Microsoft Roadmap, messagecenter and blogs updates from 12-06-2026

Updated June 10, 2026: We have updated the timeline. Thank you for your patience.

We’re making some changes to Exchange Web Services (EWS).

Starting October 1, 2026 (previously June 30), we will start to block EWS access for all mailboxes without license rights to EWS. This is another step in our ongoing commitment to enhance the security and control mechanisms of EWS.

[How this will affect your organization:]

The impacted licenses are:

• Exchange Online Kiosk
• Microsoft 365 and Office 365 F1
• Microsoft 365 and Office 365 F3

As stated in the Service Descriptions, these licenses do not provide access to mailboxes via EWS, but these restrictions were never enforced. With this change, EWS access for users with only these license types will be blocked.

[What you need to do to prepare:]

If you wish these users to continue to use EWS, and your users are licensed with one of these noted above, you’ll need to assign a new license, one containing EWS access rights. For example, you could assign an Exchange Online Plan 1 or 2 license, or a Microsoft 365 or Office 365 E3 or E5 license.

Starting October 1, 2026 (previously June 30), requests to use EWS without a suitable license will result in a HTTP 403 response.

Learn more: Update to EWS Access for Kiosk / Frontline Worker Licensed Users 

Updated June 10, 2026: We have updated the content. Thank you for your patience. 

[What’s changing]

In Outlook, Exchange Online users who receive their AutoComplete suggested recipients from the Microsoft Search service can hide a suggested recipient while addressing an email. For example, selecting the X next to a name in the To/Cc/Bcc suggestions list. This behavior is commonly referred to as “Contact Masking”.

We are retiring this feature for users. This does not impact admin controls for contacts.

Accounts added to classic Outlook for Windows via POP/IMAP or who are hosting their mailboxes on Exchange On-Premises still use the AutoComplete list for Outlook and will not be impacted by this change. Users can still remove entries from their autocomplete history (for example, suggestions based on past emails they typed). Contacts are not being added, deleted, or modified as part of this change. Email delivery and addressing continue to work as before.

[When this will happen]

Contact masking will reach end of support on March 31, 2026.

[How this affects your organization]

Who is affected

• All Outlook users (Desktop, Web, Mobile) with Exchange Online mailboxes who previously hid suggested recipients

[Why we’re making this change]

This feature has been a recurring source of customer confusion and escalations, because contacts can be accidentally hidden for one user but not others.

While the impact is felt across Microsoft 365 experiences (not just Outlook). It also isn’t managed as a contact entity setting, which creates transparency and compliance challenges.

[What will change in user experience]

• Previously hidden (masked) suggested recipients may reappear in: 
  • Addressing (To/Cc/Bcc suggestions)
  • People suggestions
  • Search

• No new feature will replace contact masking for users.
• The retirement resolves inconsistent cross‑app behavior, as masking previously applied beyond Outlook even though it was not a suite‑level contact setting.

[Is Admin Action Required?]

No action is required for this retirement. You may choose to:

• Inform users that any previously hidden suggestions may reappear after March 31, 2026.
• Update internal training or helpdesk materials if they reference contact masking.
• Review related admin controls that remain available for managing visibility and segmentation:
  • Address Book Policies (ABPs): Address book policies in Exchange Online | Address Books | Exchange Online | Microsoft Learn
  • Microsoft Purview Information Barriers: Learn about Information Barriers | Microsoft Purview | Microsoft Learn
  • Hide recipients from Global Address List / GAL (HiddenFromAddressListsEnabled): Hide recipients from address lists – Manage address lists in Exchange Online | Address list procedures | Microsoft Learn

Learn more about the retiring feature: (RETIRING March 31, 2006) Manage suggested recipients in the To, Cc, and Bcc fields in Outlook | Microsoft Support

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization guidance to users on user level features.

Updated June 11, 2026: We have updated this post as a reminder. We’re ready to begin the General Availability (GA) rollout of the new SharePoint experience on June 15, with deployment continuing over the subsequent weeks. Based on feedback from users in the preview program, we are simplifying item-keeping experiences across SharePoint and aligning on a single Favorites gesture that is consistent with the rest of Microsoft 365.

As part of this change:

• Followed Sites will become Favorite Sites.
• Saved for Later for pages and news posts will become Favorites.

This is a naming and experience update that will be reflected across all SharePoint surfaces where these experiences appear, providing a more consistent and streamlined experience for users across Microsoft 365. Existing followed sites and saved content will be preserved and automatically transition to the Favorites experience.

Additionally, as previously communicated, we are retiring Featured Links and encouraging customers to use modern alternatives such as Global Navigation, which can be configured to surface important organizational resources and destinations.

[Introduction]

We are introducing a new SharePoint experience that includes a redesigned SharePoint app bar, a refreshed SharePoint start page for finding sites, content, and news, and support for AI-assisted creation, management, and discovery features. The new experience applies to all SharePoint users. Some capabilities in this experience use AI. Access to those capabilities requires a Microsoft 365 Copilot license.

This message is associated with Microsoft 365 Roadmap ID 547732.

Before the new experience rolls out broadly, it will be available as a public preview. During the preview period, administrators can enable the experience for their tenant to evaluate the changes and prepare users. When enabled during preview, the experience applies to all users in the tenant. Users may opt out of the new experience during the preview period.

When the public preview ends, Targeted Release rollout will begin, followed by General Availability (GA). Starting with Targeted Release, the new SharePoint experience will automatically apply to all tenants and users. Any tenant-level preview settings or individual user opt-outs from the preview period will be overridden, and no controls will remain. We recommend customers try the experience ahead of TR to be better prepared.

[When this will happen]

• Public Preview: Rolling out in early March 2026; expected completion by late April 2026.
• Targeted Release: Rolling out in early May 2026 (previously late April); expected completion by mid-May 2026 (previously June).
• General Availability (Worldwide, GCC, GCC High, DoD): Rolling out in mid-June 2026 (previously early May); expected completion by mid-July 2026 (previously end of July).

[How this affects your organization]

Who is affected

• All SharePoint users
• Users with a Microsoft 365 Copilot license will have access to AI capabilities included in this experience.
  

What will happen

When the new experience is enabled—either during preview or as part of the Targeted Release and General Availability (GA) rollout—users will see an updated SharePoint app bar that introduces entry points for discovering content, publishing communications, and building SharePoint solutions.

The updated app bar includes:

Discover

A refreshed start experience to find relevant sites, content, and news.

Publish 

A unified publishing hub that brings together pages, news, and campaign-style communications powered by Amplify.

Build 

A centralized place where makers can create and manage SharePoint sites, lists, libraries, and AI-powered agents from a single surface.

The app bar will also include:

• OneDrive – Provides quick access to files.
• Home – Appears when a Home site with global navigation is configured in the tenant.

Additional updates include:

• Updated page, news, library, and list experiences with improved content visibility
• Neutral theming applied across SharePoint product surfaces (site-level branding remains unchanged)

[What you can do to prepare]

If you plan to enable the preview experience:

• Enable the setting in the SharePoint admin center: Settings → SharePoint → New SharePoint Experience
• Review documentation: Enable the new SharePoint experience (preview) | SharePoint in Microsoft 365 | SharePoint | Microsoft Learn
• Review changes to the SharePoint navigation experience, including the new app bar: SharePoint App Bar
• Communicate expected UI changes to helpdesk teams and users before enabling the preview.
• Update internal documentation that references SharePoint navigation or app bar elements.

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

Updated June 10, 2026: We have updated the timeline. Thank you for your patience.  

Introduction

We are introducing a new PowerShell control that allows administrators to manage Teams Meeting Recording (TMR) expiration and deletion notification emails across the tenant. This update is based on customer feedback indicating a strong preference to continue receiving notifications while also requesting an option to disable them. This change provides greater administrative control while maintaining the default experience that helps users stay informed

When this will happen

• Commercial clouds: Rollout began May 29, 2026; completed June 2, 2026
• Sovereign clouds (GCC, GCC High, DoD): Available now.

How this affects your organization

Who is affected:

• SharePoint Administrators and Global Administrators managing Teams Meeting Recordings

Platforms/Services:

• Microsoft Teams
• SharePoint Online
• PowerShell (SharePoint Online Management Shell)

What will happen:

• A new PowerShell setting is available to control notification emails for Teams meeting recording expiration and deletion
• Notifications remain enabled by default; no action is required to maintain the current behavior.
• Admins can disable notifications tenant-wide using a PowerShell cmdlet.
• There is no impact to recording expiration or deletion behavior—only the notification emails are affected.
• This setting applies at the tenant level only; per-user configuration is not supported.

Action Required / Recommendations

• No action is required if you want to continue receiving Teams meeting recording notification emails

If you prefer to disable notifications, follow these steps:

• Ensure you are using the latest version of the SharePoint Online Management Shell:
  • Download from the SharePoint Online Management Shell page
• Note that:
  • The installer is Windows-only
  • For non-Windows environments, use a Windows VM or Azure Virtual Desktop
• Verify you have required permissions:
  • SharePoint Administrator or Global Administrator
• Review and update internal documentation if you reference recording notifications
• Inform helpdesk/support teams about this new control option

To disable notifications:

Connect-SPOService -Url https://-admin.sharepoint.com

Set-SPOTenant -DisableTeamsMeetingRecordingDeletedNotification $true

To verify the setting:

Get-SPOTenant | Format-List *Recording*

(Get-SPOTenant).DisableTeamsMeetingRecordingDeletedNotification

To re-enable notifications:

Set-SPOTenant -DisableTeamsMeetingRecordingDeletedNotification $false

Updated June 10, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

Microsoft Teams is introducing two new system chat sections called Muted chats and Meeting chats. These sections allow users to organize their chat and channels list by grouping muted conversations and meeting chats into dedicated sections that users can turn on or off.

This message is associated with Microsoft 365 Roadmap ID 559605.

[When this will happen]

• General Availability (Worldwide, GCC, GCC High, DoD): Rollout begins in early May 2026 and is expected to complete by late June 2026 (previously end of May).

[How this affects your organization]

Who is affected

• All Microsoft Teams users in Microsoft 365 tenants, including Worldwide, GCC, GCC High, and DoD

What will happen

Users may see up to two new system sections in their Teams chat and channels list:

• Muted chats section
  • Enabled by default.
  • Muted chats that are not in Favorites or user‑created sections automatically move to this section.
  • The section appears at the bottom of the chat list.
  • Unread chats continue to appear bold.
• Meeting chats section
  • Disabled by default.
  • When enabled by the user, meeting chats that are not in Favorites or user‑created sections automatically move to this section.
  • The section appears below the main chats list.
  • Unread chats continue to appear bold and contribute to badge counts.
• Chats in Favorites or user‑created sections are not moved.
• Users can drag and drop these sections to reorder them.
• There are no admin controls for these sections.

[What you can do to prepare]

No admin action is required.

You may want to:

• Inform users that new chat sections are available and that they can turn them on or off.
• Notify helpdesk staff that muted chats may appear in a separate section by default.
• Direct users to Settings > Chats and channels to manage these sections.

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

Updated June 11, 2026: We have updated the timeline. Thank you for your patience. 

[What and Why:]

Microsoft Purview Data Loss Prevention (DLP) policy updates will now sync significantly faster across Microsoft 365 services. The policy sync service-level agreement (SLA) is being reduced from up to 2 hours to 30 minutes, helping security and compliance teams enforce protections more quickly after making policy changes. This improvement supports enterprise-ready security and compliance without adding administrative overhead.

This message is associated with Microsoft 365 Roadmap ID 558682.

[Rollout Schedule:]

General Availability (Worldwide): Rollout begins in mid-July 2026 (previously late May).

[Impact on Your Organization:]

• Who is affected: Microsoft 365 administrators managing Microsoft Purview Data Loss Prevention (DLP) policies.
• Platforms / Services: Microsoft Purview and Microsoft 365 services where DLP policies are enforced.
• What will happen:
  • DLP policy updates will sync within 30 minutes instead of up to 2 hours.
  • Policy enforcement across supported services will occur more quickly.
  • The improvement is enabled by default.
  • No changes to existing admin workflows are required.

[Action Required / Recommendations:]

• No action required.
• This change is applied automatically. Your organization will begin benefiting from faster policy sync times as the update rolls out.
• Optionally, inform security and compliance teams that DLP changes will take effect more quickly to support faster response expectations.

[Compliance considerations:]

This change improves the timing of DLP policy enforcement but does not change policy behavior, data processing, or data storage.

Updated June 10, 2026: We have updated the timeline. Thank you for your patience. 

[What and Why:]

Beginning in June 2026, Microsoft 365 Copilot will be able to answer user questions using Power BI reports and semantic models for customers enrolled in Frontier. Copilot will ground responses in Power BI data, including scenarios where users share a specific report and scenarios where Copilot finds the right report automatically. The experience is built to work within existing security and permission models.

[Rollout Schedule:]

Starting early June 2026, data answering capabilities grounded in Power BI content will be available in Frontier tenants:

• Frontier Private: Jun 15, 2026 (applied to TAP, TAP Subset, and AIX00)
  
• Frontier Public (Entra): Jun 18, 2026

[Impact on Your Organization:]

• Who is affected: Organizations using Microsoft 365 Copilot and Power BI that are enrolled in Frontier
• Platforms/Services: Microsoft 365 Copilot, Power BI, Microsoft Fabric
• Licensing requirements:
  • Microsoft 365 Copilot (Premium) license is required to use this feature.
  • Use of Fabric content, including Power BI reports, will be subject to the usual Power BI licensing to view content in the service.
  • Users are not required to have access to Fabric Copilot. 
• What will happen:
  • Users can ask Copilot questions grounded in Power BI reports and semantic models.
  • Responses respect existing Power BI and Microsoft 365 permissions.
  • The feature is enabled by default. Admins can disable the feature through the Microsoft 365 admin center.
  • To generate responses, Microsoft 365 Copilot will search and retrieve data stored in Fabric, which means user query data from Microsoft 365 Copilot will be shared with Fabric. Fabric operates separately from Microsoft 365 Copilot and is subject to different commitments. Data processed in Fabric is subject to Fabric’s Product Terms. 

Screenshot: Before and after improvement in Copilot responses with Power BI data grounding:

• No action is required.
• Admins can disable the feature in the Microsoft 365 admin center. At the time of release, this control will be available on the Copilot settings page under the setting Fabric data in Microsoft 365 Copilot.  

[Compliance considerations:]

We've released updates to the following update channel for Microsoft 365 Apps:

• Current Channel

[When this will happen:]

We'll be gradually rolling out this update of Microsoft 365 Apps to users on that update channel starting June 11th, 2026 (PST).

[How this will affect your organization:]

If your Microsoft 365 Apps clients are configured to automatically update from the Office Content Delivery Network (CDN), then no action is required.

If you manage updates directly you can now download this latest update and begin deployment.

[What you need to do to prepare:]

To get more details about this update view the following release notes:

• Current Channel

We've released updates to the following update channel for Microsoft 365 Apps:

• Monthly Enterprise Channel

[When this will happen:]

We'll be gradually rolling out this update of Microsoft 365 Apps to users on that update channel starting June 11th, 2026 (PST).

[How this will affect your organization:]

If your Microsoft 365 Apps clients are configured to automatically update from the Office Content Delivery Network (CDN), then no action is required.

If you manage updates directly you can now download this latest update and begin deployment.

[What you need to do to prepare:]

To get more details about this update view the following release notes:

• Monthly Enterprise Channel

[What and Why:]

Microsoft Teams Rooms on Windows will now support human interpreter listening mode, enabling participants in meeting rooms to listen to live, professional language interpretation without interrupting the speaker’s delivery. This enhancement improves meeting accessibility and inclusivity, helping global teams collaborate more effectively across languages while maintaining a seamless, real-time meeting experience.

This feature is available with Teams Rooms Pro and aligns with Microsoft’s commitment to personal and team productivity by enabling multilingual collaboration in shared meeting spaces.

This message is associated with Microsoft 365 Roadmap ID 562050.

[Rollout Schedule:]

• General Availability (Worldwide, GCC): Rollout begins in early July 2026 and completes by mid-July 2026.
• General Availability (GCC High, DoD): Rollout begins in mid-July 2026 and completes by mid-August 2026.

[Impact on Your Organization:]

Who is affected: Organizations using Teams Rooms on Windows with Teams Rooms Pro licenses.

Platforms/Services: Teams Rooms on Windows, Microsoft Teams

What will happen:

• Teams Rooms participants can select and listen to a chosen interpretation language during meetings where interpretation is enabled.
• A prompt will appear on the room console when interpretation is available
• Participants can:
  • Choose an interpretation language or remain on original audio.
  • Change the interpretation language during the meeting via the More menu.
• Audio output will switch to the selected interpreter channel after confirmation.
• This release supports listener capabilities only:
  • Interpreter assignment and configuration remain on the Teams desktop client.
• The feature is available only when enabled by the meeting organizer (not on by default for all meetings).

[Action Required / Recommendations:]

No admin action is required.

To prepare and ensure awareness:

• Communicate this capability to meeting organizers and room users.
• Advise organizers to:
  • Enable language interpretation in Meeting options.
  • Assign interpreters in advance.
• Update internal documentation if you provide Teams Rooms guidance.
• Review Teams Rooms Pro licensing to ensure eligibility.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

[What and Why:]

We are introducing Full Workload Backup for Microsoft 365 Backup, a new capability that allows admins to quickly protect an entire workload (SharePoint, OneDrive, or Exchange) with a single policy. This feature automatically includes all existing and newly created artifacts that are not already covered by custom policies, helping organizations improve data protection coverage, reduce administrative overhead, and ensure continuous backup for critical business data at scale.

This enhancement supports enterprise-ready data protection and automation, enabling organizations to safeguard content more efficiently while maintaining control through existing policy configurations.

This message is associated with Microsoft 365 Roadmap ID 464990.

[Rollout Schedule:]

• Public Preview (Worldwide): We will begin rolling out in early July 2026 and expect to complete by mid-July 2026.
• General Availability: We will begin rolling out in mid-September 2026 and expect to complete by mid-October 2026.

[Impact on Your Organization:]

Who is affected:

• Admins managing Microsoft 365 Backup policies
• Organizations currently using or planning to use Microsoft 365 Backup

Platforms/Services:

• Microsoft 365 Backup
• SharePoint Online
• OneDrive
• Exchange Online

What will happen:

• A new option to back up all artifacts within a selected workload will be available.
• Admins can enable Full Workload Backup per workload (SharePoint, OneDrive, Exchange).
• All eligible artifacts not covered by existing custom backup policies will be automatically protected.
• Newly created artifacts will be included in backup coverage automatically on subsequent runs.
• Existing custom backup policies will continue to take precedence and remain unchanged.
• Admins can upload a CSV file to exclude specific artifacts.
• The feature is available by default but requires admin configuration to enable.

[Action Required/Recommendations:]

No immediate action is required before rollout.

After rollout, we recommend that you:

• Review your current Microsoft 365 Backup policies and coverage.
• Evaluate whether Full Workload Backup aligns with your data protection strategy.
• Inform backup administrators about this new capability.
• Update internal documentation if you manage backup procedures.

To enable the feature:

1. Go to the Microsoft 365 Backup dashboard in the Microsoft 365 admin center. 
2. Select the workload you want to protect and choose the option to back up all artifacts. 
3. (Optional) Upload a CSV file on the Exclude sites step to exclude specific sites from the scope of the policy. 
4. Review the coverage summary and confirm to create the Full Workload Backup policy. 

Learn more:

• Create, view, and edit backup policies in Microsoft 365 Backup | Microsoft Learn (will be updated before rollout begins) 
• Overview of Microsoft 365 Backup | Microsoft Learn (will be updated before rollout begins)

[Compliance considerations:]

[What and Why:]

Starting with Microsoft Edge 152 (Stable on August 27), Edge will move to a 2-week release cycle. This change enables faster delivery of security updates and platform improvements, while reducing the size and complexity of individual updates. For organizations, this means more predictable validation cycles with smaller, more frequent changes. For organizations that prefer a more deliberate pace, Extended Stable remains unchanged in timing. 

[Rollout Schedule:]

• General Availability (Worldwide):  We will begin rolling out in late August 2026 and expect to complete by late August 2026.
• First release under the new cadence: Edge 152 (August 27, 2026)

[Impact on Your Organization:]

Who is affected: Organizations using Microsoft Edge Stable channels

Platforms/Services: Microsoft Edge (Windows, macOS, Linux, mobile)

What will happen:

• The Stable channel (the default release channel for most organizations, delivering new features and fixes regularly) will move from a 4-week to a 2-week release cycle.
• Each release will contain smaller feature updates and faster delivery of security and platform fixes.
• The Extended Stable channel (an optional channel designed for organizations that need more time to validate updates) will continue to update every 8 weeks.
• Extended Stable updates will be published every fourth release (for example, versions 156, 160, 164).
• There’s no change to existing admin policies or management tools.
• Updates continue to deploy automatically based on your configured update settings.

Screenshot: Edge Stable updates every 2 weeks, with Extended Stable on an 8‑week cycle for slower change:

[Action Required/Recommendations:]

No action is required to receive this update.

We recommend:

• If using Stable channel: prepare for more frequent updates and adjust validation cadence
• If using Extended Stable channel: no changes required
• Establish a pilot group on the Beta channel for early testing
• Update internal documentation or helpdesk guidance

Learn more: Faster updates, enterprise-friendly schedule: the new Microsoft Edge release cycle | Microsoft Edge Blog

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

[What and Why]

We are introducing a new governance experience in the Teams admin center that enables admins to manage built-in Teams agents in a dedicated, centralized location. These built-in agents, including Channel Agent, Facilitator and Copilot Agent in Teams are integrated directly into core Teams experiences and do not require installation from the app store.

This update improves administrative clarity and control by separating governance for built-in agents from traditional apps and bringing them into a single, dedicated management surface. This enables more precise policy management and supports enterprise-ready AI governance at scale.

This message is associated with Microsoft 365 Roadmap ID 564766.

[Rollout Schedule]

• General Availability (Worldwide, GCC): Early July 2026 through mid-July 2026

[Impact on Your Organization]

Who is affected

• Microsoft 365 tenant admins managing Teams apps and experiences

Platforms/Services

• Teams admin center (web)
• Microsoft Teams

What will happen

• A new admin experience will be available at: Teams admin center > Teams apps > Built-in Teams agents

   

• Built-in agents will be managed separately from traditional apps and agents.
• Admins will be able to:
  • Allow or block individual built-in agents
  • Assign access to specific users or groups
  • Configure agent-specific settings
• Built-in Teams agents will no longer be governed by the Org-wide app setting for Microsoft apps.
• Existing agent-level configurations will remain unchanged after rollout.
• The feature will be available by default as part of the updated admin experience.

[Action Required / Recommendations]

No action is required before rollout.

We recommend that you:

• Review your current org-wide app settings for Microsoft apps, as they will no longer apply to built-in Teams agents.
• Review and update agent-level permissions and configurations as needed in the new admin experience.
• Inform your admins and helpdesk teams about the new management surface and controls in the Teams admin center.
• Update internal documentation that references Teams app governance.

Learn more:

• Facilitator in Microsoft Teams meetings | Microsoft Support
• Get started with Channel Agent for Teams channels | Microsoft Support
• How to use Microsoft 365 Copilot in Teams group chats | Microsoft Support

[Compliance considerations]

[What and Why:]

Admins can now scope which users and groups have their activities audited when Just-in-time protection is enabled in Microsoft Purview Endpoint Data Loss Prevention.

Previously, when Just-in-time protection was turned on, user activities were logged automatically for users who were not targeted by policies. With this update, audit logging must be explicitly configured so that only users or groups included in the audit scope have their activities logged. This change gives organizations greater control over audit signal collection and helps reduce unnecessary audit noise.

This message is associated with Microsoft 365 Roadmap ID 562991.

[Rollout Schedule:]

Global: We will begin rolling out in early July 2026 and expect to complete by early July 2026.

[Impact on Your Organization:]

Who is affected: Admins managing Microsoft Purview Endpoint Data Loss Prevention and Just-in-time protection settings.

Platforms/Services:

• Microsoft Purview
• Endpoint Data Loss Prevention
• Activity explorer.

What will happen:

• Just-in-time audit behavior is now managed through the Audit covered user activities setting under Settings > Data loss prevention > Just-in-time protection. Under the Devices tab, turn on Audit covered user activities.

Screenshot: Just-in-time protection settings with Audit covered user activities turned on:



• Users included in audit scope will not see enforcement actions, and their activities will be recorded in Activity explorer.
• Users included in block scope will be prevented from completing actions while files are evaluated for sensitive information. Their activities are recorded in Activity explorer.
• Users not included in audit or block scope will not have activities covered by Just-in-time protection recorded.
• Audited activities include printing, transfers to removable media or network shares, copying or moving files using Remote Desktop Protocol or an unapproved Bluetooth app, and uploading files to a restricted cloud service domain.

[Action Required / Recommendations:]

• Deploy anti-malware client version 4.18.26060 or later before enabling this feature.
• Review your existing Just-in-time configuration to identify users currently generating audit events.
• Explicitly add all users or groups that should continue generating Just-in-time audit events to the audit scope.
• Validate your configuration to ensure expected activities appear in Activity explorer.

Learn more: Get started with Microsoft Purview Data Loss Prevention just-in-time protection | Microsoft Learn

[Compliance considerations:]

[What and Why]

Microsoft Defender for Office 365 is introducing localization support for the default “Mark and notify” email template used in admin review and automated notification flows for user-reported messages.

This update ensures that users receive notification emails in their preferred language based on their Outlook settings, improving clarity and understanding of review outcomes. This helps improve engagement and supports stronger security practices.

This message is associated with Microsoft 365 Roadmap ID 557558.

[Rollout Schedule]

General Availability

• Worldwide: Rollout begins in June 2026 and is expected to complete by late July 2026.
• GCC, GCC High, DoD: Rollout begins in mid-July 2026 and is expected to complete by late July 2026.

[Impact on Your Organization]

Who is affected

• Organizations using Microsoft Defender for Office 365
• Admins and users participating in user-reported message workflows
• Applies only when the default notification template is used

Platforms/Services

• Microsoft Defender for Office 365
• Microsoft 365 Defender portal (web)
• Exchange Online

What will happen

• Default “Mark and notify” email templates will be localized.
• Notifications will be delivered in the user’s preferred language based on Outlook settings.
• Feature is enabled by default when auto-notification is turned on.
• Notifications will have consistent formatting and messaging across supported languages.
• No changes to message verdicts or classification logic.
• No changes to automated investigation behavior.
• No changes to custom notification templates configured by admins in the user reported settings page.

Screenshot 1 – Before localization view: 

Screenshot 1 – Localized template view:

[Action Required/Recommendations]

No action is required.

You may consider the following:

• Inform users that notification emails may now appear in their preferred language.
• Review notification settings in Microsoft Defender: Settings > Email and collaboration > User reported settings.
• Update internal documentation or helpdesk guidance if this workflow is documented.

Learn more: Notify users about admin submitted messages to Microsoft – Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft | Microsoft Defender for Office 365 | Microsoft Defender | Microsoft Learn

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.

[What and Why]

Microsoft Purview Insider Risk Management is introducing a policy recommendation panel to help administrators identify gaps in insider risk coverage and strengthen protections. While policies provide protection against insider risks, organizations may not always have visibility into missing or high-value configurations. This enhancement provides guidance on which policies are missing or offer the most incremental value, using analytics to generate actionable recommendations that improve coverage across scenarios such as data leakage, data theft, risky AI usage, IP theft, and security violations.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent risks. It enables organizations to define policies based on their governance needs and is built with privacy by design, including pseudonymization by default, role-based access controls, and audit logging to help protect user privacy.

This message is associated with Microsoft 365 Roadmap ID 560600.

[Rollout Schedule]

• Public Preview: Rolling out from mid-June 2026 through late June 2026
• General Availability (Worldwide): Rolling out mid-July 2026 and expected to complete by late July 2026

[Impact on Your Organization]

Who is affected

• Microsoft Purview Insider Risk Management administrators
• Organizations using Insider Risk Management policies

Platforms/Services

• Microsoft Purview Insider Risk Management (web experience)

What will happen

• A new Policy Recommendation panel will be available on the Policies page.
• The panel will analyze existing policies and identify potential gaps in coverage.
• Administrators will receive recommendations to create policies addressing risks such as data leakage, data theft, and risky AI usage.
• The feature is enabled by default and available automatically as part of the rollout.
• Existing policies and configurations remain unchanged.
• There is no impact to user workflows.

[Action Required/Recommendations]

No action is required.

Recommended actions:

• Review recommendations in the Policy Recommendation panel.
• Evaluate suggested policies to improve insider risk coverage.
• Update internal governance or risk management processes as needed.
• Communicate this enhancement to security and compliance teams.

[Compliance considerations]

[What and Why]

Microsoft Purview Data Loss Prevention (DLP) is introducing new capabilities to detect and act on classification failures such as timeout, throttling, and scan errors. This update helps administrators surface previously undetected failures and apply appropriate protection, improving visibility and strengthening compliance outcomes across Exchange Online.

This message is associated with Microsoft 365 Roadmap ID 561916.

[Rollout Schedule]

• Public Preview: Rollout begins in mid-June 2026 and is expected to complete by early July 2026.
• General Availability (Worldwide): Rollout begins in mid-August 2026 and is expected to complete by late August 2026.

[Impact on Your Organization]

Who is affected

• Admins managing Microsoft Purview DLP policies in Exchange Online

Platforms/Services:

• Exchange Online
• Microsoft Purview Data Loss Prevention

What will happen

• The feature is turned off by default and requires explicit tenant-level opt-in.
• There is no change to existing behavior or user experience unless you enable the feature.
• Existing DLP conditions will expand to detect additional classification failure scenarios after opt-in is enabled.
• New classification failure categories include:
  • timeout
  • throttling
  • other scan errors.
• A new condition called DocumentScanFailures allows targeting specific failure types and must be used with existing scan conditions.
• You may see an increase in DLP alerts and rule matches after enabling the feature. This reflects previously undetected classification failures and does not indicate new issues.

Updated condition behavior

• Document couldn’t be scanned will detect:
  • Text extraction failures
  • Classification failures such as timeout, throttling, and other scan errors after opt-in
• Document didn’t complete scanning will detect:
  • Partial text extraction
  • Partial classification failures where some classifiers succeed and others fail

New condition

• DocumentScanFailures enables detection of specific failure types including timeout, throttled, and other errors.
• Must be used with either Document couldn’t be scanned or Document didn’t complete scanning.
• Cannot be used as a standalone condition.

[Action Required and Recommendations]

To prepare for this update:

• Review existing DLP policies that use these conditions:
  • Document couldn’t be scanned
  • Document didn’t complete scanning
• Plan when to enable the tenant-level opt-in based on your readiness.
• Enable the feature using PowerShell:
  • Connect using Connect-IPPSSession.
  • Run the following commands:

$json = ‘{“Classification”:{“State”:1}}’

Set-PolicyConfig -DlpErrorHandlingConfig $json

• Allow up to one hour for the configuration to take effect.
• Configure rule priority to ensure proper evaluation:
  • Place content-based rules above scan failure rules.
  • Scan failure conditions only evaluate classifiers that have already run.

Example rule order:

• Detect credit card numbers
  • Condition: Content contains credit card number
  • Action: Block
• Detect account numbers
  • Condition: Content contains account number
  • Action: Block
• Detect exact data match
  • Condition: Content contains EDM sensitive information type
  • Action: Block
• Catch full scan timeout failures
  • Condition: Document couldn’t be scanned and DocumentScanFailures set to timeout
  • Action: Audit
• Catch partial scan throttling
  • Condition: Document didn’t complete scanning and DocumentScanFailures set to throttled
  • Action: Audit
• Catch other scan errors
  • Condition: Document couldn’t be scanned and DocumentScanFailures set to other
  • Action: Audit
• Monitor results using Activity Explorer and DLP alerts to understand classification failure patterns.
• Communicate this change to security and compliance teams.
• You can disable the opt-in setting to return to previous behavior if needed.

[Compliance considerations]

We've released updates to the following update channel for Microsoft 365 Apps:

• Semi-Annual Enterprise Channel

[When this will happen:]

We'll be gradually rolling out this update of Microsoft 365 Apps to users on that update channel starting June 11th, 2026 (PST).

[How this will affect your organization:]

If your Microsoft 365 Apps clients are configured to automatically update from the Office Content Delivery Network (CDN), then no action is required.

If you manage updates directly you can now download this latest update and begin deployment.

[What you need to do to prepare:]

To get more details about this update view the following release notes:

• Semi-Annual Enterprise Channel