Microsoft Roadmap, messagecenter and blogs updates from 22-11-2025

Updated November 21, 2025: The deprecation of the legacy Message Trace support on Reporting Webservice will be slightly delayed by two weeks from the original deprecation date of February 28th, 2026 to March 18th, 2026. The tentative timeline for Public Preview of the new Message Trace support on Graph API is now December 2025.

This does not impact the deprecation timeline for the legacy Message Trace cmdlets. The legacy Message Trace cmdlets (Get-MessageTrace, Get-MessageTraceDetail) were deprecated starting back in September 1st 2025.

We are excited to announce the General Availability of the new Message Trace in the Microsoft Exchange admin center (EAC) in Microsoft Exchange Online. This new experience, previously in Public Preview, offers improved performance, modern design, and enhanced feature parity. Admins can access it via Exchange admin center > Mail flow > Message Trace.

The GA release is associated with Microsoft 365 Roadmap ID 495489.

[When this will happen:]

• Retirement of legacy Message Trace begins September 1, 2025.
• General Availability (Worldwide): We will begin rolling out mid-June and expect to complete by late July.

[How this will affect your organization:]

• Like in Public Preview, the new Message Trace UX in EAC will be available by default and Microsoft PowerShell cmdlets (Get-MessageTraceV2, Get-MessageTraceDetailV2) will be available.
• The legacy Message Trace experience and cmdlets (Get-MessageTrace, Get-MessageTraceDetail) will remain available in parallel for several months to support the transition.
• Starting September 1, 2025, the following will begin deprecating:
  • Legacy Message Trace UI in EAC.
  • Legacy cmdlets (Get-MessageTrace, Get-MessageTraceDetail).
• Starting March 18th, 2026, Reporting Web Service support for Message Trace data will begin deprecating. 

[What you need to do to prepare:]

This GA rollout and retirement will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. You may want to notify your admins and/or users about this change and update internal documentation.

• Begin using the new Message Trace experience in the Exchange admin center.
• Update any automation or scripts using legacy cmdlets to use the new versions by August 31, 2025.
• If you rely on the Reporting Web Service for Message Trace data, migrate to the new PowerShell cmdlets by March 18, 2026.
• To provide feedback on the new Message Trace, use Exchange admin center > Give Feedback.

Learn more about the GA rollout: Announcing General Availability (GA) of the New Message Trace in Exchange Online | Microsoft Community Hub (documentation will be linked to this blog before rollout)

Updated November 20, 2025: We have updated the timeline. Thank you for your patience.

[Introduction]

To enhance transparency and user control, Microsoft Teams is expanding the Explicit Recording Consent feature to include 1:1 Teams calls. This update ensures that participants must provide explicit consent before their media (audio, video, and content sharing) is included in any recording or transcription initiated by another user. This change supports privacy compliance and aligns with customer feedback requesting more granular consent controls.

This message is associated with Roadmap ID 503295.

• Targeted Release: Begins early January 2026 (previously early December 2025), completes mid-January 2026 (previously mid-December 2025).
• General Availability (Worldwide, GCC): Begins mid-January 2026 (previously mid-December 2025), completes late January 2026 (previously mid-January).
• General Availability (GCC High): Begins early February 2026 (previously late January), completes mid-February 2026 (previously early February).
• General Availability (DoD): Begins mid-February 2026 (previously late January), completes late February 2026 (previously mid-February).

Who is affected:

• Microsoft Teams administrators managing calling policies.
• Users participating in 1:1 Teams VoIP calls where recording or transcription is initiated.
• Public Switched Telephone Network (PSTN) endpoints will be auto consented. Explicit consent support for PSTN will be included in a future release.

What will happen:

• This feature applies to Microsoft Teams desktop apps on Windows and macOS.
• By default, Explicit Recording Consent is OFF and must be enabled by administrators.
• When enabled:
  • Users initiating recording or transcription in 1:1 calls will trigger a consent prompt for the other VoIP participant.
  • Until consent is granted, the participant’s audio, video, and screen/content sharing will be disabled, and as a result, excluded from the recording.
  • PSTN users will be auto-consented. Learn more at Manage Teams recording policies | Auto consent endpoints and platforms
• Administrators can apply this policy tenant-wide or to specific users.

• Update training materials to reflect that Explicit Recording Consent now applies to 1:1 calls (PSTN and Teams VoIP).
• Inform users that consent is required before recording or transcription can begin in 1:1 calls.
• Administrators can manage this feature via PowerShell or the Microsoft Teams admin center.

PowerShell commands:

Set-CsTeamsCallingPolicy -Identity Global -ExplicitRecordingConsent "Enabled"
Set-CsTeamsCallingPolicy -Identity Global -ExplicitRecordingConsent "Disabled"

Learn more: Set-CsTeamsCallingPolicy documentation

[Compliance considerations:]

Updated November 21, 2025: We have updated the timeline. Thank you for your patience.

To streamline integration options and align with partner offerings, Microsoft is retiring the managed connectors for UKG and Blue Yonder in Microsoft Teams Shifts. This change supports a transition to more flexible and scalable integration methods, including partner apps and custom APIs.

When this will happen:

• The retirement will take effect on December 7, 2025 (previously November 14).

How this affects your organization:

Who is affected:

• Organizations currently using the UKG or Blue Yonder managed connectors in Teams Shifts.
• Admins planning to deploy these managed connectors.

What will happen:

• The UKG and Blue Yonder managed connectors will no longer be available in Teams Shifts after December 2025.
• Existing users will need to transition to alternate solutions before the retirement date.
• New customers will not be able to deploy these managed connectors going forward.

What you can do to prepare:

• Work with your Microsoft account team to complete your transition plan.
• UKG customers can adopt the UKG Flow app available in Teams. Learn about UKG Flow for Microsoft Teams.
• Other customers can build custom integrations using Create a custom integration to sync your workforce management system with Shifts | Microsoft Learn.
• Communicate this change to helpdesk and operations teams managing workforce scheduling.
• Update internal documentation to reflect the retirement and new integration paths.
• For questions, contact your Microsoft account representative.

Updated November 21, 2025: We have updated the timeline. Thank you for your patience. 

[Introduction]

We’re introducing the Explore Pane, a new side panel in the Microsoft 365 Copilot app designed to help users discover how to use Copilot effectively. This guided experience supports users in building confidence and unlocking the value of AI through contextual, step-by-step journeys across the Create, Search, and Notebooks modules. This enhancement aligns with our goal to make Copilot more approachable and valuable for all users.

[When this will happen:]

• Targeted Release (Worldwide): Rolling out from early December 2025 (previously mid-November), expected to complete by late December 2025 (previously late November).

[How this affects your organization:]

• Who is affected: All users of the Microsoft 365 Copilot app on Web, Windows, and Mac desktop platforms with Commercial SKUs (Starter and Premium).
• What will happen:
  • Users will see a new Explore Pane when navigating to the Create, Search, or Notebooks modules.
  • The pane provides guided, contextual steps to help users get started and find value in each module.
  • The feature is on by default; no admin action is required.

[What you can do to prepare:]

• No admin controls or policy updates are required.
• You may wish to:
  • Inform users about the new guided experience.
  • Share how to reopen the Explore Pane via the Settings menu.
  • Update internal documentation or training materials if you include guidance on using Copilot.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

[Introduction]

We are pleased to announce that SharePoint Online Management Shell now supports App-Only Certificate-Based Authentication. This update addresses the business need for secure, unattended automation in environments where (for example) Multi-Factor Authentication (MFA) is enforced. With this enhancement, customers can run automation scripts using app identities, ensuring compliance with security policies while maintaining operational efficiency.

[When this will happen:]

This feature is now generally available.

[How this affects your organization:]

Who is affected: SharePoint administrators and automation engineers using SharePoint Online Management Shell for scripting and automation.

What will happen:

• Customers can now authenticate scripts using app identities registered in Microsoft Entra ID (formerly Azure AD), instead of user credentials.
• This enables seamless execution of unattended scripts, even when MFA is enforced.
• We expect most scenarios to work with App-Only authentication. However, there could be rare cases where an API needs an explicit user token for security reasons. In such cases, tenant admins should use interactive flows with admin/user credentials. Feel free to reach out to us if needed.

[What you can do to prepare:]

Follow these one-time steps to register your app and enable certificate-based authentication:

1. Step 1: Register the application in Microsoft Entra ID.
2. Step 2: Assign API permissions to the application:
   • Tenant Admin APIs currently support App-Only access only if they have the Sites.FullControl scope.
   • We are in the process of supporting more granular scopes for tenant APIs. For up-to-date information, refer to SharePoint Admin APIs Authentication and Authorization.
   • You can assign permissions by:
     • Selecting and assigning API permissions from the portal.
     • Modifying the app manifest to assign API permissions (required for Microsoft 365 GCC High and DoD organizations).
   • Learn more: Step 2: Assign API permissions to the application
3. Step 3: Generate a self-signed certificate or obtain one from a certificate authority.
4. Step 4: Attach the certificate to the Microsoft Entra application.

Once these steps are completed, update the Connect-SPOService line at the beginning of your scripts to use the app identity instead of user credentials. For examples, refer examples 7, 8, and 9 in this article: Connect-SPOService (Microsoft.Online.SharePoint.PowerShell).

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

[Introduction:]

We’re introducing OpenAI’s Sora 2, an advanced video generation model, into Microsoft 365 Copilot. This integration enables licensed Microsoft 365 Copilot users in the Frontier Program to create short, AI-generated videos using natural language prompts. The feature helps organizations accelerate creative workflows while maintaining enterprise-grade security and compliance.

[When this will happen:]

• Preview (Frontier): Available now for Microsoft 365 Copilot licensed users in the Create experience under the Frontier program.

[How this affects your organization:]

Who is affected: Microsoft 365 Copilot licensed users in participating Frontier tenants.

What will happen:

• Users can generate clips at 720p x 1080p resolution with synchronized audio and realistic visuals:

 

• Users can replace media in their video projects with generated clips.
• Videos are stored in OneDrive for Business or SharePoint Online, following your organization’s retention and compliance policies.
• By default, generative AI video is enabled for Copilot licensed users in participating tenants.
• Security and compliance: All interactions are logged, encrypted (TLS 1.2 in transit, Customer Key or Microsoft Managed Key at rest), and governed by Microsoft Purview policies (audit logging, retention, eDiscovery, DLP).
• Responsible AI safeguards: Prompts are screened for inappropriate content; generated videos include visible AI-generated watermarks for transparency.

[What you can do to prepare:]

No configuration or technical admin action is required. However, we recommend that you:

• Inform your Frontier users about the new generative video capability in Microsoft 365 Copilot.
• Share guidance on how to generate clips and replace media in projects.
• Update internal documentation if you maintain feature details for your organization.

Learn more: 

• Available today: OpenAI’s Sora 2 in Microsoft 365 Copilot | Microsoft 365 Copilot Blog
• Create AI-generated short clips with Microsoft 365 Copilot (Frontier) | Microsoft Support
• Replace part of a video project with an AI-generated short clip (Frontier) | Microsoft Support

[Introduction:]

We’re updating how you manage user exclusions in Viva Insights and Copilot Analytics. Starting early December 2025, exclusions will be controlled through Viva Feature Access Management (VFAM) policies instead of the current list-based method in the Microsoft 365 admin center. This new approach lets admins create user-, group-, or tenant-level policies to exclude users from all Viva Insights measurement (Copilot Dashboard, Advanced Insights, Organizational Insights), using the same scalable policy framework as other Viva features.

[When this will happen:]

The VFAM-based exclusion feature will begin rolling out in early December 2025. Exact rollout dates may vary by region.

[How this affects your organization:]

Who is affected: Admins managing Viva Insights and Copilot Analytics exclusions.

What will happen:

• Existing exclusion lists will be automatically migrated to VFAM; no admin action is required.
• Users already excluded will remain excluded across all Viva Insights experiences.
• VFAM will become the default and only method for managing exclusions.
• Admins will use VFAM policies to configure new exclusions at the user, group, or tenant level.
• The exclusion behavior remains unchanged; only the configuration method is updated.

Screenshot – Viva Feature Access Management feature for Exclusion management:

[What you can do to prepare:]

• No immediate action is required.
• Inform your Viva admins about the upcoming change.
• Once VFAM is live, review your exclusion settings in the Microsoft 365 admin center (under Viva Insights).
• Use the VFAM policy interface for any future updates.

Learn more about VFAM access: Control access to features in Microsoft 365 | Microsoft Viva | Microsoft Learn

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

[Introduction]

Microsoft is introducing the ability to search Viva Engage conversations directly within the Viva Engage app in Microsoft Teams mobile. This update is intended to improve content discoverability within the mobile experience.

This message is associated with roadmap ID 526707.

Screenshot 1: Engage app in Teams with the new Search button in the top-right.

[When this will happen:]

General Availability (Worldwide): Rollout will begin in mid-November 2025 and is expected to complete by early January 2026.

[How this affects your organization:]

• Who is affected: Users who access Viva Engage through the Microsoft Teams mobile app.
• What will happen:
  • Viva Engage conversations will be searchable within the Viva Engage app in Teams mobile.
  • This update applies only to the mobile experience. Other Engage endpoints already have this feature.
  • The feature will be enabled by default.

[What you can do to prepare:]

• Update any internal documentation that references Viva Engage search capabilities.
• No admin action is required to enable the feature.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

[Introduction:]

We’re introducing a visual refresh of the Access Request and Access Denied page experience across Microsoft 365, redesigned to help users quickly request access to content such as documents, SharePoint sites, or Teams meeting recordings. This update features modern Fluent illustrations, animations, and clearer messaging to make it easier to understand and resolve access issues for a more seamless collaboration experience.

[When this will happen:]

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in early January 2026 and expect to complete by early February 2026.

[How this will affect your organization:]

Who is affected: All users requesting access to content stored on OneDrive and SharePoint.

• Users will see a redesigned Access Request page when attempting to access restricted content: 



• The page will feature updated Fluent visuals and animations.
• Messaging will be clearer to help users understand the status of their request:



• No changes to admin policies or access controls.
• The update will be enabled by default.

[What you need to do to prepare:]

No action is required to enable this update; it will be applied automatically.

However, to ensure a smooth experience for your users, we recommend the following:

• Communicate this change to helpdesk and support staff so they can assist users who may have questions about the new visuals or messaging.
• Update internal documentation if you reference the Access Request or Access Denied experience in training materials or support guides.
• Review any custom workflows or access request processes to ensure they align with the updated experience.
• Monitor user feedback after rollout to identify any confusion or support needs related to the new design.

[Compliance considerations:] 

No compliance considerations identified, review as appropriate for your organization.

We've released updates to the following update channel for Microsoft 365 Apps:

• Current Channel

[When this will happen:]

We'll be gradually rolling out this update of Microsoft 365 Apps to users on that update channel starting November 20th, 2025 (PST).

[How this will affect your organization:]

If your Microsoft 365 Apps clients are configured to automatically update from the Office Content Delivery Network (CDN), then no action is required.

If you manage updates directly you can now download this latest update and begin deployment.

[What you need to do to prepare:]

To get more details about this update view the following release notes:

• Current Channel

• Authenticate with Microsoft or Authenticate Manually – This allows you to force authentication through Microsoft Entra ID or set up manual authentication.
• No authentication allows anonymous access.

• WINS deprecation was announced in Windows Server 2022. Deprecation means the feature remains supported and maintained, but there is no further active development or new functionality planned. 
• November 2034 is the end of the lifecycle for Windows Server 2025, which also marks the end of support for WINS. 

• WINS Server role and associated binaries 
• WINS Microsoft Management Console (MMC) snap-in 
• WINS automation APIs and related management interfaces 

• Audit dependencies: Inventory applications and services that rely on NetBIOS name resolution to understand impact. 
• Migrate to DNS: Implement conditional forwarders, split-brain DNS, or search suffix lists to replace WINS functionality with scalable, modern DNS solutions. 
• Update applications: Modernize or retire legacy applications that depend on WINS to avoid future compatibility issues. 
• Avoid temporary workarounds: Solutions like static host files do not scale and are not sustainable for long-term environments. 

• WINS removal: Moving forward with modern name resolution 
• Features Removed or No Longer Developed in Windows Server 
• Windows Internet Name Service (WINS) 
• Domain Name System (DNS) in Windows and Windows Server