Microsoft Roadmap, messagecenter and blogs updates from 07-11-2025

Updated November 6, 2025: We have updated the timeline. Thank you for your patience.

Prompt categories will be available in Microsoft Copilot Dashboard in Microsoft Viva Insights on the web to help you understand key Copilot use cases for your organization. In Microsoft Copilot Chat (work), which is grounded in work data, these prompt categories will include Ask and find, Catch up, Draft and brainstorm, and Other. These metrics will be added to the metrics library in the advanced insights app.

Learn more about Copilot Dashboard licensing requirements in Connect to the Microsoft Copilot Dashboard for Microsoft 365 customers | Microsoft Learn

This message is associated with Microsoft 365 Roadmap ID 486698.

Public Preview: We will begin rolling out in early September 2025 (previously mid-September) and will complete by late September 2025

General Availability (Worldwide): We will begin rolling mid-November 2025 (previously early October) and expect to complete by end of November 2025 (previously early October).

[How this will affect your organization:]

Users enabled to view Copilot dashboard will see these updates:

1. Adoption tab: Prompt categories will be available at Viva Insights > Microsoft Copilot Dashboard > Adoption > Adoption by app > Copilot Chat (work) dropdown:

2. Impact tab: Admins can go to Viva Insights > Microsoft Copilot Dashboard > Impact > Copilot chat card > Explore more button to access the prompt categories as metrics in the Copilot impact trend section and the Comparison between groups section:

This change will be available by default.

[What you need to do to prepare:]

This rollout will happen automatically by the specified dates with no admin action required before the rollout. You may want to notify your admins and/or users about this change and update internal documentation.

Review and assess the impact for your organization. You might consider reviewing with your works council and updating your training and documentation as appropriate.

Learn more: Connect to the Microsoft Copilot Dashboard for Microsoft 365 customers | Microsoft Learn

Updated November 5, 2025: We have updated the timeline for Preview and the content below. Thank you for your patience.

In November 2025, we will expand the passkey (FIDO2) authentication methods policy in Microsoft Entra ID to support passkey profiles in public preview. This update will enable granular, group-based control over passkey configurations and introduce new API schema changes.

[When this will happen:]

Public Preview (Worldwide): We will begin rolling out early November 2025 and expect to complete by late November 2025 (previously early December).

Public Preview (GCC, GCC High, DoD): We will begin rolling out mid-November 2025 and expect to complete by mid-December 2025.

[How this will affect your organization:]

After this rollout, you’ll be able to apply different passkey configurations per user group. For example, you will be able to:

• Allow the use of specific FIDO2 security key models for user group A
• Allow the use of passkeys in Microsoft Authenticator for user group B

Important: If your organization opts-in to the new admin UX, a Default passkey profile will automatically be populated with your existing policy configurations. Once you modify and save the Default passkey profile, the new schema will take effect. If you continue using Graph API or third-party tools to modify the policy, the schema will not change until General Availability.

These new settings will be available at Entra admin center > Home > Security > Authentication methods > Passkey (FIDO2) settings:

As part of this update in November 2025, if Enforce attestation is disabled, we will start accepting security key or passkey providers using the following attestation statements:

• “none” 
• “tpm” 
• “packed” (AttCA type only) 
• Custom attestation formats ≤ 32 characters
• “packed” (self) should be deployed from early January 2026 to early February 2026 

This will allow a wider range of security keys and passkey providers to be accepted for registration and authentication in Microsoft Entra ID. To compare this upcoming update with the current behavior, refer to Microsoft Entra ID attestation for FIDO2 security key vendors

[What you need to do to prepare:]

This rollout will happen automatically by the specified dates with no admin action required before the rollout. You may want to review your current passkey configuration, notify your admins about this change, and update internal documentation.

Learn more about passkeys in Microsoft Entra ID: Enable passkeys for your organization – Microsoft Entra ID | Microsoft Learn (will be updated before rollout)

Updated October 13, 2025: We have updated the content. Thank you for your patience. 

When this will happen: Updated Rollout Schedule for iPhone and iPad

The first phase of this change is in-product notifications in the M365 Copilot app to encourage users who are editing documents to install the Word, PowerPoint, Excel apps. Users who try to browse files or manage their OneDrive libraries will be promoted to install the OneDrive app. This in-app notification will roll out to TestFlight users at the end of August and become generally available the week of September 15, 2025. This is a modification from the initial post to allow our enterprise customers more time to prepare.

The second phase of this change updates the Word, PowerPoint and Excel functionality in the Microsoft 365 Copilot app with previewers that will be made available to TestFlight users only in October and GA rollout will begin mid-October 2025. This will be a gradual, phased rollout that will take about 4 weeks or so to reach 100% of customers. These changes only apply to iPhone for now, iPad will see similar changes with a start of TestFlight in early November, and the start of the GA rollout in mid November. For iPad we will have a phased rollout that gradually ramps up to 100% of GA in about 4 weeks time.

To get early builds and test out features before GA dates – you will need to join the iOS TestFlight program for the Microsoft 365 Copilot app. There are a limited number of seats available in the iOS TestFlight program. We periodically remove inactive users (those who have not updated their build) to make space for others. If you are unable to join because the program is full, please check back later, or contact your Microsoft Support representative. Learn More: Microsoft 365 Insider program on iOS, Become a Microsoft 365 Insider on iOS.

How this affects your organization: Transition to Previewers in the M365 Copilot App for WXP file viewing & File Access & Management

As part of this update, the Microsoft 365 Copilot app for iPhone and iPad will transition to a Copilot powered preview experience for Word, Excel, and PowerPoint. Users will continue to be able to view files and use Copilot Chat to get deeper analysis and insights on their content. If a user needs to edit, the M365 Copilot app will transition to the standalone Word, Excel, or PowerPoint apps. Users of the M365 Copilot app will continue to be able to browse and search recent files in the app, but users seeking comprehensive file management features will be encouraged to utilize the OneDrive app. When users land in the M365 Copilot app Search experience and navigate to the My files, Libraries, or My device entry points a notification will appear promoting the use of the OneDrive app for these actions.

Detailed Change Log: Word, Excel, PowerPoint, M365 Copilot App

• Word, Excel, PowerPoint: The Microsoft 365 Copilot app for iPhone and iPad will a provide a Copilot powered preview experience for documents. Users can view content and use Copilot Chat for file queries. Users who wish to edit the file will be prompted to open or install the standalone apps.
• M365 Copilot App: The M365 Copilot app has evolved to an AI-first productivity assistant that brings together productivity activity across Word, Excel, PowerPoint, Outlook and other Microsoft 365 apps. It gives your users the power of file previews and M365 Copilot chat in an experience that inherits all the security, identity and privacy policies you’ve set up in Microsoft 365.
• Teams, OneDrive, Outlook iOS app integration: These apps on iPhone and iPad will continue to show users a preview of their Word, Excel and PowerPoint files. If users want to open and edit a Word, Excel, or PowerPoint file, they will now be directed to the respective standalone Word, Excel or PowerPoint app. The M365 Copilot app will no longer handle file open and edit operations from Teams, OneDrive or Outlook.
• File Management: Searching for files within the M365 Copilot app will remain available. For advanced file management, users will be directed to the standalone OneDrive app.
• Create Experience: Document creation in the M365 Copilot app will be available from chat. After file creation, users can view the file within M365 Copilot. Editing the document will transition to the standalone WXP apps.
• Offline File Experience: For users who wish to make files available offline, please use the Word, Excel, PowerPoint, and OneDrive apps. “Make Available Offline” is being removed from the M365 Copilot app in favor of Copilot powered previewer experiences.
• PDF Workflows: No changes. PDF handling continues as before in the M365 Copilot app.

What you can do to prepare: Updated Recommendations

• Inform iOS and iPadOS users about the updated file experiences in the M365 Copilot app, and for users who have the need to edit WXP files on their mobile devices, encourage installation of the standalone Word, Excel, and PowerPoint apps.

• The M365 Copilot app should continue to be available to end users as an AI-first productivity assistant. It brings together productivity apps and content with Copilot, Word, Excel, PowerPoint, and more.

• Update all internal documentation and training materials to reflect the revised file handling behavior for the M365 Copilot app across iPhone and iPad (coming soon).

• For organizations using mobile device management (MDM), push the standalone Word, Excel, PowerPoint, and OneDrive apps to managed iOS/iPadOS devices.

• Join the iOS TestFlight program for the M365 Copilot app to get early access to changes

Learn more: Deployment guide: Manage iOS/iPadOS devices in Microsoft Intune

Compliance considerations: Impact on Workflows, Admin Controls, and Metrics

The M365 Copilot app remains a necessary and supported solution for enterprise environments, providing preview and AI-powered chat experiences for Word, Excel, and PowerPoint files. Organizations should continue to manage and deploy the Copilot app to maintain access to Enterprise AI workflows.

Updated November 6, 2025: We have completed GA rollout. Thank you for your patience. 

[Introduction:]

We’re introducing a streamlined experience for the email entity page in Microsoft Defender for Office 365. This update improves how users navigate between email records, reducing friction and enhancing productivity. The changes are based on customer feedback to simplify workflows and reduce time spent switching between tabs.

[When this will happen:]

• Public Preview: We will begin rolling out late September 2025 and expect to complete by late October 2025.
• General Availability (Worldwide): We began rolling out early November 2025 and have completed as of November 6, 2025.

[How this affects your organization:]

Who is affected:

• Security analysts and administrators using Microsoft Defender for Office 365.
• Users accessing email entities via security.microsoft.com (Explorer, Advanced Hunting, Quarantine, etc.).
• This feature is available to tenants licensed with Microsoft Defender for Office 365 Plan 2 or with Microsoft security licenses such as E5 and above.

What will happen:

• Email entity pages will open in a shared browser tab instead of launching a new tab for each record.
• A parent-child relationship is established between the main security.microsoft.com tab and the shared email entity tab. If the same or new email is opened again from the parent tab, it switches to the already-open shared tab.
• If the parent tab is closed or refreshed, this relationship is reset. A new shared email entity tab will be opened the next time an email entity is accessed from the refreshed or newly opened parent tab.
• Navigation positions within each email entity are retained during the session (e.g., Analysis tab vs. Timeline tab).
• A new “Email preview” tab is added alongside “Similar emails,” allowing persistent preview even when switching tabs.
• Each email entity now has a unique URL, enabling direct sharing via Teams or opening in a new browser tab.

[What you can do to prepare:]

• No action is required from end users or administrators.
• You may wish to inform helpdesk staff of the new navigation behavior for email entities.

Learn more: [to be updated] The Email entity page in Microsoft Defender for Office 365 – Microsoft Defender for Office | Microsoft Learn

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Updated November 6, 2025: We have updated the timeline. Thank you for your patience. 

[Introduction]

Microsoft is retiring the themes feature in user settings for Viva Engage. This change removes the ability for users to personalize their Viva Engage interface with custom themes. While usage of themes is low across Viva Engage tenants, this decision was made due to accessibility limitations in the current themes implementation, which conflict with future feature improvements. The retirement now helps pave the way for a new admin-led branding capability that is in development. This new feature will allow organizations to centrally configure visual elements such as logos, brand colors, and names. It is not yet available and will be communicated separately when ready.

Screenshot 1: Themes will no longer appear in Viva Engage settings

[When this will happen:]

This change will be rolled out early January 2026 (previously early November 2025) and completes by late January 2026 (previously mid-November 2025).

[How this affects your organization:]

Who is affected: All Viva Engage users accessing the service via web, desktop apps, Microsoft Teams, or Outlook.

What will happen:

• Users will no longer be able to set personal themes in Viva Engage.
• Existing user-defined themes will be removed, and users will see the default Viva Engage theme.
• This change does not affect mobile apps.

What you can do to prepare:

• No admin action is required. However, we recommend the following:
• Notify your users about the upcoming change to avoid confusion.
• Update internal documentation that references user-set themes in Viva Engage.

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

• Automate case creation and case details during live chats and from incoming emails:When a customer service representative accepts a live chat, the Case Management Agent will automatically create a case and fill in the required information. When the conversation ends, the agent automatically updates the case fields. When automatic record creation (ARC) rules convert an email into a case, the system automatically extracts the required information from the email and populates case fields. The case will stay up to date as the customer sends new emails.
• Automate case resolution: Once the case is created and updated, the Case Management Agent will leverage identified intent to autonomously draft and send email responses after a case is created. This ensures timely communication and resolution of customer issues with minimal human intervention.
• Automate case follow-up and closure: Once resolution is provided, the Case Management Agent sends follow-up emails. When a customer responds, the agent resolves the case or will alert the service representative when needed. These capabilities boost efficiency and closure to reduce case handling time.

Updated November 6, 2025: We have updated the timeline. Thank you for your patience.

[Introduction]

We’re introducing the Agent Dashboard, a new dashboard available as part of Copilot Analytics in Microsoft Viva. This dashboard provides visibility into key agent adoption trends and associated Copilot credit usage. It supports insights into agents used within Microsoft 365 Copilot, which may be:

• Built using Microsoft Copilot Studio, SharePoint, or the Microsoft 365 Agents Toolkit
• Built by employees, your organization, Microsoft, or Microsoft partners

This release also enhances the Adoption tab of the Copilot Dashboard, allowing users to view agent insights directly and access the Agent Dashboard for deeper analysis.

[When this will happen:]

• Public Preview (Worldwide): Begins rolling out in January 2026 (previously late November 2025), expected to complete by end of January 2026 (previously late November 2025).
• General Availability (Worldwide): Begins rolling out in March 2026 (previously early February 2026), expected to complete by end of March 2026 (previously late February 2026).

[How this affects your organization:]

Who is affected:

• Leaders, delegates, adoption specialists, and administrators using Microsoft Viva Insights
• Tenants with at least 50 Microsoft 365 Copilot licenses assigned

What will happen:

• A new Agent Dashboard will be available in Viva Insights under Copilot Analytics
• Users will find:
  • Key adoption metrics with historical trends (up to 6 months):
    • Number of active agents
    • Number of active agent users
    • Number of agent responses
    • Copilot credits used
    • Number of users using Copilot credits
    • Percentage of Copilot users using agents
    Screenshot 1: Key adoption metrics with historical trends, including active agents, active users, agent responses, and Copilot credit usage.

    

  • Monthly and weekly user retention trends, with comparison across groups
  Screenshot 2: Monthly and weekly user retention trends, with comparison across groups.

  

  • Top agents based on the following, with the ability to dive deeper into specific agents:
    • Active user count
    • Agent responses
    • Copilot credits consumed
    Screenshot 3: Agent highlights along with a table of top agents, each with active usage metrics and the ability to dive deeper.

    

    Screenshot 4: Individual agent deep dive page with key adoption metrics and trends over time.

    

• Minimum group size threshold must be met for agent activity insights.
• Learn more: Configure manager settings
• The Adoption tab of the Copilot Dashboard will also include:
  • Contextual insights on how Copilot users are leveraging agents and credits
  • Direct entry points to the Agent Dashboard
  Screenshot 5: Entry points to the Agent Dashboard from the Copilot Dashboard Adoption tab, including agent usage and Copilot credit usage insights.

  

  [What you can do to prepare:]

  • Review and assess the impact for your organization
  • Manage access to the Agent Dashboard using VFAM controls at user, group, and tenant levels (nested under Viva Insights Web app VFAM controls)
  • Consider reviewing with your works council
  • Update training and documentation as needed
  • Additional details will be available on MS Learn once this functionality is released, in a separate Agent Dashboard section: Copilot Analytics introduction

  [Compliance considerations:]

  No compliance considerations identified, review as appropriate for your organization.

Updated November 6, 2025: We have updated the content. Thank you for your patience. 

We’re updating how we bill for mid-term subscription changes to improve clarity and efficiency.

[What’s changing:]

Starting November 13, 2025 changes to existing subscriptions—such as adding or removing licenses, cancellations, and upgrades—will be billed the next day instead of at the beginning of the following month. This change ensures more timely and transparent billing, helping you better track and manage your subscription costs. 

[When this will happen:]

When you see this change will depend on the country/region your account is in. 

• Singapore and Italy: Nov 13 
• Asia-Pacific: Nov 18 
• Worldwide: Jan 6th

[How this will affect your organization:]

If you have an account where your invoices start with a “G” and have purchased directly from Microsoft, your organization will be impacted by this change on the date the change is launched in your region. Purchases made through a partner or a volume licensing agreement are not impacted by this change.

Example

If your account is in Singapore or Italy and you add a license to your subscription on November 13, you will receive an invoice for that additional license on November 14th. Any consumption charges for Azure will continue to be billed on the monthly invoice available at the beginning of the following month. 

Additional details about this change 

During the month your region transitions: 

• If you make no changes after the transition, previous changes remain on their original invoice schedule. 
• If you make changes after the transition, any pending charges from before the transition are invoiced immediately. You’ll also receive a separate invoice for the new changes.

[What you need to do to prepare:]

No action is required. This update will be applied automatically to all eligible subscriptions. 

As mentioned in MC1150664, as part of Microsoft’s ongoing Secure Future Initiative (SFI), starting on or shortly after December 2, 2025, the network service endpoints for Microsoft Intune will also use the Azure Front Door IP addresses. Since Basic Mobility and Security for Microsoft 365 uses Intune infrastructure, customers may need to add Azure Front Door IP addresses, if using a firewall allowlist that allows outbound traffic based on IP addresses or Azure service tags.

Do not remove any existing network endpoints required for Basic Mobility and Security for Microsoft 365. Additional network endpoints are documented as part of the Azure Front Door and service tags information referenced in the files linked below:

• Public clouds: Download Azure IP Ranges and Service Tags – Public Cloud from Official Microsoft Download Center 
• Government clouds: Download Azure IP Ranges and Service Tags – US Government Cloud from Official Microsoft Download Center 

The additional ranges are those listed in the JSON files linked above and can be found by searching for “AzureFrontDoor.MicrosoftSecurity”.

[How this will affect your organization:]

If you have configured an outbound traffic policy for IP address ranges or Azure service tags for your firewalls, routers, proxy servers, client-based firewalls, VPN or network security groups, you will need to update them to include the new Azure Front Door ranges with the “AzureFrontDoor.MicrosoftSecurity” tag. 

Note: The previously available PowerShell scripts for retrieving Microsoft Intune endpoint IP addresses and FQDNs no longer returns accurate data from the Office 365 Endpoint service. Instead, use the consolidated list provided in the Intune endpoints documentation. Using the original scripts or endpoint lists from the Office 365 Endpoint service is insufficient and may lead to incorrect configurations.

[What you need to do to prepare:]

Ensure that your firewall rules are updated and added to your firewall’s allowlist with the additional IP addresses documented under Azure Front Door by December 2, 2025. 

Alternatively, you may add the service tag “AzureFrontDoor.MicrosoftSecurity” to your firewall rules to allow outbound traffic on port 443 for the addresses in the tag. 

If you are not the IT admin who can make this change, notify your networking team. If you are responsible for configuring internet traffic, refer to the following documentation for more details:

• Azure Front Door
• Azure service tags

For network best practices, make sure to check out the blog: Support tip: Aligning network policy with Intune and Zero Trust

If you have a helpdesk, inform them about this upcoming change. If you need additional assistance, contact Microsoft Support and refer to this message center post.

As mentioned in MC1147982, as part of Microsoft’s ongoing Secure Future Initiative (SFI), starting on or shortly after December 2, 2025, the network service endpoints for Microsoft Intune will also use the Azure Front Door IP addresses. This improvement supports better alignment with modern security practices and over time will make it easier for organizations using multiple Microsoft products to manage and maintain their firewall configurations. As a result, customers may be required to add these network (firewall) configurations in third-party applications to enable proper function of Intune device and app management. This change will affect customers using a firewall allowlist that allows outbound traffic based on IP addresses or Azure service tags.

Do not remove any existing network endpoints required for Microsoft Intune. Additional network endpoints are documented as part of the Azure Front Door and service tags information referenced in the files linked below:

• Public clouds: Download Azure IP Ranges and Service Tags – Public Cloud from Official Microsoft Download Center 
• Government clouds: Download Azure IP Ranges and Service Tags – US Government Cloud from Official Microsoft Download Center 

The additional ranges are those listed in the JSON files linked above and can be found by searching for “AzureFrontDoor.MicrosoftSecurity”.

[How this will affect your organization:]

If you have configured an outbound traffic policy for Intune IP address ranges or Azure service tags for your firewalls, routers, proxy servers, client-based firewalls, VPN or network security groups, you will need to update them to include the new Azure Front Door ranges with the “AzureFrontDoor.MicrosoftSecurity” tag. 

Intune requires internet access for devices under Intune management, whether for mobile device management or mobile application management. If your outbound traffic policy doesn’t include the new Azure Front Door IP address ranges, users may face login issues, devices might lose connectivity with Intune, and access to apps like the Intune Company Portal or those protected by app protection policies could be disrupted.

Note: The previously available PowerShell scripts for retrieving Microsoft Intune endpoint IP addresses and FQDNs no longer returns accurate data from the Office 365 Endpoint service. Instead, use the consolidated list provided in the Intune endpoints documentation. Using the original scripts or endpoint lists from the Office 365 Endpoint service is insufficient and may lead to incorrect configurations.

[What you need to do to prepare:]

Ensure that your firewall rules are updated and added to your firewall’s allowlist with the additional IP addresses documented under Azure Front Door by December 2, 2025. 

Alternatively, you may add the service tag “AzureFrontDoor.MicrosoftSecurity” to your firewall rules to allow outbound traffic on port 443 for the addresses in the tag. 

If you are not the IT admin who can make this change, notify your networking team. If you are responsible for configuring internet traffic, refer to the following documentation for more details:

• Azure Front Door
• Azure service tags
• Intune network endpoints
• US government network endpoints for Intune

For network best practices, make sure to check out the blog: Support tip: Aligning network policy with Intune and Zero Trust

If you have a helpdesk, inform them about this upcoming change. If you need additional assistance, contact Microsoft Support and refer to this message center post.

[Introduction]

We’re introducing a new capability in Microsoft Purview Data Lifecycle Management that allows admins to override existing retention policies and delete content from OneDrive and SharePoint Online before the retention or legal hold duration expires. This feature supports organizations managing Copilot-related artifacts—such as Teams recordings and transcripts—independently of OneDrive retention policies, giving admins greater control over how long this content is retained.

This message is associated with Microsoft 365 Roadmap ID 489454.

[When this will happen:]

• General Availability (GCC): We will begin rolling out late November 2025 and expect to complete by early December 2025.
• General Availability (GCC High, DOD): We will begin rolling out late December 2025 and expect to complete by early January 2026.

[How this will affect your organization:]

Who is affected:

• Admins managing OneDrive and SharePoint Online retention policies
• Organizations using Microsoft Purview for data lifecycle management

What will happen:

• Admins can create Priority Cleanup policies to delete content before retention or hold periods expire.
• Feature includes simulation mode, audit logging, and disposition reviews.
• New admin policy authoring flows are introduced, governed by Microsoft Purview role groups.
• Feature is not enabled by default; requires explicit policy creation and enforcement.
• Requires at least two admins to author and enforce a Priority Cleanup policy.

[What you need to do to prepare:]

• Ensure at least two admins are assigned the Priority Cleanup Admin and Retention Management roles.
• Review and configure role assignments in Microsoft Purview portal
• Communicate this change to your compliance and records management teams
• Update internal documentation to reflect new policy authoring and enforcement capabilities

Learn more: Override holds to clean up files for Copilot and reclaim storage

[Compliance considerations:]

[Introduction]

We’re retiring the TeamworkDevice (beta) API from Microsoft Graph starting December 8, 2025.

Instead, we recommend using the Teams Rooms Pro Management Portal (PMP) to manage Teams Rooms on Windows devices, where we will continue to invest in secure, reliable, and supported device management capabilities. 

When this will happen:

The retirement will begin gradually on December 8, 2025.

How this affects your organization:

Who is affected: Organizations using applications or integrations that rely on the TeamworkDevice (beta) API in Microsoft Graph.

What will happen:

• Applications or integrations using the /beta/TeamworkDevice endpoints will stop working.
• There are no plans to support Graph APIs for Teams Devices.
• Teams Rooms on Windows should be managed through the Teams Rooms Pro Management Portal (PMP).
• PMP is being consolidated as the single portal for managing all Teams device types, including Teams Rooms on Android, Teams Phones, and Teams Panels.
• Additional updates on this consolidation effort will be shared in the coming months.

What you can do to prepare:

This change will happen automatically and gradually, starting December 8, 2025. No admin action is required to complete retirement.

If your organization has dependencies on the TeamworkDevice (beta) API, we recommend:

• Review any applications, scripts, or integrations that use /beta/TeamworkDevice endpoints.
• Update internal documentation.
• Notify relevant stakeholders or partners about this upcoming change.

Learn more: Microsoft Teams Rooms Pro Management

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

[Introduction]

We’re introducing the Explore Pane, a new side panel in the Microsoft 365 Copilot app designed to help users discover how to use Copilot effectively. This guided experience supports users in building confidence and unlocking the value of AI through contextual, step-by-step journeys across the Create, Search, and Notebooks modules. This enhancement aligns with our goal to make Copilot more approachable and valuable for all users.

[When this will happen:]

• Targeted Release (Worldwide): Rolling out from mid-November 2025, expected to complete by late November 2025.

[How this affects your organization:]

• Who is affected: All users of the Microsoft 365 Copilot app on Web, Windows, and Mac desktop platforms..
• What will happen:
  • Users will see a new Explore Pane when navigating to the Create, Search, or Notebooks modules.
  • The pane provides guided, contextual steps to help users get started and find value in each module.
  • The feature is on by default; no admin action is required.

[What you can do to prepare:]

• No admin controls or policy updates are required.
• You may wish to:
  • Inform users about the new guided experience.
  • Share how to reopen the Explore Pane via the Settings menu.
  • Update internal documentation or training materials if you include guidance on using Copilot.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

[Introduction]

We are updating the multi-select toolbar in Outlook Mobile. This change will allow users to customize the order and placement of toolbar actions when selecting multiple emails. Users can now Move to Other, Report Junk, Ignore, Pin, and Snooze multiple messages at once.

[When this will happen:]

• General Availability (Worldwide, GCC, GCC High, DoD): Rollout will begin in early December 2025 and is expected to complete by late January 2026.

[How this affects your organization:]

• Who is affected: Users of Outlook Mobile.
• What will happen:
  • Users will be able to customize the multi-select toolbar.
  • No admin action is required.

  Screenshot 1: Shows the updated toolbar when selecting multiple messages. Tap the overflow menu (…) to find more actions.

  

  Screenshot 2: Tap Reorder to customize the order. Note that several actions shown are disabled because they can only be applied when only one message is selected.

  

  Screenshot 3: Users can customize the multi-select toolbar by dragging and dropping. 

  

[What you can do to prepare:]

• No admin action is required.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

[Introduction]

We’re updating the compose toolbar in Outlook Mobile to give users more control over their email experience. This change allows users to customize the order and placement of toolbar actions when composing an email, helping streamline workflows and improve productivity.

[When this will happen:]

• General Availability (Worldwide, GCC, GCC High, and DoD): Rollout will begin in early December 2025 and is expected to complete within the same timeframe.

[How this affects your organization:]

• Who is affected: All users of Outlook Mobile.
• What will happen:
  • Users will be able to customize the toolbar layout when composing emails.
  • The feature will be available by default; no opt-in required.

  Screenshot 1: Tap on the overflow menu (…) to find more actions.

  

  Screenshot 2: Tap Reorder to customize the toolbar.

  /p>

  Screenshot 3: You can customize the order of your actions by dragging and dropping

  

[What you can do to prepare:]

• No action is required at this time.
• You may choose to notify helpdesk staff or update internal documentation to reflect this new customization capability.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

To help organizations recover from accidental or malicious deletions, Microsoft Entra is introducing soft deletion and restoration for cloud security groups. This feature allows deleted groups to be restored within 30 days, preserving their settings, ownership, and membership—reducing the need to rebuild access models from scratch.

[When this will happen:]

• Public preview: Rollout began in late in October 2025 and is expected to complete by early November 2025.
• General availability (Worldwide): Rollout begins in late February 2026 and is expected to complete by early March 2026.

[How this affects your organization:]

Who is affected:

• Admins managing Microsoft Entra cloud security groups.
• Users whose access is governed by security groups.

What will happen:

• Deleted cloud security groups will enter a soft deleted state and appear in the Deleted groups blade.
• During soft deletion:
  • Access granted via the group is removed.
  • The group is restorable for up to 30 days.
• After 30 days, the group is permanently deleted.
• Restoration recovers:
  • Group properties (name, description, type)
  • Settings (roles, policies)
  • Ownership and membership (assigned and dynamic)
• Admin tools supported:
  • Microsoft Entra admin center
  • Microsoft Graph
  • PowerShell
• Audit logs will capture deletion, restoration, and hard delete actions.
• Users lose access via the group during soft deletion; restoring the group reapplies access based on the group’s previous configuration.
• If a resource (for example, a SharePoint site, app, or policy scope) is protected by a soft deleted group, affected users immediately lose access via that group. If users had direct or alternate access paths, those remain unchanged.

[What you can do to prepare:]

• Identify critical groups:
  • Inventory and tag critical security groups that gate access to sensitive resources.
• Update admin runbooks:
  • Add steps to restore a deleted group before attempting to rebuild it.
• Test in a pilot (after preview reaches your tenant):
  • Create a test security group, grant it access to a nonproduction resource, soft delete, validate access removal, then restore and confirm access returns as expected
  • If you automate group management, validate your automation handles soft deleted objects and does not immediately hard delete them.
• Communicate to helpdesk and resource owners:
  • Create guidelines on how to check deleted groups, how to restore, and when to escalate before recreating a group.

Learn more:

• Recover from deletions in Microsoft Entra ID – Microsoft Entra | Microsoft Learn
• Recoverability best practices in Microsoft Entra ID | Azure Docs | Microsoft Learn
• Restore a deleted Microsoft 365 group – Microsoft Entra ID | Microsoft Learn

MS Graph documentation:

• Delete group – Microsoft Graph API – Microsoft Graph v1.0 | Microsoft Learn
• List deleted items (directory objects) – Microsoft Graph v1.0 | Microsoft Learn
• Restore deleted directory object item – Microsoft Graph v1.0 | Microsoft Learn
• Permanently delete an item (directory object) – Microsoft Graph v1.0 | Microsoft Learn

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.