Microsoft Roadmap, messagecenter and blogs updates from 10-04-2026

Starting in October 2025, Microsoft Edge version 141 will introduce the Adobe-powered PDF viewer as the default experience for enterprise users on Windows. This change enhances performance, accessibility, and compatibility, and introduces exclusive enterprise features. It follows our earlier public announcement and aligns with Roadmap ID 489231 and MC post MC1072406.

General Availability: Migration will occur on a phased rollout. Rollout will begin October 2025 and will complete March 2026. 

Who is affected:

• All enterprise users on Windows using Microsoft Edge.

What will happen:

• The Adobe-powered PDF viewer will replace the legacy viewer as the default experience.
• User interface and controls will remain unchanged.
• The new viewer offers improved performance, accessibility, compatibility, and exclusive enterprise features.

Admins can manage the experience using two policies:

NewPDFReaderEnabled: Controls the default viewer in Edge for Windows. 

NewPDFReaderWebView2List: Controls viewer behavior in WebView2 apps. 

Policy behavior:

No action is required if your organization is ready to adopt the new viewer.

If you wish to manage the experience:

• Enable the new viewer early using the NewPDFReaderEnabled policy.
• Opt-out by disabling the same policy. Opt-out will be supported until June 2026, at which time the policy will be deprecated and any remaining organizations will be moved to the new viewer. 
• Review and update internal documentation if needed.
• Communicate this change to helpdesk or support teams.

Learn more: Microsoft Edge and Adobe partner to improve the PDF experience.

For support, contact your Microsoft CSAM or CSS representative.

Updated April 9, 2026: We have updated the timeline and added description of a new sub-feature for In-Meeting. Thank you for your patience. 

We’re excited to announce that we are making Copilot Chat available as a side-by-side experience in Teams. This will help users access the power of M365 and Web data in addition to current capabilities of Copilot in Chats, Channels, Calling, and Meeting. On Teams desktop (Windows and Mac) and web, users can open Copilot Chat from the Copilot icon located on the top right corner in these surfaces. Copilot Chat will be available in Teams for users with a Microsoft 365 Copilot license. 

Additionally, a new in-meeting control lets users stop Teams from processing spoken audio during a meeting. When this control is on, Teams stops processing spoken audio — including transcription and recording — and Copilot will not use or reference anything said during this time. If Facilitator is active, it will also be turned off. Users will also be prevented from restarting recording, transcription, or Facilitator while this control is in effect.

This change is associated with Microsoft 365 Roadmap ID: 501107

Screenshot: Copilot Chat in Teams (Windows desktop) for users with a Microsoft 365 Copilot license. UI elements subject to change. 

[When this will happen:]

Chats, Channels, and Post Meeting + Calling Recaps:

• Public Preview: Rollout of this change starts in early October and completes in the weeks following.
• General Availability: Rollout of this change starts mid-November and completes in the weeks following.

In-Meeting and in-Calls:

• Public Preview: Rollout of this change starts in early December and completes in the weeks following.
• General Availability: Rollout of this change started mid-January 2026 and completed early March 2026. 

In-Meeting Control

• General Availability: Rollout of this change starts July 2026 and is expected to complete in July 2026.

[How this affects your organization:]

Who is affected: Users with a Microsoft 365 Copilot license using Teams on Windows desktop, Mac desktop, or web (Chrome, Edge, Firefox, Safari).

What will happen:

• You can now create new Copilot Chat sessions or access other sessions within any conversation window. When you reopen Copilot Chat, it will always default back to the latest used session that was within the conversation window.
• Upon completion of the migration, all prior Copilot history will not be migrated into the new Copilot Chat experience. However, you can still access prior history by clicking on the More Options menu (…) located on the top right corner of your conversation window. An entry point to access history will be available within the More Options menu (…) of channel thread summaries as well. Within the menu, you find and select the View Copilot history option to access prior history.
• In-Meeting: A new in‑meeting control lets users stop Teams from processing spoken audio during a meeting. When this control is on, Teams stops processing spoken audio — including transcription and recording — and Copilot will not use or reference anything said during this time. If Facilitator is active, it will also be turned off. Users will also be prevented from restarting recording, transcription, or Facilitator while this control is in effect.
• After the meeting: Copilot and Facilitator will only have access to recordings or transcripts from periods when audio processing was active.

Supported Platforms

Web 

• Chrome 
• Edge 
• Firefox 
• Safari 

Desktop 

• Windows 
• Mac 

[What you can do to prepare:]

Admin action required

To ensure Microsoft Copilot is available in Teams meetings, tenant administrators must allow the Microsoft 365 Copilot app.

If the Microsoft 365 Copilot app is not allowed at the tenant level, users may not see the Copilot entry point in Teams meetings, even when Copilot licenses are assigned.

Admins should review Teams app permission and app setup policies to confirm that the Microsoft 365 Copilot app is allowed for the intended users. Copilot availability in Teams meetings depends on both licensing and app enablement.

For more information, see the public documentation on managing Copilot access: https://learn.microsoft.com/copilot/manage

[Compliance considerations:]

Updated April 9, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

Microsoft Security Store is now integrated into the Microsoft Purview DLP experience, giving admins an in‑product way to discover a curated set of integrations that extend Purview capabilities, including data security capabilities for the network. Purchasing and management are completed through Security Store, simplifying how organizations procure partner integrations.

This message is associated with Microsoft 365 Roadmap ID 557977.

[When this will happen:]

• General availability (Worldwide): Rollout will begin in late March 2026 and is expected to complete by mid-April 2026 (previously late April).

[How this affects your organization:]

Who is affected:

• Microsoft 365 administrators managing Microsoft Purview DLP
• Data security and compliance administrators

What will happen:

• Once rolled out, you can access the Security Store from the Data Loss Prevent solution in Purview.



• Admins can discover, purchase, and enable supported partner integrations.
• The feature is available by default once it reaches your tenant.
• There is no impact to users unless an integration is enabled.
• Existing Purview DLP policies are not changed.

[What you can do to prepare:]

No action is required.

• Inform data security administrators about the new capability.
• Review available integrations once the Security Store appears.

Learn more:

• Discover, buy, and deploy security solutions and agents
• Learn about Microsoft Purview Network Data Security

[Compliance considerations:]

Updated April 9, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

Copilot highlights in Viva Glint provides AI‑generated, structured summaries of employee survey results directly within supported Glint reports. The feature appears as a collapsible card at the top of the report and surfaces key insights—including strengths, opportunities, team‑level differences, and trends—to help managers and leaders move from data to action faster. Copilot highlights will be automatically available for users who have access to Copilot in Viva Glint, with no additional configuration required.

This message is associated with Microsoft 365 Roadmap ID 558111.

[When this will happen]

• General Availability (Worldwide): Rollout will begin April 20, 2026 (previously early April) and is expected to complete by late April 2026.

[How this affects your organization]

Who is affected

• Organizations using Viva Glint
• Admins who manage Copilot in Viva Glint access in the Microsoft 365 admin center
• Users with Glint roles that include dashboard and reports access when Copilot in Viva Glint is enabled
• Users must have a license for Viva Glint, Microsoft Viva Suite, or Microsoft Viva Workplace Analytics and Employee Feedback to access Copilot highlights.
• A Microsoft 365 Copilot license is not required to use Copilot in Viva Glint or Copilot highlights.

What will happen

• Copilot highlights will appear automatically as a collapsible card at the top of Team Summary and Executive Summary reports.
• There will be no separate toggle to configure; the feature will be enabled automatically when Copilot in Viva Glint is turned on.
• Summaries may include up to three structured sections:
  • Overview and key outcomes: Response rate, key outcome trend, top strengths
  • Team scores: Team breakdowns, increases/decreases, high/low scoring teams
  • Top opportunities: Score, benchmark comparison, risk classification
• Multilingual summaries will be generated in each user’s configured Viva Glint dashboard language.
• Interpretation rules will surface only notable findings based on respondent group size.
• No new data sources will be introduced; summaries will use existing report data.
• Existing access policies, data permissions, and confidentiality thresholds will remain unchanged.
• No changes will be made to dashboard access, user permissions, or privacy protections.

[What you can do to prepare]

• Verify Copilot access settings:
  • Go to admin.microsoft.com → Settings → Viva → Viva Glint → Manage settings for Microsoft Copilot in Viva Glint.
  • Confirm Copilot in Viva Glint is turned on at the tenant level.
  • If needed, adjust access policies to limit Copilot visibility to specific users or groups.
• Inform report viewers: Let managers and leaders know that AI‑generated summaries will appear at the top of supported reports. Users can collapse the card if they prefer to review data directly.
• No additional configuration is required: Copilot highlights will be automatically available when Copilot in Viva Glint is enabled.
• Learn more: Manage Viva Glint Copilot access in the Microsoft 365 admin center | Viva Glint | Microsoft Viva | Microsoft Learn

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

Updated April 9, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

We’re retiring the Semi-Annual Enterprise Channel option from the Office Customization Tool in the Microsoft 365 apps admin center and in the Microsoft Office 365 Client Management experience in Configuration Manager. This retirement supports our ongoing efforts to simplify update channel management for Microsoft 365 Apps and ensure customers benefit from the most secure, up-to-date experience. We will continue to invest in the Monthly Enterprise Channel and Current Channel, which offer more frequent security and feature updates.

[When this will happen]

We will begin retiring this option on April 15, 2026 (previously April 6), and expect to complete the retirement by April 20, 2026 (previously April 11).

[How this affects your organization]

Who is affected

• Organizations that use the Office Customization Tool in the Microsoft 365 apps admin center to create deployment configurations for Microsoft 365 Apps.
• Organizations that use the Microsoft Office 365 Client Management experience in Configuration Manager.

What will happen

• The Semi-Annual Enterprise Channel will be removed from the list of available update channel options when creating new deployment configurations.
• Deployment configurations you have already created that use Semi-Annual Enterprise Channel will continue to retain that value when viewed or edited; however, it will not be available as a selectable option for new configurations.
• Only Current Channel and Monthly Enterprise Channel will be available for new configuration creation.
• There is no impact to devices currently configured for Semi-Annual Enterprise Channel.

[What you can do to prepare]

No admin action is required for this retirement. You may choose to:

• Notify relevant admins or deployment teams of this upcoming change.
• Update internal documentation if it references the Semi-Annual Enterprise Channel as a selectable option.
• Review your existing configurations in the Office Customization Tool if you plan to transition to a different update channel going forward.
• If desired, use this Microsoft Learn resource to plan channel migration: Change the Microsoft 365 Apps update channel for devices in your organization | Microsoft 365 | Microsoft Learn.

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

Updated April 9, 2026: After further review, we have decided not to move forward with this change at this time. We will communicate via a new Message center post when we are ready to proceed. We apologize for any inconvenience this may cause and appreciate your understanding.

[Introduction]

As previously announced in MC1221452, Microsoft Registration Campaigns will support Passkeys (FIDO2) as an additional authentication method starting in early April 2026. This update helps organizations accelerate adoption of phishing‑resistant credentials by allowing administrators to opt users into Passkeys and deliver Passkey registration nudges during sign‑in.

[When this will happen] 

General Availability (Worldwide): We will begin rolling out in early April 2026 and expect to complete in late May 2026.

[How this affects your organization]

Who is affected

• Microsoft 365 tenants using Microsoft Registration Campaigns
• Tenants configured in either Microsoft‑managed or Enabled states
• Users who are MFA‑capable and eligible for Passkeys (FIDO2)

What will happen

Microsoft‑managed state

Your tenant will be impacted when all of the following conditions are met:

• The Passkeys (FIDO2) authentication method policy is enabled.
• Allow self‑service setup is enabled.
• Target specific AAGUIDs is not selected (no AAGUID restrictions configured).
• The Authentication Methods Registration Campaign state is set to Microsoft‑managed.

When these conditions are met, the following settings will update automatically:

• The targeted authentication method will change from Microsoft Authenticator to Passkeys (FIDO2).
• Days allowed to snooze will change from three days to one day. (This setting will no longer be configurable.)
• Limit number of snoozes will be disabled. (This setting will no longer be configurable.)
• Targeting will expand to all MFA‑capable users. (This setting will no longer be configurable.)
• Default user targeting will change from voice call or text message users to all multifactor authentication (MFA)–capable users.

Affected users will receive Passkey registration nudges at sign‑in after completing MFA.

We will roll out these changes incrementally over time to in‑scope tenants.

Enabled state

Passkey (FIDO2) can be selected as the Targeted Authentication Method when Microsoft Registration Campaigns are in the Enabled state. 

Note: Registration Campaigns support targeting only one authentication method at a time—either Microsoft Authenticator or Passkeys (FIDO2), but not both simultaneously.

[What you can do to prepare]

Opting into Passkey Registration Nudges:

• The user is MFA‑capable
  • They have at least one registered MFA method
  • They can successfully complete MFA at sign‑in
• Under Authentication methods > Policies, the user is in scope for Passkeys (FIDO2)
• Under Authentication methods > Policies > Passkeys (FIDO2) > Configure, make sure you have Allow self-service set up checked. 

Important Guidance:

We will roll out these changes incrementally to in-scope tenants starting in early April. This rollout will take time, and even if your tenant meets the eligibility criteria, you may not see the changes immediately. 

Enabled State 

Over time, we will incrementally refine the logic for Passkeys nudges in Microsoft Registration Campaigns to guide users toward the appropriate passkey registration experience based on their passkey profile scope. Initially, the logic may not account for every edge‑case scenario, but we are actively expanding and improving it on an ongoing basis. When users have passkey profile restrictions (for example, AAGUID restrictions), the registration experience triggered by the nudge may not be optimal.   

Using Passkeys Despite Restrictions

You can still set Passkeys as the target authentication method in Microsoft Registration Campaigns. However, users may encounter a poor or confusing experience if they have passkey profile restrictions.

Example: 

If a user is scoped into specific AAGUID synced passkeys only, they may see a Passkey nudge at sign‑in. If they attempt to register a device‑bound passkey, the registration will fail because they are not in scope for that passkey type. 

Recommended next steps

• Review your Registration Campaign state by early April 2026.
• Communicate this change to helpdesk or support teams.
• Update internal documentation on authentication method enrollment.
• If you prefer to continue targeting Microsoft Authenticator, verify this configuration before rollout.

Learn more: How to enable passkey (FIDO2) profiles in Microsoft Entra ID (preview) | Authentication | Microsoft Entra ID | Microsoft Entra | Microsoft Learn

[Introduction]

To help users stay focused while working in unread only views, Microsoft Teams is introducing a quicker way to access read chats and channels without changing filters. This update improves navigation and reduces friction when users need to quickly reference previously read conversations while keeping their unread list visible.

This message is associated with Microsoft 365 Roadmap ID 559608.

[When this will happen]

• General Availability (Worldwide): We will begin rolling out in early May 2026 and expect to complete by mid-May 2026.

[How this affects your organization]

Who is affected

• Users who filter their chat or channel list to unread only mode in Microsoft Teams

What will happen

• When a section is set to unread only, users will see an eye icon next to the section name.
• Selecting the eye icon opens a list of read chats or channels within that section: 

  

• Users can open read items directly from this list without switching out of unread only view.
• This replaces the previous experience where read items were accessed through a see read button in the chat list.
• The feature is enabled by default and requires no admin configuration.

[What you can do to prepare]

• No admin action is required.
• Consider notifying users about the updated navigation experience to reduce confusion and help desk inquiries.
• Update internal documentation or training materials if you reference unread only views in Teams.

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

[Introduction]

To help organizations schedule shared spaces more efficiently, Microsoft Teams will introduce the ability for users to book future meetings directly from Teams panel devices running on Android. This change reduces the need to switch to a desktop or mobile calendar and helps streamline ad‑hoc and near‑term scheduling in shared spaces. The feature will be available for rooms with Teams Rooms Pro and Shared Device licenses.

This message is associated with Microsoft 365 Roadmap ID 557168.

Note: This feature is supported only on Teams panel devices running Android and is not available on non‑Android panel hardware.

[When this will happen]

• General Availability (Worldwide, GCC, GCCH): We will begin rolling out in early May 2026 and expect to complete in early May 2026.

[How this affects your organization]

Who is affected

• Organizations using Microsoft Teams Rooms panels on Android
• Admins managing Teams Rooms Pro or Shared Device licensed rooms
• Users who schedule meetings from Teams panel devices

What will happen:

• When enabled by an admin, users will be able to book future meetings directly from a Teams panel by browsing the room calendar: 

  

• Available time slots will include any open time through midnight the next day:
   

• If enabled by an admin, users will be able to add a guest while booking from the panel.
• The feature will be OFF by default and requires admin configuration.
• Existing room booking and calendar policies will continue to be respected.

[What you can do to prepare]

No immediate action is required at this time.

Before rollout, admins can:

• Review the upcoming setting in the Teams admin center.
• Decide whether to enable future room booking from Android‑based panel devices.
• Decide whether to allow users to add guests while booking.
• Inform helpdesk or facilities teams about this upcoming capability.

Read the release notes for devices in Microsoft Teams:  What’s new in Microsoft Teams devices | Microsoft Teams | Microsoft Learn

[Compliance considerations]

[Introduction]

To help organizations understand and reduce data oversharing risks in Microsoft Fabric, Purview DSPM’s (preview) Data Risk Assessment now scans all Fabric workspaces for key oversharing insights like sensitivity label and access activity. This update enables admins to identify potentially overshared Fabric artifacts—such as dashboards and reports—and take proactive steps to secure sensitive data across Fabric and Power BI workloads.

This message is associated with Microsoft 365 Roadmap ID 553217.

[When this will happen:]

General Availability (Worldwide): We will begin rolling out in mid-April 2026 and expect to complete by early May 2026.

[How this affects your organization:]

Who is affected:

• Microsoft 365 tenants using Microsoft Purview Data Security Posture Management (preview)
• Organizations with Microsoft Fabric workspaces
• Purview admins, Global admins, and Fabric admins

What will happen:

• A new Fabric tab will appear at the top of DSPM Data Risk Assessments.



• Admins can view default oversharing assessment results for Fabric artifacts (for example, dashboards and reports).



• Admins can take protective actions to secure sensitive Fabric data.



• Oversharing insights for Fabric data are centralized within the new Fabric tab.
• A one‑time setup is required to allow Purview to scan Fabric workspaces.
• This feature is not enabled automatically; admin action is required to start scanning.

[What you can do to prepare:]

• Coordinate with your Fabric admin and Global admin to enable the Fabric Oversharing Assessment in Microsoft Purview. This involves setting up an Entra Application as a service principal. 
• Update internal security and governance documentation to reflect the new Fabric oversharing insights.
• Share this change with security and analytics stakeholders who manage Fabric data.

Learn more: Prevent oversharing with data risk assessments from Microsoft Purview Data Security Posture Management | Microsoft Learn

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Updated April 9, 2026: We have updated the content. Thank you for your patience. 

[Introduction]

We’re consolidating agent management experiences to make it easier to observe, govern, and secure all agents in your tenant. Agent 365 will be the single source of truth, offering a unified catalog, consistent visibility, and simplified management. As part of this consolidation, we’re retiring legacy agent management experiences in the Microsoft Entra admin center.

We recognize this change is being communicated with a shorter notice period, and we’re sharing it as early as possible to help you plan.

[When this will happen]

Effective May 1, 2026, the following experiences will be retired in the Microsoft Entra admin center:

• Agent registry blade
• Agent collections blade

[How this affects your organization]

Who is affected

• Microsoft 365 tenants with administrators who currently view or manage agents using:
  • The Agent registry or Agent collections blades in the Microsoft Entra admin center
• Developers or admins using the existing agent registry Graph API

What will happen

• The Agent registry and Agent collections blades in the Entra admin center will no longer be available after May 1, 2026.
• Administrators can continue to view agent inventory in the All agents view in the Microsoft 365 admin center (MAC).
• Agent 365 becomes the single source of truth for agent discovery, visibility, and management.
• Microsoft Entra continues to provide the identity foundation for agents through Agent ID.
• The existing agent registry Graph API will be retired and replaced by a new API powered by Agent 365.
  • Agents registered using the current API will need to be re‑registered using the new API.
  • Details on the API retirement timeline and availability of the new API will be shared in a follow‑up communication.
• There is no change to agent functionality, access, or governance capabilities as part of this retirement.

[What you can do to prepare]

• No immediate admin action is required for the retirement of the Entra admin center blades.
• If your organization uses the existing agent registry Graph API:
  • Review upcoming communications for the new Agent 365–powered registry API.
  • Plan to re‑register agents once the new API becomes available.
• Update internal documentation or admin guidance to reference Agent 365 and the Microsoft 365 admin center for agent inventory.
• Share this change with helpdesk or platform administrators as appropriate.

Learn more: 

• Agent Registry convergence with Microsoft Agent 365 | Agent ID | Microsoft Entra | Microsoft Learn
• agentRegistry resource type | Microsoft Graph | Microsoft Learn
• Microsoft Entra releases and announcements | Fundamentals | Microsoft Entra | Microsoft Learn

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

[Introduction]

Recap without saving transcript provides an optional way for Copilot to generate a meeting summary using live meeting context, without saving a meeting transcript or recording.

This capability is intended for scenarios where organizations want AI‑generated recaps but have policies that limit or prohibit the retention of transcripts or recordings. When disabled, no AI recap is generated. Existing Copilot licensing and tenant‑level AI controls continue to apply.

This feature will be available to users with an M365 Copilot (Premium) license across platforms, including desktop (Windows and Mac), web, and mobile.

This message is associated with Microsoft 365 Roadmap ID 558286.

[When this will happen:]

• Targeted Release: We will begin rolling out mid-May 2026 and expect to complete by late May 2026.
• General Availability (Worldwide): We will begin rolling out early June 2026 and expect to complete by mid-June 2026.

[How this affects your organization:]

Who is affected:

• Microsoft Teams meeting organizers and participants with an M365 Copilot (Premium) license
• Microsoft 365 administrators managing Copilot and AI controls

What will happen:

• Meeting organizers with a Copilot license can enable or disable Recap without saving transcript in meeting options under Copilot and other AI before the meeting, and organizers or participants with a Copilot license can manage the AI toggle during the meeting through the AI mode dropdown (top‑left indicator).
• During a meeting, organizers and participants with a Copilot license can enable or disable this option.
• When enabled, Intelligent Recap will generate an AI summary even if recording and transcription are not turned on.
• No transcript or recording is saved as part of this experience.
• This feature is controlled by the existing AI toggle. If AI is disabled at the tenant level, this experience is not available.
• The feature is on by default for tenants where Copilot and AI experiences are enabled.

[What you can do to prepare:]

• Review your organization’s AI and Copilot governance policies to determine whether this experience aligns with your compliance posture.
• If you want to opt out, disable the AI toggle in your tenant settings to prevent Recap without saving transcript from being used.
• Update internal guidance and helpdesk documentation to reflect that meeting recaps may be generated without recordings or transcripts.
• Communicate this change to meeting organizers, especially in regulated environments.

[Compliance considerations:]

• September 2025 and later: Windows security updates include hardening changes that strengthen the trust boundary between identity, authentication, and User Account Control (UAC).
• April 2026 and later: Windows security updates include a temporary workaround for machines cloned without Sysprep. This registry-based compatibility option isn’t recommended. It reduces security protections introduced by recent updates.
• End of 2027: The temporary workaround expires. 

• You manage devices on Windows 11, version 24H2 and later or Windows Server 2025.
• You installed the August 2025 non-security update or September 2025 security update (or later) on these devices.
• You notice Kerberos or NTLM authentication failures. These failures surface as LsaSrv Event ID 6167 in the System event log of the target machine.

• Stop any automation that clones devices without Sysprep. If not addressed, devices end up with duplicate security IDs (SIDs).
• Rebuild all devices with duplicate SIDs from scratch, then run Sysprep. It’s not sufficient to unjoin devices and run Sysprep. 
• If needed for transition only, temporarily roll back the hardening change with a registry-based option. Please contact Microsoft Commercial Customer Service and Support (CSS) to get information about this registry value. 

• Hardening administrative actions: What IT pros need to know
• KB5070568: Kerberos and NTLM authentication failures due to duplicate SIDs
• KB5068222: Strengthening administrator protection and Kerberos authentication
• The Microsoft policy for disk duplication of Windows installations
• Sysprep