| Microsoft Authenticator app: Upcoming changes to jailbreak and root detectionCategory:Microsoft EntraNummer:MC1179154Status:planForChange | [Introduction]
Starting February 2026, we will introduce jailbreak and root detection for Entra credentials in the Microsoft Authenticator app on both iOS and Android platforms. This change enhances security by preventing Entra credentials from functioning on jailbroken/rooted devices. All existing Entra credentials on jailbroken or rooted devices will be wiped to protect your organization. This capability is secure by default and does not require any admin configuration or control.
[When this will happen] General Availability (Worldwide) rollout begins in February 2026 and is expected to complete in April 2026.
[How this affects your organization]
Who is affected: All users of Microsoft Authenticator on iOS and Android whose Entra credentials are registered on jailbroken or rooted device. What will happen:
- The feature is secure by default.
- Users on jailbroken or rooted devices will experience the following phased rollout:
- Phase 1 – Warning Mode: Users receive a warning that their device is jailbroken or rooted and will be blocked in the future (screenshots 1-4):
- Phase 2 – Blocking Mode: Users are blocked from registering Entra credentials or signing in via Authenticator (screenshots 5-6):
- Phase 3 – Wipe Mode: Existing Entra credentials are wiped from jailbroken or rooted devices (screenshots 7-10):
- Users on compliant (non-Jailbroken or non-rooted) devices will not be affected.
[What you can do to prepare]
- Notify users about this upcoming change.
- Communicate to helpdesk staff that Authenticator will become unusable for Entra accounts on jailbroken or rooted devices.
- Update internal documentation if you reference Authenticator usage.
- No admin action is required to enable or configure this feature.
Learn more: About Microsoft Authenticator | Microsoft Support [Compliance considerations]
No compliance considerations identified, review as appropriate for your organization. |
| Microsoft Defender for Identity: New recommendation added to Microsoft Secure ScoreCategory:Microsoft Defender XDRNummer:MC1179155Status:stayInformed | Introduction
To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration.
When this will happen:
- Public Preview: Rollout begins early November 2025, completes by mid-December 2025
- General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025
How this affects your organization:
- Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
- What will happen:
- A new improvement action will appear in Microsoft Secure Score: Change password for accounts with potentially leaked credentials
- This recommendation is visible only if your tenant has a Defender for Identity sensor deployed.
- The update is enabled by default and requires no configuration changes.
- No impact to end-user workflow unless acted upon by the admin.
What you can do to prepare:
- No admin action is required before or after rollout.
- Review your current identity configuration to assess potential impact.
- Notify relevant administrators and update internal documentation as needed.
- Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.
- Learn more: Microsoft Secure Score
Compliance considerations:
No compliance considerations identified, review as appropriate for your organization. |
| Updated SharePoint document library user experienceCategory:SharePoint OnlineNummer:MC1179157Status:stayInformed | [Introduction] Microsoft is introducing a refreshed user experience for SharePoint document libraries to improve usability and navigation. These updates are based on customer feedback and aim to streamline common actions, enhance visibility of filters and views, and improve folder navigation—all without disrupting existing customizations. 
This message is associated with Roadmap ID 500870.
[When this will happen:]
- Targeted Release: Begins early November 2025 and completes by late November 2025.
- General Availability (Worldwide, GCC, GCC High, and DoD): Begins early January 2026 and completes by late January 2026.
[How this affects your organization:]
- Who is affected:
- All users of SharePoint document libraries across Microsoft 365 tenants.
- Note: Some users may have access to this feature before other users within your organization.
- What will happen:
- Simplified command bar: The command bar has been reorganized for clarity and efficiency. The “New” and “Upload” actions are now combined into a single “Create or Upload” hero button, docked at the upper right.
- Improved breadcrumb navigation: The breadcrumb has been redesigned to make navigating between folders faster and more intuitive. Users can now:
- See their current folder context clearly.
- Jump back to any parent folder with a single click.
- Use the dropdown next to the folder name in the breadcrumb to create folders or upload files directly into the current folder.
- When at the root of a library, use the “Other Libraries” sub-menu to navigate between libraries in the same site.
- More visible custom views, view creation, and view saving: Custom views and view creation are now displayed more prominently inside pills directly under the breadcrumb. When sorts, filters, or groups are applied but not saved to the view, a visual indicator shows that others won’t see these changes until they’re saved.
- Filter pills: Filter pills provide a faster way to refine your view. Instead of opening the full filter pane, users can:
- Apply file type filters directly from the pill bar at the top of the document library.
- See all active filters as pills in this bar.
- Use the clear button to remove all filters and return to the saved view.
- View options button: Common view customization options are now surfaced under a new “Options” button, including:
- Layout options
- Sort and group options
- Field visibility and formatting
- Command bar custom formatter behavior: Any command configured with the following attributes will now appear in a distinguished area on the far right (or far left for right-to-left locales) of the command bar:
"primary": true"position": 0
Full details are documented here: View command bar formatting documentation
- No impact to other customizations: Other than the command bar custom formatter behavior described above, this change will not affect existing customizations made through SPFX, column formatting, or view formatting.
[What you can do to prepare:]
- No action is required to prepare for this change.
- If you use custom command bar formatters, review the updated placement behavior: View command bar formatting documentation.
- Before rollout, we will update this post with new documentation.
[Compliance considerations:]
No compliance considerations identified, review as appropriate for your organization. |
| Microsoft Defender for Identity: Activate the Unified Sensor now generally availableCategory:Microsoft Defender XDRNummer:MC1179159Status:stayInformed | [Introduction] We’re excited to announce the general availability (GA) of the Unified Sensor for Microsoft Defender for Identity. This milestone simplifies the activation of identity protections on qualifying domain controllers by extending the existing Microsoft Defender for Endpoint agent. With just a few clicks, you can enable identity alerts, posture recommendations, and automatic attack disruption—no additional agent installation required. [When this will happen] General Availability (Worldwide, GCC, GCCH, and DoD): Available now. [How this affects your organization] Who is affected: Admins managing domain controllers with Microsoft Defender for Endpoint deployed. What will happen: - The Unified Sensor can be activated on qualifying domain controllers.
- Identity-specific alerts and posture recommendations will begin flowing shortly after activation.
- No downtime is required for domain controllers.
- Existing licenses, capabilities, and alerts remain unaffected.
- Activation does not require additional installations.
- The Unified Sensor v3.x:
- Cannot be activated on servers with Defender for Identity sensor v2.x already deployed.
- Does not currently support VPN integration or ExpressRoute.
- Does not yet offer full functionality for health alerts, posture recommendations, security alerts, or advanced hunting data.
[What you can do to prepare] - Review deployment prerequisites to ensure your environment is ready.
- Go to the Activation page in the Microsoft Defender portal.
- Review all your eligible domain controllers (those onboarded with Microsoft Defender for Endpoint, version 2019 or above).
- Activate the new sensor on your domain controllers.
- Ensure your domain controllers meet the following minimum requirements:
- Windows Server 2019 or later.
- June 2025 Cumulative Update or later.
- Defender for Endpoint must be deployed.
- Domain controller must not already have Defender for Identity sensor v2.x installed.
- Server must have at least 2 cores and 6 GB RAM.
- Power Option should be set to High Performance.
- Time synchronization across servers must be within five minutes.
- If using virtualization:
- For Hyper-V: Disable Dynamic Memory.
- For VMware: Reserve all guest memory.
- Licensing requirements include one of the following:
- Microsoft 365 E5/A5/G5/F5 Security
- EMS E5/A5
- Standalone Defender for Identity license
- To support advanced identity detections, consider applying the Unified Sensor RPC Audit tag via Asset Rule Management in the Microsoft Defender portal.
- Configure Windows auditing to support enhanced detections. You may use the Set-MDIConfiguration PowerShell command to automate audit policy setup.
- Run the Test-MdiReadiness.ps1 script to validate your environment before deployment.
- Communicate this update to your security operations team.
Learn more: [Compliance considerations] No compliance considerations identified, review as appropriate for your organization. |
| Microsoft 365 Copilot (web and mobile): Sharing Copilot Notebooks and mobile app rolloutCategory:Microsoft Copilot (Microsoft 365)Nummer:MC1179160Status:planForChange | [Introduction]
Microsoft is introducing two new ways for users to engage with Microsoft 365 Copilot: - Sharing Copilot Notebooks on the web, enabling teams to collaborate in a single notebook with shared enterprise content
- A new Microsoft 365 Copilot mobile app, allowing users to access Copilot experiences on the go
Sharing Copilot Notebooks enables teams to collaborate in a single notebook, combining Pages, Loops, OneNote Notebooks, SharePoint Sites, and other Microsoft 365 content with Copilot intelligence. This feature provides shared insights while maintaining data security and permissions, helping admins enable cross-functional collaboration with confidence. These updates are designed to improve cross-functional collaboration and extend Microsoft 365 Copilot’s value across platforms.
This message is associated with Microsoft 365 Roadmap ID 506851.
[When this will happen] General Availability (Worldwide): - Web: Will begin rolling out in late October 2025 and expect to complete in December 2025 based on telemetry.
- Mobile: Will begin rolling out in early November 2025 and expect to complete in December 2025 based on telemetry.
[How this affects your organization]
- Who is affected: Users with a Microsoft 365 Copilot license (Copilot $30 SKU). Users without a Microsoft 365 Copilot license can be invited to a shared notebook, but they will not be able to access or interact with the content. Instead, they will see a prompt to acquire a Copilot license.
- What will happen:
- Users will be able to share a notebook they created with other Copilot-licensed users:
- Users can create and collaborate on shared notebook pages.
- Copilot responses will be grounded in shared enterprise content.
- Chats within shared notebooks remain private to each user.
- Access to linked files is granted only when the sharer has permission to share further.
- Copilot ensures data sensitivity is protected when content is brought from chat into the notebook.
- This feature improves cross-functional workflows and enables Copilot to deliver answers based on shared context.
- Sharing is enabled by default when Copilot Notebooks is turned on via Office Cloud Policy Service (OCPS).
- There is currently no admin control to disable sharing independently; the only way to prevent sharing is to disable Copilot Notebooks entirely via OCPS.
- A new Copilot mobile app will be available in November 2025, allowing users to access Copilot experiences from their mobile devices.
[What you can do to prepare]
- Review your OCPS settings to manage Copilot Notebook availability.
- Notify users who will receive the feature (everyone with a Copilot license by default).
- Update user training materials to reflect the new collaboration capabilities and mobile access.
- Prepare your help desk to support questions about shared notebooks and the mobile app.
- Confirm licensing eligibility for users in EDU, GCC, and other sovereign cloud environments.
- Documentation links are being updated and will be provided when available.
[Compliance considerations]
No compliance considerations identified, all compliance capabilities will be the same as the Microsoft 365 Copilot Notebooks experience. |
| Microsoft PowerPoint: “Reuse Slides” feature will retire starting 2026Category:Microsoft 365 appsNummer:MC1179161Status:stayInformed | [Introduction]
Starting in January 2026, Microsoft will retire the Reuse Slides feature from PowerPoint for Windows and Mac desktops. This change is part of ongoing efforts to simplify the PowerPoint experience and remove features that duplicate existing capabilities.
[When this will happen:]
- General Availability (Worldwide): We will begin retiring this feature starting in December 2025 and expect to complete in January 2026.
[How this affects your organization:]
- Who is affected: All users of PowerPoint on Windows and Mac desktops.
- What will happen:
- The Reuse Slides option will be removed from the PowerPoint ribbon.
- The feature will no longer be supported or accessible.
- No admin controls are available to retain or re-enable the feature.
[What you can do to prepare:]
- Communicate this change to helpdesk staff.
- Update internal documentation or training materials that reference the Reuse Slides feature.
- If your organization relies on slide reuse workflows, consider alternative methods such as manually copying slides between presentations.
[Compliance considerations:]
No compliance considerations identified, review as appropriate for your organization. |
| Microsoft Custom engine agents: Introducing file upload supportCategory:Microsoft Copilot (Microsoft 365)Nummer:MC1179162Status:stayInformed | Custom engine agents (CEA) are specialized agentic solutions that can be built using any large language model (LLM), toolchain, or orchestration framework, and are tailored to specific domain or tenant workflows. These agents can be created using either Microsoft Copilot Studio or the Agents Toolkit. File upload support is already available in Microsoft 365 Copilot Business Chat. We’re now extending this capability to Custom engine agents, enabling users to upload files stored locally or in OneDrive directly to agents. Once uploaded, agents can access the file for a short duration and respond to user queries based on its contents. This update aligns with customer feedback requesting more flexible input options for agent interactions.
[When this will happen:]
General Availability (Worldwide): Rollout will begin in early November 2025 and is expected to complete by late November 2025.
[How this affects your organization:]
- Who is affected: All users of Custom engine agents, whether built using Copilot Studio or the Agents Toolkit. This includes users on free, metered, and paid Copilot plans.
- What will happen:
- Users will be able to upload files directly to Custom engine agents.
- Supported file types will match those supported by Copilot.
- Image file support will be added in a future update.
- The feature will be ON by default once available.
- No changes to existing admin policies are required.
[What you can do to prepare:]
- Communicate this change to helpdesk staff.
- Update internal documentation if you reference CEA capabilities.
- Review the documentation for details on agent configuration and supported capabilities.
Learn more: Custom engine agents for Microsoft 365 overview | Microsoft Learn [Compliance considerations:]
| Question | Answer | Explanation |
|---|
| Does this change store new customer data, and if so, where is it stored and is the data cached or permanently stored? | Yes | Uploaded files are temporarily accessible to the agent for a few minutes |
| Does this change introduce or significantly modify AI/ML or agent capabilities that interact with or provide access to customer data? | Yes | Custom engine agents will be able to access uploaded files and respond to user queries based on the file contents. |
| Does this change provide end users any new way of interacting with generative AI, and if so, how? | Yes | Users can now upload files to agents, expanding interaction beyond text input. |
|
| An updated version of the October 2025 Scan Cab is availableCategory:WindowsNummer:MC1179337Status:preventOrFixIssue | IMPORTANT: This notice is only relevant for environments where: - Scan Cab is used to check for update compliance.
- The October 2025 Scan Cab was deployed before 8:54 pm PT on October 24, 2025.
An updated version of the October 2025 Scan Cab was made available at 8:54 pm PT on October 24, 2025. This Scan Cab includes new metadata corresponding to new updates for the following versions of Windows Server: The new Microsoft updates include an out-of-band update, released October 20, 2025, to fix an issue in the Windows Recovery Environment (WinRE), and out-of-band updates, released October 23-24, 2025, that include additional protections to address CVE-2025-59287. Windows servers that do not have the WSUS server role enabled are not affected by this vulnerability. See the additional information section of this message for details.
How this affects your organization: IT administrators who downloaded the Scan Cab before 8:54 pm PT on October 24, 2025, should re-acquire and re-deploy their Scan Cab if it is used to assess updates for environments where Windows Server is installed and the WSUS server role is enabled. No action is required on environments where Scan Cab is not employed. However, please note that there might be non-Microsoft applications which utilize Scan Cab. Review the documentation for any software and update deployment tools which might be in use for your organization to understand if this is applicable in your environment. What you need to do to prepare: Administrators can re-deploy the updated Scan Cab via their usual processes. For detailed guidance, see the Additional information section below. Additional information: |
| Dynamics 365 Contact Center – Enable selective hold with music and exit promptsCategory:Dynamics 365 AppsNummer:MC1179700Status:stayInformed | We are announcing the ability to enable selective hold with music and exit prompts in Dynamics 365 Contact Center. This feature will reach general availability on November 24, 2025.
How does this affect me?
This feature enables voice agents to use selective hold periods when callers need time to retrieve information or respond. By playing music or promotional prompts during these pauses, the system prevents silences that might suggest disconnection or audio problems.
With Hold and Resume, you can create more natural and considerate voice experiences. For example:
- When sending a one-time passcode (OTP), the agent can automatically enter a hold state, giving the caller time to retrieve and enter the code.
- If a caller needs a moment to find an order number, personal information, or other documents, the agent can pause and wait without interrupting or misinterpreting background noise as input.
What action do I need to take?
This message is for awareness and no action is required.
If you would like more information on this feature, please visit the Enable selective hold with music and exit prompts article. |
