Free Copilot ShortCut

Microsoft Roadmap, messagecenter and blogs updates from 18-11-2025

Leave a Comment / By /

het nieuws van Microsoft message center roadmap en blogs - KbWorks - SharePoint and Teams Specialist

18-November-2025 Below you will find a collection of news published yesterday. This news consists of Microsoft’s Roadmap when it is updated it will be below with items. Then there will be a section with the message center, if there is anything new there, this will be automatically included. And it contains a piece from blogs that I follow myself and would like to share with you. If I miss something in the blogs that do have an RSS feed, please let me know.

This entire post was automated via Microsoft Flow
have fun reading!

The blogs of this day are:

Flight School: Mastering Copilot for IT Prosvan nogintevullen
Self-Service Account Recovery with Identity Verification in Entra IDvan nogintevullen
Copilot’s Temporary Chatvan @12Knocksinna
How to Start a Voice chat in Copilot Chat ?van nogintevullen
Get ready for Microsoft Ignite 2025van CarinaMClaesson
How to Share a Copilot Notebook with others users ?van nogintevullen
Microsoft 365 – Customize Outlook with Themes by Copilot!van @jcgm1978
CIA Brief 20251115van nogintevullen
Microsoft 365 Pulse Roadmap webcast – Episode 267van @duffbert
Content Strategy: The 5 Metrics That Actually Mattervan @buckleyplanet
New SharePoint document library user experience overview 2025van nogintevullen
How to Collect Files in Document Library Using Microsoft Forms van nogintevullen
Monitoring Azure Access Elevation in Entra IDvan 
Find Your Tenant’s Hidden Flaws in Minutesvan 
Real-time voice interactions come to Copilot podcastsvan nogintevullen
Understanding the OneDrive Icon on Your Desktopvan nogintevullen
The AI Show 15/11/2025 📱van nogintevullen
The AI Show 15/11/2025van nogintevullen
Entra 🆔 News #123 → This week in Microsoft Entravan nogintevullen
Copilot :How to create an Agent in OneDrive ?van nogintevullen
AI Companionship, and What It Cannot Replacevan @buckleyplanet
Need to Know podcast–Episode 355van nogintevullen

Office 365 Roadmap Updated: 2025-11-18

Additions : 2
Updates : 4

More Details At: www.roadmapwatch.com


New FeaturesCurrent Status
Excel: Python in ExcelIn Development
Outlook: Enriching profile cards with custom, organization-specific propertiesIn Development
 
Updated FeaturesCurrent StatusUpdate Type
Microsoft Defender for Office 365: ZAP Teams protection capabilities to Defender for Office Plan 1In DevelopmentStatus, Title, Description
Microsoft Copilot (Microsoft 365): Agent Mode in Word for Enhanced document editingRolling OutStatus
Microsoft Viva: Multilingual Support in Copilot for Viva GlintLaunchedStatus
Microsoft Copilot (Microsoft 365): Microsoft 365 Copilot – your AI assistant in the GCCH environmentIn DevelopmentDescription

Items from the MessageCenter in Microsoft 365

(Updated) Microsoft Teams Integration with Microsoft Defender for Office Tenant Allow/Block List for blocking domains
Category:Microsoft Teams Microsoft Defender XDR
Nummer:MC1133508
Status:stayInformed

Updated November 17, 2025: We have updated the timeline. Thank you for your patience.

Introduction

We’re introducing a new integration between Microsoft Teams and Microsoft Defender for Office 365 that enables security admins to manage blocked external domains in Teams using the Tenant Allow/Block List (TABL) in the Microsoft Defender portal. This feature enhances security by allowing organizations to centrally manage domain blocks across Microsoft 365 services.

This capability is available to customers with Microsoft Defender for Office 365 Plan 1 or Plan 2 and Microsoft Teams.

This message is associated with Microsoft 365 Roadmap ID 492985.

When this will happen

Targeted Release: We will begin rolling out late August 2025 and expect to complete by early September 2025.

General Availability (Worldwide): We will begin rolling out early January 2026 (previously late September 2025) and expect to complete by end of January 2026 (previously early October 2025).

How this affects your organization

Security admins, with permission from Teams admins, will be able to:

  • Add, delete, and view blocked external domains in Microsoft Teams using the Microsoft Defender portal.
  • Prevent incoming communications (chats, channels, meetings, and calls) from blocked domains.
  • Automatically delete existing communications from users in blocked domains.
  • Track actions taken to block domains in audit logs, supporting compliance monitoring and reporting.

View and manage blocked domains for Teams in the Microsoft Defender portal:

 admin settings

This change does not affect existing federation configurations or domain blocks set in the Teams admin center.

  • Entry limit: Up to 4,000 blocked domains can be configured for Teams.
  • Client impact: Applies to all Teams clients and the Defender XDR web portal.

What you can do to prepare

To enable this feature – 

  • Ensure that external access in the Teams admin center is set to either:
    • Block only specific external domains, or
    • Allow all external domains
  • Teams admins must enable the setting “Allow my security team to manage blocked domains” in the Teams admin center. This setting is off by default.

Enable security team access to manage blocked domains in the Teams admin center:

 admin settings

Learn more: Block domains in Microsoft Teams using the Tenant Allow/Block List | Microsoft Defender for Office 365 | Microsoft Defender | Microsoft Learn

Compliance considerations

Does the change modify how admins can monitor, report on, or demonstrate compliance activities such as Purview or admin reporting?Both Microsoft Teams and the Defender portal generate audit logs for actions taken on blocked domains. These logs can be accessed via Microsoft Purview or Defender audit capabilities.
Does the change provide a new way of communicating between users, tenants, or subscriptions? Security admins can now block external domains in Microsoft Teams using the Tenant Allow/Block List, which affects cross-tenant communications across chats, channels, meetings, and calls.
Does the change include an admin control, and can it be controlled through Entra ID group membership?Teams admins must enable the toggle “Allow my security team to manage blocked domains” in the Teams admin center to grant access. This control can be managed through Entra ID group membership.

(Updated) Microsoft Purview | Insider Risk Management – Personal email triggers
Category:Microsoft Purview
Nummer:MC1147381
Status:stayInformed

Updated September 9, 2025: We have updated the timeline. Thank you for your patience.

[Introduction]

To enhance detection capabilities in Insider Risk Management (IRM), we’re adding two new email indicators as triggers for data exfiltration activities. These indicators help identify potential data leaks when users send business-sensitive attachments to personal or public email domains. This update supports stronger data protection and aligns with customer feedback requesting broader coverage of email-based risks.

This message is associated with Microsoft 365 Roadmap ID 496149.

[When this will happen:]

General Availability (Worldwide, GCC, GCC High, GCC DoD): Rollout will begin in early December 2025 (previously early September) and is expected to complete by late December 2025 (previously late September).

[How this affects your organization:]
  • Who is affected: Admins managing Insider Risk Management policies.
  • What will happen:
    • Two new email triggers will be available:
      • Sending email with attachments to free public domains.
      • Sending email with attachments to self (personal email).
    • These indicators can be enabled from the IRM settings page.
    • Sequence detections will now include these indicators as exfiltration activities.
    • IRM quick policy templates will be updated:
      • Email exfiltration: These two indicators will be set as default triggers and indicators. Sending email with attachments to external recipients will not be enabled by default.
      • Data leaks: Both indicators will be added to triggers and indicators, with no changes to existing ones.
      • Data theft by users leaving your org: Indicators will be added; existing triggers and indicators remain unchanged.
      • Critical asset protection: Both indicators will be added to triggers and indicators, with no changes to existing ones.
    • Existing policies created from quick templates will not be affected.
[What you can do to prepare:]
  • No action is required. The new triggers will automatically become available for configuration in the IRM policy wizard.
[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

(Updated) Microsoft Teams: User reporting for incorrectly identified security concerns
Category:Microsoft Teams Microsoft Defender XDR
Nummer:MC1147984
Status:stayInformed

Updated November 17, 2025: The rollout of “Report incorrect security detection in Microsoft teams is expected to finish by the end of November 2025 for General Availability (Worldwide). The previously announced update to make “Report incorrect security detections” settings in Messaging settings in Teams admin center On by default has been postponed to early 2026. A separate communication will be issued detailing the roll out schedule for the default-on change in advance.

Thank you for your patience.

Introduction

Microsoft Teams now enables users to report messages they believe were incorrectly flagged as security threats in chats and channels. This capability is available to organizations with Microsoft Defender for Office 365 Plan 2 or Microsoft Defender XDR. It empowers users to provide feedback on false positives, helping improve detection accuracy and strengthen organizational security.

This feature will be available across Microsoft Teams on Android, Desktop (Windows), iOS, Mac, and Web platforms, ensuring broad accessibility for users regardless of device.

This feature is associated with Microsoft 365 Roadmap ID 501202.

When this will happen

Targeted Release (Worldwide): Begins in early September 2025; expected completion by mid-September 2025.

General Availability (Worldwide): Begins in early November 2025; expected completion by end of November 2025 (previously mid-November).

How this affects your organization

Users will be able to report messages they believe contain URLs that were incorrectly flagged as malicious:

 user settings

  • During Targeted Release, the feature is off by default in Teams.
  • At General Availability, the feature will be on by default in Teams. Admin settings saved during Targeted Release will remain unchanged.
  • In the Microsoft Defender portal, the setting is on by default for new tenants. Existing tenants must enable it manually.

What you can do to prepare

To enable this feature and ensure reported messages appear in the User reported tab in Submissions:

  • In the Teams admin center, go to Messaging settings > Messaging safety and turn on Report incorrect security detections.

    • admin settings

  • In the Microsoft Defender portal, ensure the corresponding setting is enabled.

    •   admin settings

Both settings must be turned on for full functionality.

Learn more: [Updated documentation to be made available on Microsoft Learn in the second week of September 2025.]

Compliance considerations

Does the change store new customer data, and if so, where is it stored?Yes. When users report messages they believe were incorrectly flagged, those submissions are stored in the Microsoft Defender portal under the Submissions tab.
Does the change introduce or significantly modify AI/ML or agent capabilities that interact with or provide access to customer data?Yes. User feedback on incorrectly flagged messages is used to improve detection models, which modifies how AI/ML systems classify threats over time.
Does the change include an admin control, and can it be controlled through Entra ID group membership?Yes. Admins can enable or disable the feature in both the Teams admin center and the Microsoft Defender portal. Access to these controls can be managed through Entra ID group membership.

Additional Resources: End user reporting for security – Microsoft Teams | Microsoft Learn

(Updated) Microsoft Teams: Malicious URL Protection for Teams Chat and Channels
Category:Microsoft Teams
Nummer:MC1148539
Status:preventOrFixIssue

Updated November 17, 2025: The rollout of Malicious URL Protection in Microsoft Teams is expected to finish before the end of November 2025 for General Availability (Worldwide). The previously announced update to make Malicious URL protection setting in Messaging settings ON by default has been postponed to early 2026. A separate communication will be issued detailing the roll out schedule for the default-on change in advance.

Thank you for your patience.  

Introduction

Microsoft Teams is introducing enhanced protection against phishing attacks by detecting and warning users about malicious URLs shared in Teams chats and channels. This feature helps users make safer decisions before clicking potentially harmful links. This message applies to Teams for Windows desktop, Teams for Mac desktop, Teams for the web, and Teams for iOS/Android.

This message is associated with Roadmap ID 499893.

When this will happen

  • Targeted Release (Worldwide): Rollout begins early September 2025 and is expected to complete by mid-September 2025.
  • General Availability (Worldwide): Rollout begins early November 2025 and is expected to complete by end of November 2025 (previously mid-November).

How this affects your organization

user settings

When a malicious link is detected, Teams will automatically display a warning to both the sender and recipient. This helps reduce the risk of phishing attacks.

  • Targeted Release: Link protection is applied only when all participants in the conversation have the feature enabled.
  • General Availability: Link protection is enforced if at least one participant in the conversation has the feature enabled.

Targeted release vs. General Availability behavior:

  • Targeted release: Link protection is applied only when all organizations in the conversation have the feature enabled. This feature is off by default and requires admin activation.
  • General Availability: Link protection is applied if at least one participant has the feature enabled. This feature is on by default. Admin settings saved during Targeted Release will remain unchanged. 

What you can do to prepare

During Public Preview, administrators must manually enable the feature:

  1. Go to the Teams Admin Center
  2. Navigate to Messaging Settings
  3. Enable the setting: Scan messages for unsafe URLs

user settings

This setting is also available via Set-CsTeamsMessagingConfiguration PowerShell cmdlet –UrlReputationCheck parameter.

No action is required once the feature reaches General Availability, as it will be turned on by default.

Learn more: Malicious URL Protection in Microsoft Teams

Compliance considerations

Compliance AreaExplanation
Does the change introduce or significantly modify AI/ML or agent capabilities that interact with or provide access to customer data? URL scanning uses reputation-based detection algorithms to identify malicious links. This involves scanning user messages and performing reputation lookups against Microsoft Defender for Office’s managed collection.
Does the change include an admin control that can be scoped using Entra ID group membership? Admins can enable or disable the feature via Teams Admin Center or PowerShell. However, scoping via Entra ID group membership is not supported.

Reminder:

General Availability begins November 3 and complete by end of November. At GA, “Scan messages for unsafe URLs” will default to ON as previously mentioned, and link protection will apply if any participant in a conversation has it enabled.
To use a different setting, go to Teams admin center → Messaging settings → Scan messages for unsafe URLs, select your preference, and click Save before GA.

Note: Simply viewing the page without saving will not override the default, but settings already saved during Targeted Release will persist.
(Updated) New file protection in Teams chat and channels blocks unsafe content
Category:Microsoft Teams
Nummer:MC1148540
Status:preventOrFixIssue

Updated November 17, 2025: The rollout of Weaponizable file type protection in Microsoft Teams is expected to finish before the end of November 2025 for General Availability (Worldwide). The previously announced update to make Weaponizable file protection setting in Messaging settings ON by default has been postponed to early 2026. A separate communication will be issued detailing the roll out schedule for the default-on change in advance.

Thank you for your patience.

Introduction

Microsoft Teams is introducing a new protection feature that blocks messages containing weaponizable file types—such as executables—in chats and channels. This helps reduce the risk of malware and file-based attacks by preventing unsafe content from being shared. This message applies to Teams for Windows desktop, Teams for Mac desktop, Teams for the web, and Teams for iOS/Android.

This message is associated with Roadmap ID 499892.

When this will happen

General Availability begins November 3 and will complete by end of November. At GA, “Scan messages for file types that are not allowed” will default to ON, and protection will apply if any participant in a conversation has it enabled.

To use a different setting, go to Teams admin center → Messaging settings → Scan messages for file types that are not allowed, select your preference, and click Save before GA.

Note: Simply viewing the page without saving will not override the default, but settings already saved during Targeted Release will persist.

  • Targeted release (Worldwide): Starts early September 2025; expected to complete by mid-September 2025.
  • General Availability (Worldwide): Starts early November 2025; expected to complete by end of November 2025 (previously mid-November).

How this affects your organization

Once enabled, Teams will automatically block messages that include weaponizable file types. This applies to both internal and external conversations.

  • Recipients will see a notification that a message was blocked but cannot access the content.
  • Senders will receive a notification and can edit and resend the message without the unsafe file.

user settings

Targeted release vs. General Availability behavior:

  • Targeted release: Protection is enforced only when all organizations in the conversation have the feature enabled. This feature is off by default and requires admin activation.
  • General Availability: Protection is enforced if at least one participant has the feature enabled. This feature is on by default. Admin settings saved during Targeted Release will remain unchanged.

What you can do to prepare

Admins can enable this protection in the Teams Admin Center:

  1. Go to the Teams Admin Center
  2. Navigate to Messaging Settings
  3. Turn on the setting: Scan messages for file types that are not allowed

user settings

Alternatively, use PowerShell with the -FileTypeCheck parameter.

Once enabled, all users in your tenant will begin seeing file protection applied in their messages.

Blocked file types include:

ace, ani, apk, app, appx, arj, bat, cab, cmd, com, deb, dex, dll, docm, elf, exe, hta, img, iso, jar, jnlp, kext, lha, lib, library, lnk, lzh, macho, msc, msi, msix, msp, mst, pif, ppa, ppam, reg, rev, scf, scr, sct, sys, uif, vb, vbe, vbs, vxd, wsc, wsf, wsh, xll, xz, z

Learn more: 

Compliance considerations

Compliance Area Explanation
Does the change modify how users can access, export, delete, or correct their personal data within Microsoft 365 services? Blocked messages are not delivered, which may affect access to the original message content. Recipients of messages with disallowed file types will not receive the message or its attachments.
(Updated) New policy setting to require explicit consent for recording and transcription in Teams 1:1 calls
Category:Microsoft Teams
Nummer:MC1163766
Status:planForChange

Updated November 17, 2025: We have updated the timeline. Thank you for your patience.

[Introduction]

To enhance transparency and user control, Microsoft Teams is expanding the Explicit Recording Consent feature to include 1:1 Teams calls. This update ensures that participants must provide explicit consent before their media (audio, video, and content sharing) is included in any recording or transcription initiated by another user. This change supports privacy compliance and aligns with customer feedback requesting more granular consent controls.

This message is associated with Roadmap ID 503295.

[When this will happen:]
  • Targeted Release: Begins early December 2025, completes mid-December 2025.
  • General Availability (Worldwide, GCC): Begins mid-December 2025, completes mid-January 2026.
  • General Availability (GCC High): Begins late January 2026 (previously mid-January), completes early February 2026 (previously late January).
  • General Availability (DoD): Begins late January 2026, completes mid-February 2026 (previously mid-February).
[How this affects your organization:]

Who is affected:

  • Microsoft Teams administrators managing calling policies.
  • Users participating in 1:1 Teams VoIP calls where recording or transcription is initiated.
  • Public Switched Telephone Network (PSTN) endpoints will be auto consented. Explicit consent support for PSTN will be included in a future release.

What will happen:

  • This feature applies to Microsoft Teams desktop apps on Windows and macOS.
  • By default, Explicit Recording Consent is OFF and must be enabled by administrators.
  • When enabled:
    • Users initiating recording or transcription in 1:1 calls will trigger a consent prompt for the other VoIP participant.
    • Until consent is granted, the participant’s audio, video, and screen/content sharing will be disabled, and as a result, excluded from the recording.
    • PSTN users will be auto-consented. Learn more at Manage Teams recording policies | Auto consent endpoints and platforms
  • Administrators can apply this policy tenant-wide or to specific users.
[What you can do to prepare:]
  • Update training materials to reflect that Explicit Recording Consent now applies to 1:1 calls (PSTN and Teams VoIP).
  • Inform users that consent is required before recording or transcription can begin in 1:1 calls.
  • Administrators can manage this feature via PowerShell or the Microsoft Teams admin center.

PowerShell commands:

Set-CsTeamsCallingPolicy -Identity Global -ExplicitRecordingConsent "Enabled"
Set-CsTeamsCallingPolicy -Identity Global -ExplicitRecordingConsent "Disabled"

Learn more: Set-CsTeamsCallingPolicy documentation

[Compliance considerations:]

Compliance AreaExplanation
Audit LoggingConsent data is captured in audit logs. Refer to Audit log activities in Microsoft Purview.

(Updated) Microsoft Custom engine agents: Introducing file upload support
Category:Microsoft Copilot (Microsoft 365)
Nummer:MC1179162
Status:stayInformed

Updated November 17, 2025: We have updated the timeline. Thank you for your patience. 

Custom engine agents (CEA) are specialized agentic solutions that can be built using any large language model (LLM), toolchain, or orchestration framework, and are tailored to specific domain or tenant workflows. These agents can be created using either Microsoft Copilot Studio or the Agents Toolkit. File upload support is already available in Microsoft 365 Copilot Business Chat.

We’re now extending this capability to Custom engine agents, enabling users to upload files stored locally or in OneDrive directly to agents. Once uploaded, agents can access the file for a short duration and respond to user queries based on its contents. This update aligns with customer feedback requesting more flexible input options for agent interactions.

[When this will happen:]

General Availability (Worldwide): Rollout will begin in mid-December 2025 (previously early November) and is expected to complete by late December 2025 (previously late November).

[How this affects your organization:]

  • Who is affected: All users of Custom engine agents, whether built using Copilot Studio or the Agents Toolkit. This includes users on free, metered, and paid Copilot plans.
  • What will happen:
    • Users will be able to upload files directly to Custom engine agents.
    • Supported file types will match those supported by Copilot.
    • Image file support will be added in a future update.
    • The feature will be ON by default once available.
    • No changes to existing admin policies are required.

[What you can do to prepare:]

  • Communicate this change to helpdesk staff.
  • Update internal documentation if you reference CEA capabilities.
  • Review the documentation for details on agent configuration and supported capabilities.

Learn more: Custom engine agents for Microsoft 365 overview | Microsoft Learn

[Compliance considerations:]

    QuestionAnswerExplanation
    Does this change store new customer data, and if so, where is it stored and is the data cached or permanently stored?YesUploaded files are temporarily accessible to the agent for a few minutes 
    Does this change introduce or significantly modify AI/ML or agent capabilities that interact with or provide access to customer data?YesCustom engine agents will be able to access uploaded files and respond to user queries based on the file contents.
    Does this change provide end users any new way of interacting with generative AI, and if so, how?YesUsers can now upload files to agents, expanding interaction beyond text input.
(Update)Microsoft Purview DLP and Edge for Business: Inline data security controls for more unmanaged GenAI apps in Edge
Category:Microsoft Purview
Nummer:MC1182684
Status:stayInformed

Updated November 17, 2025: We have updated the timeline. Thank you for your patience.

[Introduction:]

We are expanding inline protections for uploads in Microsoft Edge for Business to cover more unmanaged consumer generative AI (GenAI) apps. With this update, admins can apply Microsoft Purview collection policies and Purview Data Loss Prevention (DLP) policies to detect and prevent sensitive data sharing in the Edge browser when users interact with these additional unmanaged app locations. Inline protections are built directly into Edge for Business and work for users on Intune-managed Windows devices. This enhancement complements existing capabilities, giving organizations greater flexibility to enforce data security controls across a broader set of GenAI apps.

This message is associated with Microsoft 365 Roadmap ID 518643.

[When this will happen:]

  • Public Preview: Begins late November 2025 (previously mid-November), expected to complete by early December 2025.
  • General Availability (Worldwide): Begins in late November 2025 (previously early December) and is expected to complete by end of December 2025.

[How this affects your organization:]

Who is affected:

  • Admins managing Microsoft Purview DLP and collection policies for Edge for Business
  • Users on Intune-managed Windows devices using Edge for Business
What will happen:
  • Admins can extend current Purview collection and DLP policies to include new unmanaged GenAI app locations for inline protection.
  • No additional deployment steps are required.
  • Inline protections are built directly into Edge for Business.
  • Automated behaviors will block use of unprotected browsers for users included in policies that block activities in unmanaged GenAI apps.

[What you can do to prepare:]

No action is required to enable this feature. To learn more or update your policies, review the following resources:

[Compliance considerations:]

QuestionAnswer
Does this change modify, interrupt, or disable any Data Loss Prevention (DLP) policies or enforcement in Microsoft Purview?Yes. This update expands DLP enforcement by allowing admins to apply existing policies to additional unmanaged GenAI app locations in Edge for Business.
Does this change alter how admins can monitor, report on, or demonstrate compliance activities using Microsoft Purview or admin reporting tools?Yes. Admins will gain expanded visibility and control over data sharing activities in Edge for Business, enabling more comprehensive reporting and compliance oversight.

(Updated) Microsoft Purview DLP and Edge for Business: Inline data protection for file uploads to unmanaged GenAI apps
Category:Microsoft Purview
Nummer:MC1183007
Status:stayInformed

Updated November 17, 2025: We have updated the timeline. Thank you for your patience.

[Introduction:]

We are introducing inline file upload protection for Microsoft Edge for Business to help prevent data leakage when users upload files to consumer generative AI (GenAI) apps in the browser. This complements the existing text upload protections available today for unmanaged GenAI apps and can be layered with Endpoint DLP protections. With this update, admins can detect and enforce inline protections on file uploads in Edge for Business. Policies can target file-specific conditions such as file size, file type, and sensitive information types, enabling organizations to audit or block activities for users on Intune-managed Windows devices.

This message is associated with Microsoft 365 Roadmap ID 518642.

[When this will happen:]

  • Public Preview: Begins late November 2025 (previously mid-November); expected to complete by early December 2025.
  • General Availability (Worldwide): Begins late November 2025 (previously early December); expected to complete by late December 2025.

[How this affects your organization:]

  • Who is affected: Admins managing Microsoft Purview DLP policies and Edge for Business on Intune-managed Windows devices.
  • What will happen:
    • Admins can extend existing Purview collection and DLP policies to include file upload protection for unmanaged GenAI apps.
    • Inline protections are built directly into Edge for Business.
    • Automated behaviors will block use of unprotected browsers for users included in blocking policies.
    • Policies can be configured based on file size, type, and sensitivity.

[What you can do to prepare:]

  • No action is required before rollout.
  • Review your current collection and DLP policies.
  • Update policies to include file upload conditions if needed.
  • Inform your Security and Edge admins about this enhancement.

Learn more:

[Compliance considerations:]

QuestionImpactExplanation
Does the change modify, interrupt, or disable any of the following capabilities (Purview): DLP policies or enforcementYesInline file upload protection modifies how DLP policies are enforced in Edge for Business.
Does the change alter how admins can monitor, report on, or demonstrate compliance activities?YesAdmins gain new visibility and control over file uploads to unmanaged GenAI apps.
Generate Word, Excel, and PowerPoint documents from agents built from Copilot Studio lite in Microsoft 365 Copilot
Category:Microsoft Copilot (Microsoft 365)
Nummer:MC1186365
Status:stayInformed

[Introduction]

Starting November 17, 2025, agents created in Copilot Studio lite within Microsoft 365 Copilot will be able to generate Word, Excel, and PowerPoint content. This capability is part of the “Generate documents, charts, and code” skillset (formerly known as Code Interpreter), designed to help users complete common tasks more efficiently. These skills were first introduced in Microsoft 365 Copilot in October and are now extending to agents—bringing the same powerful creation tools into custom workflows.

This message is associated with Roadmap ID 506753.

[When this will happen:]

General Availability (Worldwide): Rollout begins mid-November 2025 and is expected to complete by early December 2025.

[How this will affect your organization:]

Who is affected:

  • Microsoft 365 Copilot users with access to Copilot Studio.

What will happen:

  • Users can generate Word, Excel, and PowerPoint documents by chatting with agents created in the embedded Copilot Studio lite experience.
  • This capability is part of the “Generate documents, charts, and code” skillset (formerly known as Code Interpreter).
  • No changes to existing admin policies.
  • No admin action is required; this is for awareness only.

[What you can do to prepare:]

  • Communicate this enhancement to helpdesk staff or internal champions.
  • Remind users that this capability already exists in Copilot and is now extended to agent interactions in the embedded Copilot Studio lite experience.
  • Learn more: Use Copilot Studio to build declarative agents

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Windows Office Hours: November 20, 2025
Category:Windows
Nummer:MC1187243
Status:stayInformed
If you are an IT admin with questions about managing and updating Windows, we want to help. Every third Thursday of the month, we host a live chat-based event on the Tech Community called Windows Office Hours. Members of the Windows, Microsoft Intune, Windows Autopilot, Windows Autopatch, and Windows 365 engineering teams will be standing by to answer your questions. We also have experts from FastTrack, the Customer Acceleration Team, and Microsoft public sector teams. 

Want to attend the November 20 session of Office Hours? Add it to your calendar and select Attend on the event page to let us know you’re coming. There is no video or live meeting component. Simply visit the event page, log in to the Tech Community, and leave your questions in the Comments section. You can also bookmark https://aka.ms/Windows/OfficeHours for upcoming dates (and the ability to add this event to your calendar). We look forward to helping you.
Dataverse – Dataverse Model Context Protocol (MCP) Server general availability
Category:Microsoft Dataverse
Nummer:MC1187276
Status:stayInformed		We are announcing the general availability of Dataverse Model Context Protocol (MCP) Server. The Dataverse MCP Server has been available in preview since May 2025 and will reach general availability to all regions on December 15, 2025.

How does this affect me?
With this release we are introducing advanced governance capabilities and new productivity tools for the Dataverse MCP Server integrated with Microsoft Copilot Studio, Visual Studio Code, and Claude Desktop.

Additionally, new billing policies will apply for the Dataverse MCP Server as it reaches general availability.

Key Updates:
  • Governance Model:
    • An enhanced governance experience within Power Platform Admin Center to manage Dataverse MCP server. With the new governance framework, only Microsoft Copilot Studio will be enabled by default for existing Dataverse MCP Server users.
  • Configuration Management:
    • Settings available to enable additional clients like Visual Studio GitHub Copilot or Claude.
  • Connecting to Visual Studio GitHub Copilot:
  • Billing and Licensing:
    • Effective December 15, 2025, usage of the Dataverse MCP Server will be subject to updated Billing Policies.
What action do I need to take?
This message is for awareness, and no action is required. We recommend reviewing these updates and adjusting your configurations to ensure continued access and compliance with the new governance model.

For more information, please review the blog post Dataverse MCP Server: A Game Changer for AI-Driven Workflows.
New update to address issue affecting organizations with Windows 10 devices enrolled on Extended Security Updates (ESU)
Category:Windows
Nummer:MC1187343
Status:preventOrFixIssue
Microsoft has identified an issue where some Windows 10, version 22H2 devices enrolled in Extended Security Updates (ESU) for commercial customers might fail to install the November 2025 security update (KB5068781) with error 0x800f0922 (CBS_E_INSTALLERS_FAILED). This issue is isolated to devices whose Windows OS licenses were activated via Windows subscription activation through the Microsoft 365 admin center. 
 
The organizations affected by this issue can resolve it by installing KB5072653: Extended Security Updates (ESU) Licensing Preparation Package for Windows 10, which was released on November 17, 2025. Once you install this preparation package (KB5072653), you will be able to deploy the November 2025 security update (KB5068781).

Note: A new Scan Cab including metadata for KB5072653 will be available in the near future for organizations that utilize cab files for compliance update checks. We will update this announcement once the new Scan Cab is available.
Dynamics 365 Contact Center – Resolve issues autonomously with Customer Intent Agent
Category:Dynamics 365 Apps
Nummer:MC1187356
Status:stayInformed		We are announcing the ability to enable fully autonomous, real-time, multichannel customer support by leveraging the Customer Intent Agent’s advanced AI capabilities in Dynamics 365 Contact Center. This feature will reach general availability on November 30, 2025.

How does this affect me?
Customer Intent Agent is part of the autonomous service agent suite and uses a consumption-based billing model on top of your base license for Dynamics 365 Contact Center. When enabled, Customer Intent Agent analyzes your existing support conversations and cases to automatically build an intent library. After the agent discovers intents, you can create a Customer Intent Agent in Copilot Studio. It uses your intent library to ask follow-up questions, provide knowledge articles, or take actions to resolve customer issues.

What action do I need to take?
This message is for awareness, and no action is required.

If you would like more information on this feature, please visit Resolve issues autonomously with Customer Intent Agent.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top