Microsoft Roadmap, messagecenter and blogs updates from 19-03-2026

Updated March 18, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

Microsoft is introducing a major evolution of Purview Data Security Posture Management (DSPM) to help organizations strengthen data security and confidently embrace AI. The new DSPM experience unifies visibility and control across traditional data and AI-driven environments, delivering outcome-based guided workflows that turn insights into actionable steps—so teams can prioritize risks and remediate faster. It brings AI observability, enhanced posture reporting, and intelligent Security Copilot agents to automate tasks like triage and policy management.

Purview now also extends coverage beyond Microsoft data with third-party signals from partners like BigID, Cyera, OneTrust, and Varonis, giving security teams a single, streamlined view of sensitive data across clouds and platforms. Additionally, Data Risk Assessments are extended to Fabric and item-level analysis with new remediation actions like bulk disabling of overshared SharePoint links.

This message is associated with Microsoft 365 Roadmap ID 532728.

When this will happen:

• Public Preview (Worldwide): Rollout begins early December 2025 and completes by early April 2026.
• General Availability (Worldwide): Rollout begins early June 2026 (previously early April) and completes by early June 2026 (previously early May).

How this affects your organization:

• Who is affected: Admins managing Microsoft Purview DSPM.
• What will happen:
  • Customers will continue to have access to the current DSPM (classic) and DSPM for AI (classic) experiences.
  • Existing policies and configurations remain unchanged.
  • The new DSPM experience and its features will be available in addition to existing experiences.
  • No default policy changes; onboarding steps from classic experiences carry over.

What you can do to prepare:

• No action is required from admins.
• For customers already onboarded to DSPM (classic) and DSPM for AI (classic), onboarding steps will automatically carry over.

Learn more:

• Learn how Microsoft Purview Data Security Posture Management for AI provides data security and compliance protections for Copilots and other generative AI apps | Microsoft Learn (will be updated before rollout)
• Learn about Data Security Posture Management | Microsoft Learn (will be updated before rollout)

Compliance considerations:

Updated March 18, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

To help reduce Windows file path length issues and improve the local file system experience, IT admins can now set a custom name for the local OneDrive sync root folder on users’ Windows devices using the policy Set a custom name for the OneDrive sync folder with the String ID CustomSyncRootFolderName. Today, the default folder name (“OneDrive – (organization name)”) can contribute to path length constraints in deeply nested folder structures. This new policy allows organizations to define a shorter, organization-specific folder name while keeping the OneDrive experience consistent for users.

Screenshot: Configure group policy by opening the relevant group policy in the Local Group Policy Editor application

[When this will happen:]

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in mid-March 2026 and complete on March 18, 2026 (previously early April).

[How this affects your organization:]

Who is affected:

• Microsoft 365 tenants using OneDrive sync on Windows devices
• Admins managing OneDrive sync policies
• Users setting up OneDrive sync on Windows and existing users who use OneDrive sync on Windows

What will happen:

• Admins can configure a custom local OneDrive sync root folder name using the new policy.
• New users will automatically see the custom folder name when they set up OneDrive sync.
• Existing users must unlink and relink their OneDrive account for the new folder name to take effect. Learn more: Unlink and re-link OneDrive | Microsoft Support.
• We recommend that existing users delete the original OneDrive folder after relinking to avoid confusion.
• The display name shown in File Explorer’s navigation pane and the OneDrive Activity Center remains unchanged (for example, “OneDrive – (organization name)”).
• This feature is opt-in and requires admin configuration; it is not enabled by default.

[What you can do to prepare:]

• Determine whether a shorter OneDrive sync folder name would benefit your organization.
• Select a custom folder name that meets the following requirements:
  • Must contain at least one character.
  • Cannot be named “OneDrive.”
  • The full folder path must not exceed 120 characters.
  • Standard Windows folder naming rules apply.
• Plan communications for existing users who will need to unlink and relink OneDrive sync.
• Update internal documentation and helpdesk guidance as needed.

Learn more: IT Admins – Use OneDrive policies to control sync settings – SharePoint in Microsoft 365 | Microsoft Learn

[Compliance considerations:]

Problem detected: Microsoft Baseline Security Mode has automatically triggers Entra Conditional Access policy creation

Customers who accessed Baseline Security Mode in Microsoft 365 between November 2025 and early February 2026 might see two draft Microsoft Entra ID Conditional Access policies created in their tenant in a Disabled state. These policies are associated with Baseline Security Mode and might appear as created by the administrator who signed in to the Microsoft Baseline Security Mode page.

[How this will affect your organization:]

This behavior doesn’t represent a security incident and has no effect on tenant security. The policies are in a disabled draft state. 

[What you need to do to prepare:]

There’s no action needed to prepare. A fix has rolled out to ensure policies are created only through explicit administrator action. Any unintentionally created policy drafts will be removed as part of addressing this issue. 

[Learn more about Microsoft Baseline Security Mode]
Baseline Security Mode: https://learn.microsoft.com/en-us/microsoft-365/baseline-security-mode/baseline-security-mode-settings?view=o365-worldwide

1. https://globaldisco.crm.dynamics.com/api/discovery/v1.0/Instances
2. https://globaldisco.crm.dynamics.com/api/discovery/v2.0/Instances
3. https://globaldisco.crm.dynamics.com/api/discovery/v1.0/Instances({id})

1. Identify any applications or scripts that call globaldisco.crm.dynamics.com REST API endpoints.
2. Update your applications to use the Power Platform List Environments API instead of the GDS endpoints.
3. Test your updated integrations against the new endpoints to verify compatibility.

[Introduction]

We’re refreshing the OneDrive Activity Center on macOS. This redesign brings a cleaner, more intuitive way to check sync status, manage files, and resolve issues, right from your desktop.

[When this will happen:]

• General Availability (Worldwide): We will begin rolling out in early April 2026 and expect to complete by mid-April 2026.
• General Availability (GCC, GCC High, DoD): We will begin rolling out in early April 2026 and expect to complete by late May 2026.

[How this affects your organization:]

Who is affected: All organizations with users running the OneDrive Sync client on macOS.

What will happen:

• The redesigned OneDrive Activity Center and native macOS dialogs align the OneDrive sync client with macOS platform conventions, providing a familiar, system-consistent experience for Mac users.

Screenshot 1: Updated OneDrive Activity Center on macOS showing overall sync status

• The updated interface is intended to make onboarding, and day‑to‑day use, more straightforward for users who expect standard macOS behavior.
• Accessibility support is improved, including full VoiceOver and Full Keyboard Access support.
• Sync status information, recent activity thumbnails, and error indicators are presented more clearly, making it easier for users to identify and address common sync issues without contacting support.

Screenshot 2: Expanded sync activity view showing recent file changes and sync progress



• The update is enabled by default and rolls out automatically.
• No admin configuration, policy changes, or user action is required.

[What you can do to prepare:]

• No admin action is required. This is a user interface only update to the OneDrive Sync client on macOS.
• Optionally, notify helpdesk teams and update internal documentation for macOS users.

Learn more: OneDrive on Mac gets Liquid Glass with an All-New Activity Center

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

[Introduction]

Microsoft Edge for Business now supports cross-tenant Intune Mobile Application Management (MAM) policies. This update allows organizations to apply Intune App Protection Policies to Edge work profiles even when the device is managed by another tenant. This capability helps protect corporate data in cross-tenant scenarios such as contractors, partners, or mergers, without requiring additional device enrollment or disrupting the end-user experience.

This message is associated with Microsoft 365 Roadmap ID 557187.

[When this will happen:]

• Public Preview (Worldwide): We will begin rolling out mid-February 2026 and expect to complete by early April 2026.
• General Availability (Worldwide): We will begin rolling out early April 2026 and expect to complete by mid-April 2026.

[How this affects your organization:]

Who is affected:

• Organizations using Microsoft Edge for Business
• Admins configuring Intune App Protection Policies 
• Users accessing corporate data on devices managed by another tenant

What will happen:

• This feature is off by default and opt-in only
• Intune MAM policies are enforced within the Edge work profile
• When enabled, protected downloads are redirected to OneDrive for Business instead of local storage, and leak controls for screenshots and DevTools activate when data protection settings are applied.
• This approach secures cross-tenant scenarios like contractors or mergers without requiring additional apps or disrupting the user experience.
• No impact to personal browsing or unmanaged profiles

[What you can do to prepare:]

No action is required before rollout.

• Review existing Intune App Protection Policies
• Determine whether to enable cross-tenant MAM for Edge
• Notify security and helpdesk teams as appropriate
• Update internal documentation if needed

Learn more: Cross-tenant support using Intune MAM | Microsoft Learn

[Compliance considerations:]

[Introduction]

We’re introducing Data Security Triage Agent summaries and categorizations for Data Loss Prevention (DLP) alerts directly within the Microsoft Defender XDR portal. This update helps security analysts triage DLP alerts more efficiently by surfacing AI-generated summaries and categorizations created by the Microsoft Purview Data Security Triage Agent.

Screenshot 1: Data Security Triage Agent outputs and summaries now available in DLP alerts in Microsoft Defender XDR

This message is associated with Roadmap ID 558860.

[When this will happen:]

• Public Preview: We will begin rolling out early April 2026 and expect to complete by mid-April 2026.
• General Availability (Worldwide): We will begin rolling out mid-August 2026 and expect to complete by late August 2026.

[How this affects your organization:]

Who is affected:

• Security analysts and admins triaging DLP alerts in Microsoft Defender XDR
• Organizations using Microsoft Purview Data Security Triage Agent

What will happen:

• DLP alerts in Defender XDR will display AI-generated summaries and categorizations when the Agent is deployed.

Screenshot 2: Security Analysts and Admins triaging DLP alerts in Defenders will be able to deploy the Data Security Triage Agent from the Microsoft Defender XDR portal



• If the Agent is not deployed, eligible analysts can deploy it from the DLP alert page in Defender XDR.
• Agent management (instructions, pause/deactivate, usage monitoring) remains in Microsoft Purview.
• Existing DLP policies and enforcement are not changed.
• There is no impact to users.

[What you can do to prepare:]

• Deploy the Data Security Triage Agent in Microsoft Purview to enable summaries in Defender XDR.
• Review role assignments to ensure analysts who triage DLP alerts have the appropriate permissions.
• Update internal security operations documentation to reflect the new triage experience.
• Familiarize security teams with where Agent deployment can occur (Defender XDR) and where ongoing management is performed (Purview).

Learn more: Before rollout, we will update this post with new documentation.

[Compliance considerations:]

Introduction

As announced earlier in MC616550 (June 2023), InfoPath Forms Service in SharePoint Online is being retired and will be removed from existing tenants after July 14, 2026. To support this transition and reduce future migration effort, Microsoft will prevent the publication of InfoPath forms in SharePoint Online for all tenants ahead of the service’s retirement.

When this will happen:

• After May 18, 2026: Publishing new InfoPath forms or publishing updates to existing forms will be blocked
• July 14, 2026: InfoPath Forms Service will be fully retired

How this affects your organization:

Who is affected:

• All SharePoint Online tenants
• InfoPath designers, publishers, and site owners
• IT administrators managing SharePoint Online

What will happen:

• After May 18, 2026, new InfoPath forms cannot be published
• Modifications to existing InfoPath forms cannot be published
• Existing published forms will remain available and usable
• There is no option to extend InfoPath Forms Service beyond retirement

What you can do to prepare:

To understand how InfoPath is used in your organization, you can run the Microsoft 365 Assessment tool to scan the tenant for InfoPath usage. Using the Power BI InfoPath Report generated by the scanner tool, you can:

• Identify all InfoPath Forms usage in the tenant, per site collection and site.
• Evaluate the recency and volume of usage of InfoPath Forms.
• Understand lists, libraries, and content types that use InfoPath.

We recommend communicating to the impacted site owners and teams inside your organization now, so they are aware of the coming change.

For scenarios where InfoPath or InfoPath Forms Services are currently being used, we recommend migrating to Power Apps, Power Automate, or Microsoft Forms. Please ensure that you allow adequate time for migration of any use of InfoPath or InfoPath Forms Services in your organization ahead of this date, as there is no migration tool provided. Additional instructions on how to migrate can be found in this blog.

Note: Please plan the migration appropriately as there will not be an option to extend InfoPath Forms Services beyond the InfoPath retirement date of July 14, 2026.

Compliance considerations:

This update disables the ability to publish or republish InfoPath forms in SharePoint Online as part of a planned service retirement; it does not change how existing customer data is stored, processed, or governed.

Introduction

We’re introducing support for Microsoft Lists as a knowledge source for custom agents in SharePoint and OneDrive. These custom agents can now ground responses in a list stored on a SharePoint site or in your OneDrive.

When this will happen:

General Availability (Worldwide): We will begin rolling out in late March 2026 and expect to complete rollout by early May 2026.

How this affects your organization:

Who is affected:

• Site members (or people with edit permissions to the site) who create or edit custom agents in SharePoint and OneDrive.
• A Microsoft 365 Copilot license or the pay-as-you-go meter connected to SharePoint agents is required to use this feature.

What will happen:

• Users can configure a custom agent to use one Microsoft List as its knowledge source.
• Agents can:
• Answer questions using information stored in list items.
• Reference list item metadata in responses.
• Provide up-to-date responses based on list items the user has permission to access.
• In SharePoint, users can create an agent directly from a list by selecting AI actions > Create an agent from the command bar.
• While editing an agent, users can also select an individual list from the Sources tab, similar to selecting individual files.
• Important limitations:
  • Agents currently support grounding on only one Microsoft List.
  • Grounding on multiple lists, or combining a list with other content (such as files or pages), is not supported.
  • If a list is added to an existing agent, all previous knowledge sources are removed, and the user is prompted to confirm before the change is applied.
  • Agents configured with a site as the knowledge source will continue to ground only on the site’s Document Libraries and Pages library.

What you can do to prepare:

No action is required to prepare for this change.

We recommend that you:

• Inform users who create or manage agents about the new option to use Microsoft Lists as a knowledge source.
• Update internal guidance or help desk documentation if you provide instructions for creating custom agents in SharePoint.

Learn more: Create an agent in SharePoint | Microsoft Support (will be updated at launch)

Compliance considerations:

We've released updates to the following update channel for Microsoft 365 Apps:

• Current Channel

[When this will happen:]

We'll be gradually rolling out this update of Microsoft 365 Apps to users on that update channel starting March 18th, 2026 (PST).

[How this will affect your organization:]

If your Microsoft 365 Apps clients are configured to automatically update from the Office Content Delivery Network (CDN), then no action is required.

If you manage updates directly you can now download this latest update and begin deployment.

[What you need to do to prepare:]

To get more details about this update view the following release notes:

• Current Channel