Microsoft Roadmap, messagecenter and blogs updates from 16-10-2025

Updated October 15, 2025: We have updated the rollout timelines below. Thank you for your patience.

In November 2025, we will expand the passkey (FIDO2) authentication methods policy in Microsoft Entra ID to support passkey profiles in public preview. This update will enable granular, group-based control over passkey configurations and introduce new API schema changes.

[When this will happen:]

Public Preview (Worldwide): We will begin rolling out early November 2025 and expect to complete by early December 2025.

Public Preview (GCC, GCC High, DoD): We will begin rolling out mid-November 2025 and expect to complete by mid-December 2025.

[How this will affect your organization:]

After this rollout, you’ll be able to apply different passkey configurations per user group. For example, you will be able to:

• Allow the use of specific FIDO2 security key models for user group A
• Allow the use of passkeys in Microsoft Authenticator for user group B

Important: If your organization modifies the passkey policy via the Microsoft Azure or Entra portal during preview, the new schema will take effect. If you continue using Graph API or third-party tools to modify the policy, the schema will not change until General Availability.

These new settings will be available at Microsoft 365 admin center > Home > Security > Authentication methods > Passkey (FIDO2) settings:

As part of this update in November 2025, we will start accepting any WebAuthn-compliant security key or passkey provider when Enforce attestation is disabled. This will allow a wider range of security keys and passkey providers to be accepted for registration and authentication in Microsoft Entra ID. To compare this upcoming update with the current behavior, refer to Microsoft Entra ID attestation for FIDO2 security key vendors

[What you need to do to prepare:]

This rollout will happen automatically by the specified dates with no admin action required before the rollout. You may want to review your current passkey configuration, notify your admins about this change, and update internal documentation.

Learn more about passkeys in Microsoft Entra ID: Enable passkeys for your organization – Microsoft Entra ID | Microsoft Learn (will be updated before rollout)

Effective November 1st 2025, Microsoft Teams trials in the European Economic Area (EEA) will be limited to a maximum of 31 days.

Why is this needed?

In preparation for upcoming regulatory changes and to ensure compliance with evolving global standards, Microsoft will no longer support Teams trial periods longer than 31 days in the EEA. This change aligns with our commitment to transparency and simplified licensing across Microsoft 365.

Implementation timelines

• November 1 2025: Enforcement begins—no new trials longer than 31 days in the EEA will be permitted.
• November 1–30, 2025: A phased worldwide rollout period during which existing trials exceeding 31 days will be systematically terminated.

Impact

After this change takes effect:

• All new Microsoft Teams trials in the EEA will be capped at 31 days.
• Existing trials longer than 31 days in the EEA will be terminated starting November 1st,2025.
• Customers wanting to continue using Teams beyond the trial period must transition to a paid license.

Recommended next steps

• Evaluate your current Teams trial usage and plan your transition to a paid subscription plan to avoid service disruption.
• Learn more about Microsoft Teams Video Conferencing, Meetings, Calling | Microsoft Teams

Additional resources

• Get started with Microsoft Teams – Microsoft Support
• Training for Microsoft Teams | Microsoft Learn

As of October 14, 2025, Microsoft is officially ending support for Windows 10. This means that Windows 10 devices will no longer receive security or feature updates, nor technical support from Microsoft. While these devices will continue to operate, the lack of regular security updates increases their vulnerability to cyber threats. 

Microsoft Defender will continue to provide detection and protection capabilities to the extent possible on Windows 10 and other legacy systems. Keep in mind that security solutions on legacy systems are inherently less secure and may not be able to receive all new features, so please review the important actions you can take.

Actions you can take:

• Upgrade to Windows 11: This is the best way to ensure your endpoints remain protected and compliant. Devices running Windows 10 will be more vulnerable, even with ongoing security intelligence updates (SIUs).
• Extended security update (ESU) program: If upgrading isn’t immediately possible, Microsoft offers ESU for Windows 10. ESU provides critical and important security updates but does not include new features or technical support.

For further guidance, connect with your Microsoft account team or check out these resources:

• End of support for Windows 10, Windows 8.1, and Windows 7 | Microsoft Windows
• How to prepare for Windows 10 end of support by moving to Windows 11 today | Windows Experience Blog

[Compliance considerations:]

Review compliance considerations as appropriate for your organization.

• Improved processing time: Filtering out unnecessary data like old or obsolete rows can reduce the time required to process the data. Filtering out a significant percentage of unwanted rows can substantially improve performance.
• Simplified data configuration: Removing unwanted data at the source eliminates the need to create rules in multiple locations to avoid incorporating the unwanted data. Unification, segments, measures, activities, and predictive insights will use the filtered source data.
• Improved data quality: Removing old or obsolete data at the source prevents it from being accidentally included in your results, such as when a new team member creates a segment that includes obsolete data.

• The deployment guide, new registry keys, and WinCS are available today. 
• The 2023 Secure Boot CAs are rolling out gradually as part of Windows monthly updates starting with the October 2025 security update. 
• Additional tools will be available soon. 
• The 2011 CAs start expiring beginning in June 2026. 

• Find the deployment playbook in the updated Secure Boot certificate updates: Guidance for IT professionals and organizations.  
• Learn how to use new registry keys to monitor, deploy, and troubleshoot Secure Boot CAs. 
• Learn how to use new Windows Configuration System (WinCS) APIs to deploy Secure Boot CAs. 
• Learn how to use Windows Event Log to monitor Secure Boot CA updates.  
• Bookmark Windows Secure Boot certificate expiration and CA updates as the landing page to the most up-to-date information.

• Get-EnvironmentRegion: Retrieves the region of the specified Power Platform environment
• Get-EnvironmentUsage: Provides information about the usage of the specified Power Platform environment
• Test-DnsResolution: Tests the DNS resolution for the specified domain name
• Test-NetworkConnectivity: Tests the network connectivity between the Power Platform environment and the specified virtual network

• Assign Open Case/Chat: Supervisors can assign open cases or chats to available agents.
• Transfer Active Case/Chat: Supervisors can transfer active cases or chats to another agent.
• Reassign Case/Chat to Another Queue: Supervisors can reassign cases or chats to different queues.
• Release Case to Queue: Supervisors can release cases back to the queue, making them available for reassignment.