Microsoft Roadmap, messagecenter and blogs updates from 29-04-2026

Updated April 28, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction:]

We’re introducing the ability to add public web links as references in Microsoft Copilot Notebooks. This enhancement allows users to ground Copilot responses on specific public web pages, expanding the types of content that can be used to inform and contextualize their work.

A Microsoft 365 Copilot license is required to use this feature.

This message is associated with Microsoft 365 Roadmap ID 516040.

[When this will happen:]

General Availability (Worldwide): Rollout will begin in late May 2026 (previously late April) and is expected to complete by end of May 2026 (previously end of April).

[How this will affect your organization:]

Who is affected: All users of Microsoft Copilot Notebooks with a Microsoft 365 Copilot license.

What will happen:

• Users will be able to add public web links as references in their Copilot Notebooks.
• This expands current capabilities, which already support referencing Word, PowerPoint, Excel, and other file types.
• Users can now ground Copilot on public web content without needing to convert it to a file format (such as PDF).
• The feature will be enabled by default.

[What you can do to prepare:]

No specific preparation is required. However, we recommend:

• Informing users about the upcoming capability to enhance their productivity.
• Updating internal documentation if you provide guidance on using Copilot Notebooks.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Updated April 27, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

We’re introducing new capabilities in the Microsoft 365 Copilot mobile app (iOS and Android) that allow users with a Microsoft 365 Copilot (Premium) license to create new Pages and edit existing Pages using Copilot. These capabilities, already available in the Microsoft 365 Copilot web and desktop apps, help users move from conversation to structured content more quickly while working on mobile devices.

This update supports productivity on the go by enabling users to generate, refine, and update content directly from Copilot chat within the mobile app.

[When this will happen:]

General Availability (Worldwide): Rollout will begin in mid-May 2026 (previously late April) and is expected to complete by late May 2026.

[How this affects your organization:]

Who is affected:

• Users with a Microsoft 365 Copilot (Premium) license
• Users accessing the Microsoft 365 Copilot mobile app on iOS or Android

What will happen:

• Auto-create Pages from chat: Users can instruct Copilot to generate a new Page based on chat context using prompts such as “Create a new page for Project XYZ.”



• Edit Pages with Copilot: Users can prompt Copilot Chat alongside an existing Page to update, refine, or improve content. Changes are applied directly to the Page, and users can choose to keep or revert the updates.



• The feature is enabled by default for eligible users in supported mobile apps.
• Existing Microsoft 365 permissions, sensitivity labels, and compliance policies continue to be enforced.

[What you can do to prepare:]

No action is required to enable this feature.

Admins may consider the following preparation steps:

• Inform users about Copilot-powered Page creation and editing on mobile devices.
• Review and reinforce internal guidance related to responsible AI-assisted content creation.
• Update internal helpdesk or end-user documentation, if applicable.

Learn more: Get started with Microsoft 365 Copilot Pages | Microsoft Support

[Compliance considerations:]

Updated April 28, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

To help reduce visual clutter and keep SharePoint team site homepages focused on active content, we’re introducing an automatic collapse behavior for the News web part. When a team site homepage hasn’t been edited in 30 days and no news has been published on the site, the News web part will collapse by default. This change will help surface relevant information while preserving existing News authoring and configuration capabilities.

[When this will happen]

• Targeted Release: Rollout will begin in late April 2026 and is expected to complete by early May 2026 (previously late April).
• General Availability (Worldwide, GCC, GCC High, and DoD): Rollout will begin in early May 2026 (previously late April) and is expected to complete by late May 2026 (previously mid-May).

[How this affects your organization]

Who is affected

• All Microsoft 365 tenants using SharePoint Online
• Team site homepages that include the News web part

What will happen

• The News web part will automatically collapse on a team site homepage if the homepage has not been edited for 30 days and no News posts have been published.
• This behavior will be enabled by default.
• Site owners and users will be able to expand the News web part at any time.
• Publishing new News posts or editing the homepage will restore normal visibility of the News web part.
• This change will not affect News authoring workflows, configuration options, or permissions.

[What you can do to prepare]

• No action will be required from administrators.
• You may want to inform site owners about this automatic behavior.
• Consider updating internal SharePoint documentation or helpdesk guidance if you describe default homepage behavior.

[Compliance considerations]

[Introduction]

Microsoft is introducing a new guided diagnostics experience in Microsoft Purview Data Loss Prevention (DLP) to help administrators diagnose and resolve DLP policy issues more efficiently. This experience provides clearer visibility into how DLP policies are evaluated, which conditions are matched, and what actions are taken. For eligible tenants, Security Copilot‑powered insights offer recommendations to support troubleshooting and policy optimization.

This message is associated with Microsoft 365 Roadmap ID 561032.

[When this will happen]

• Public Preview: Mid‑May 2026 – Mid‑June 2026
• General Availability (Worldwide): Late June 2026 – July 2026

[How this affects your organization]

Who is affected

• Microsoft 365 administrators who manage Microsoft Purview DLP policies
• Commercial tenants
• Security Copilot‑powered insights are available only to customers with eligible Microsoft 365 E5 and Copilot licensing

What will happen

• A new guided diagnostics experience will be available in the Microsoft Purview portal to help troubleshoot DLP policy behavior.
• The diagnostics will be available to all users who have permission to view DLP policies.
• Admins will see a new guided diagnostics experience in the Microsoft Purview portal for troubleshooting DLP issues.
• Diagnostics provide visibility into:
  • DLP policy evaluation order
  • Conditions that were matched
  • Actions taken (allow, block, audit)
• Eligible tenants will receive Copilot‑powered insights and recommendations to assist with:
  • Identifying potential policy misconfigurations
  • Troubleshooting DLP behavior
  • Policy optimization
• Existing DLP policies and enforcement behavior are not changed.
• There is no impact to user workflows.

[What you can do to prepare]

No action is required.

Optionally:

• Review internal DLP troubleshooting documentation and update it to reference the new diagnostics experience.
• Ensure security and compliance teams are aware of the new diagnostics flow in the Microsoft Purview portal.
• Review Copilot licensing to understand availability of Security Copilot‑powered insights.

(Documentation links will be provided once public preview documentation is available.)

[Compliance considerations]

[Introduction]

We are retiring support for legacy Transport Layer Security (TLS) versions for POP3 and IMAP4 connections to Exchange Online. This change improves security and aligns with current industry standards. TLS 1.0 and TLS 1.1 are no longer considered secure. Most modern email clients already use TLS 1.2 or later. 

[When this will happen]

• Rollout start: July 1, 2026
• Rollout end: December 31, 2026

The rollout will occur gradually worldwide.

[How this affects your organization]

Who is affected

• Microsoft 365 tenants using POP3 or IMAP4 with Exchange Online
• Admins managing email clients, applications, or devices that use POP or IMAP

What will happen

• POP3 and IMAP4 connections will require TLS 1.2 or later.
• Connections using TLS 1.0 or TLS 1.1 will fail.
• Modern email clients are not expected to be affected.
• Legacy applications or devices may stop connecting.
• Custom or embedded systems may require updates.

[What you can do to prepare]

• If you use POP or IMAP with Exchange Online, ensure email clients, applications, and libraries support TLS 1.2 or later and do not use legacy TLS endpoints.
• Review all POP and IMAP clients in your organization.
• Confirm support for TLS 1.2 or later.
• Update or replace clients that rely on legacy TLS.
• Validate TLS support with third‑party vendors.
• Inform helpdesk and operations teams.

No action is required if all connections already use TLS 1.2 or later.

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

[Introduction]

Whiteboards initiated from Teams Rooms on Android devices signed in with a licensed user account will now be automatically saved to that user’s OneDrive. This preventive fix improves reliability by ensuring whiteboards are saved without requiring another participant or an active meeting, reducing scenarios where content could otherwise be lost.

[When this will happen:]

General Availability (Worldwide, GCC, GCC High): We will begin rolling out in late April 2026 and expect to complete by mid-May 2026.

[How this affects your organization:]

Who is affected:

• Teams Rooms on Android devices signed in with a licensed user account that has:
  • A valid Microsoft Teams Rooms license, and
  • A user license that includes OneDrive (such as Microsoft 365 E3 or E5)

What will happen:

• When a Teams Rooms on Android device is signed in with a licensed user account, whiteboards started from the device will be automatically saved to that user’s OneDrive. 
• Signing in with a licensed user account is an exception scenario. For more information about assigning additional licenses to Teams Rooms devices and supported scenarios, refer to: Assigning additional licenses | Microsoft Learn.
• This prevent/fix removes the need to invite another participant or start a meeting to save the whiteboard.
• Devices signed in with a standard resource account continue to follow existing behavior, where saving requires a non‑room participant with OneDrive.

Known limitations:

• Signing in with a user account on a Teams Rooms device is an exception scenario and should be evaluated by administrators based on organizational policies and security requirements.  
• No board picker or home navigation: Microsoft Whiteboard on Teams Rooms devices does not display the signed‑in user’s existing whiteboards, preventing unauthorized browsing of stored content.
• Restricted toolbar: The whiteboard toolbar on Teams Rooms devices is optimized for shared‑device use; export vectors and advanced capabilities are disabled.
• Fail‑closed behavior: If the Teams Rooms device cannot acquire a valid sign‑in token, auto‑saving to the signed‑in user’s OneDrive is not enabled. The experience falls back to the existing behavior where the whiteboard is not saved.

[What you can do to prepare:]

• No additional configuration is required. The feature will be available automatically to Teams Rooms on Android devices signed in with eligible licensed user accounts as it rolls out.
• Do not assign OneDrive licenses to resource accounts: As documented in existing Teams Rooms guidance, resource accounts should not have OneDrive licenses.  

[Compliance considerations:]

[Introduction]

We’re introducing a new Microsoft Secure Score recommendation in Microsoft Defender for Endpoint (MDE) to help organizations assess and prepare for the transition to Secure Boot 2023 certificates. Secure Boot 2023 certificates replace older certificates (such as Windows UEFI CA 2011) that are scheduled to expire in June 2026, helping ensure devices continue to boot securely and receive future protections. This recommendation improves visibility into device readiness and helps organizations maintain a trusted and secure boot process.

[When this will happen:]

• Public Preview (Worldwide): We will begin rolling out in late April 2026 and expect to complete by early May 2026.
• General Availability (Worldwide): We will begin rolling out in early May 2026 and expect to complete by late May 2026.

[How this affects your organization:]

Who is affected:

• Admins managing Microsoft Defender for Endpoint and Microsoft Secure Score

What will happen:

• A new Secure Score recommendation will appear:
• Ensure devices are updated to Secure Boot 2023 certificates and boot manager.
• Provides visibility into device readiness for Secure Boot updates.
• Identifies devices that have not deployed:
• Windows UEFI CA 2023 certificates
• 2023-signed boot manager
• Secure Score will reflect progress toward implementing this recommendation.
• Feature is on by default and requires no configuration to appear.
• This recommendation helps track readiness for replacing expiring Secure Boot certificates (for example, Windows UEFI CA 2011).

Why this matters:

• Windows Secure Boot certificates are scheduled to expire in June 2026
• Devices not updated may not receive future protections for the early boot process
• This recommendation helps maintain a trusted and secure boot chain

[What you can do to prepare:]

• Review the new recommendation in Microsoft Secure Score once available.
• Identify devices requiring Secure Boot certificate updates.
• Follow deployment guidance to update Secure Boot certificates and boot manager: Windows Secure Boot certificate expiration and CA updates | Microsoft Support.
  
• Coordinate with infrastructure and platform teams responsible for device and firmware updates.
• Learn more about Secure Boot updates in MDE: Assess Secure Boot status with Microsoft Defender.

[Compliance considerations:]
No compliance considerations identified, review as appropriate for your organization.

[Introduction]

Action required: We are updating the Power Platform Dataflows connector in Excel Desktop to improve reliability and support future enhancements. To avoid disruption, organizations who use Power Platform Analytical Dataflows connector must update Excel Desktop to a supported build before this change rolls out, as older versions will no longer be able to connect to Power Platform Analytical Dataflows.

[When this will happen:]

• The required Excel Desktop version (Build 16.0.17932.20732 or newer) is available as of April 27, 2026 (the publication date of this post).
• Beginning May 27, 2026, the legacy backend endpoint will begin to be retired as part of a gradual rollout (there is no single hard cutover date). After this date, Excel Desktop versions earlier than Build 16.0.17932.20732 may lose connectivity to Power Platform Analytical Dataflows.

[How this affects your organization:]

Who is affected:

• Organizations using Excel Desktop to connect to Power Platform Analytical Dataflows
• Users running Excel builds earlier than 16.0.17932.20732

What will happen:

• Excel Desktop versions earlier than Build 16.0.17932.20732 will fail to connect to data from Power Platform Analytical Dataflows once the new endpoint is in use.
• Excel Desktop versions at or newer than Build 16.0.17932.20732 are not impacted.
• Retired Office versions will not receive this update and therefore will permanently lose connectivity, requiring upgrade to a supported version.
• No admin configuration changes are required beyond updating Excel.

[What you can do to prepare:]

• Update Excel Desktop across your organization to the latest available version before May 27, 2026.
• Review update compliance for devices that rely on Power Platform Analytical Dataflows connection scenarios.
• Notify users and helpdesk teams that older Excel builds will no longer be able to connect to these dataflows.
• Update internal documentation that references Excel build requirements for Power Platform Analytical Dataflows.

Note: This change is on by default and cannot be deferred per tenant. Keeping Excel updated is required to avoid disruption.

Learn more: How to update Microsoft 365 or Office for Windows | Microsoft Support

[Compliance considerations:]

Older Excel Desktop builds will no longer be able to connect to Power Platform Analytical Dataflows after the endpoint change.

[Introduction]

Microsoft 365 Copilot in Outlook can now take action directly in your inbox by generating draft emails, creating and managing rules, as well as supporting many more triage actions.

[What’s Changing]

Opening Copilot Chat in Outlook will enable Copilot to take actions in the user’s inbox default (Frontier only). Users can choose to toggle back to the chat-only Copilot experience via the “default mode” dropdown just above the prompt box.

[When will this happen]

• Frontier Public: Rollout begins April 27, 2026
• Rollout completion: Expected by April 28, 2026

Outlook may need to be restarted for the change to take effect.

[How this affects your organization]

Who is affected

• Users in M365 tenants enabled for Frontier Public with Microsoft 365 Copilot licenses

What will happen

• Users can perform supported inbox actions by prompting Copilot in chat.
• Copilot in Outlook goes beyond chat-based assistance, moving from summarizing and editing messages to actively managing your inbox. It can take on multi-step work, drafting messages, creating and managing rules and triaging emails.
• Some of these actions are already available in existing Copilot experiences.
• The new default experience expands how these capabilities can be accessed conversationally and enables additional supported triage tasks through the Copilot Chat interface.
• The feature appears as service and client updates become available; no user migration is required.

Supported clients:

• Outlook on the Web
• Classic Outlook for Windows
• Outlook for Windows
• Outlook for iOS
• Outlook for Android

Other Outlook clients are not included in this rollout.

The new default experience is not currently available to users in the EU.

[What you can do to prepare]

• No admin action is required to enable this feature for Frontier Public.
• Review Copilot and Outlook usage guidance with helpdesk and support teams.
• Consider notifying users that additional inbox actions may appear in Copilot Chat during the preview period.
• Update internal documentation if you provide guidance on Outlook or Copilot usage.

Learn more: Frontier program – Microsoft adoption

Support article.Use Microsoft 365 Copilot in Outlook to manage your inbox (Frontier) – Microsoft Support

[Compliance considerations]

1. Sign in to the Power Platform admin center as a system administrator.
2. In the navigation pane, select Manage.
3. In the Manage pane, select Environments. The Environments page appears.
4. Select the production environment where you want to turn on self-service disaster recovery.
5. Select Disaster Recovery in the command bar at the top of the page. The Disaster Recovery pane appears.
6. Select the checkbox to turn on Disaster Recovery.
7. Select Save.
8. The environment briefly displays the Edit details page.
9. The Environment details page displays that the process of turning on the feature has started.

• Visual Studio 2026 with .NET version 10.0.6 is used
• Scan Cab is used to check for update compliance
• The April 2026 Scan Cab was deployed before 10:30 AM PT on April 28, 2026

• Updated Scan Cab: Download the new Scan Cab here
• CVE-2026-40372: ASP.NET Core Elevation of Privilege Vulnerability
• .NET 10.0.7 Out-of-Band Security Update: .NET Blog
• Visual Studio 2026 release notes
• Announcing a smaller WSUS Scan Cab – Microsoft Tech Community: Learn more about WSUS and the Scan Cab process
• Using WUA to Scan for Updates Offline – Win32 apps | Microsoft Docs: Windows Update Agent (WUA) can be used to scan computers for security updates without connecting to Windows Update
• WSUS and the Catalog Site | Microsoft Docs: The Catalog Site used by WSUS to import updates and drivers