and direct reports’ calendars in the left navigation by default—without manual setup. #newoutlookforwindows
In developmentMicrosoft Edge
When a user performs a search on google.com from a work profile, Microsoft Edge can detect whether organization-specific results are available for that query. When relevant results are found, a banner is shown with a link to explore those work results with Microsoft 365 Copilot. This builds on the existing experience already available on Bing and extends it to Google, helping users seamlessly access work-related information regardless of their search engine. Admins can control access to this feature using the EdgeWorkSearchBannerEnabled policy.
In developmentMicrosoft Teams
A new Security Detection Report in the Teams admin center provides a centralized view of messaging security detections, including impersonation, malicious URLs, and weaponizable file types. Admins can review detection activity in one place and export detailed data to support investigation and response. This capability helps consolidate security signals for Teams messaging scenarios.
Rolling outPowerPointMicrosoft Copilot (Microsoft 365)
You can now create a presentation with Copilot in PowerPoint straight from the PowerPoint Home in file menu.
LaunchedPowerPointMicrosoft Copilot (Microsoft 365)
You can now create a presentation with Copilot in PowerPoint just as you open the PowerPoint web app.
Rolling outPlannerMicrosoft Copilot (Microsoft 365)
Introducing built-in Planner Agent chat with natural language Q&A, smart task discovery, and in-plan task management.
In developmentSharePoint
You can ask AI in SharePoint to create a Word, Excel or PowerPoint file based on the information you've gathered within SharePoint
LaunchedMicrosoft Edge
Microsoft Edge will update the Look and Feel to give customers a unified experience across all of Microsoft AI surfaces including Copilot and Bing. This will change multiple elements of the UX such as spacing, corners, fonts, default colors, etc.
LaunchedMicrosoft Entra
Account discovery provides visibility into who has access to connected applications by discovering local and orphaned accounts and identifying accounts that can be matched to Microsoft Entra ID users.
Account discovery will help administrators identify access that exists outside of Microsoft Entra ID Governance and bring that access under governance—simplifying application onboarding while improving visibility and control over application access.
Rolling outPowerPointMicrosoft Copilot (Microsoft 365)
You can now create a presentation with Copilot in PowerPoint straight from the PowerPoint Home in file menu.
LaunchedMicrosoft Purview
Customers can now access and review the underlying risky prompt and response interactions generated by users during AI usage, even when user anonymization is enabled within Insider Risk Management investigations. This capability ensures that anonymized investigation workflows do not limit visibility into the contextual AI activity associated with potential risk. This enables analysts to effectively investigate detailed AI interactions across the organization. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Rolling outMicrosoft Purview
Data Security Investigations (DSI) is introducing the ability to create custom examination focus areas. This feature will empower admins to tailor examination to their specific needs depending on the type of investigation being performed and the information they are most concerned with. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
In developmentMicrosoft Teams
Users can now report suspicious external users directly within Teams, alongside existing block actions. Reports are surfaced in the Teams admin center, giving admins visibility into potentially risky interactions and enabling them to investigate and take appropriate actions. This enhancement helps organizations respond faster to phishing, impersonation, and other external threats while leveraging end-user signals as an additional layer of protection.
Rolling outMicrosoft 365Microsoft Copilot (Microsoft 365)
Copilot has been enhanced to interpret and ground responses using images embedded in files such as Word documents (.docx), PowerPoint presentations (.pptx), and PDFs. This capability allows Copilot to extract insights from visual elements like charts, diagrams, and screenshots, ensuring that answers are not only text-based but also informed by graphical context. By combining textual and visual understanding, Copilot delivers more comprehensive and contextually accurate responses for complex queries
Rolling outOutlook
Users can now seamlessly import calendar events from ICS files & preview them before importing in three cases: when dragging ICS files directly into the calendar surface, uploading an ICS file ('Add calendar' flow) ICS file via email #newoutlookforwindows.
In developmentMicrosoft Teams
You can now customize the meeting toolbar by pinning, unpinning, and reordering controls to match how you work. Raise Hand is grouped under Reactions to reduce mis-clicks, and Leave is clearly separated on the right. It may feel different at first, but it’s designed to be faster and easier to use.