Microsoft Roadmap, messagecenter and blogs updates from 28-10-2025

28-October-2025 Below you will find a collection of news published yesterday. This news consists of Microsoft’s Roadmap when it is updated it will be below with items. Then there will be a section with the message center, if there is anything new there, this will be automatically included. And it contains a piece from blogs that I follow myself and would like to share with you. If I miss something in the blogs that do have an RSS feed, please let me know.

This entire post was automated via Microsoft Flow
have fun reading!

The blogs of this day are:

Harden your identity defense with improved protection, deeper correlation, and richer context	van @MSFTSecurity
Microsoft 365 Pulse Roadmap webcast – Episode 265	van @duffbert
Summary of Guardians of M365 Governance Ep.22	van @buckleyplanet
Copilot Chat can now reason over your Copilot Pages	van nogintevullen
Project Failure Files: Never Reinforcing Positive Behaviors	van @buckleyplanet
Microsoft Teams Rolls Out Malicious URL Protection for Chats & Channels	van nogintevullen
Enable Passwordless Authentication for Hybrid Domain with Microsoft Entra Kerberos	van nogintevullen
Zero Trust Zone – Episode 2 Now Live!	van @vanhybrid
New Forms in SharePoint Documents Library	van nogintevullen
Allowing Users to Add Enterprise Apps to Entra ID is a Bad Idea	van @12Knocksinna
Microsoft 365 – Password-protect PDF files in SharePoint and OneDrive!	van @jcgm1978
Understanding Machine Key Rotation using the new automatic SharePoint timerjob	van @stefan_gossner
Managing Windows 365 Link devices with Intune	van inthecloud_247
Microsoft Teams : What Are Trust Indicators and Why They Matter for Your Security [Infographic]	van @TechLaurent
How to Track Employee Leave Using Power Automate and SharePoint Lists	van @Ryan Clark
Power Apps vs OutSystems: Low-Code App Builder Face-Off (Comparison Guide)	van @Ryan Clark
How to Protect Microsoft Hybrid Environment Against Identity Attacks	van nogintevullen
Copilot Chat : Start a Group Chat in Teams	van nogintevullen
Yoshua Bengio on the catastrophic risk from uncontrolled AI agency	van @_SharePoint_
Image search is coming to Teams chats and channels	van nogintevullen
Best Methods to Securely Store Passwords for Automated PowerShell Scripts	van nogintevullen
Dynamic Conditional Access policies using custom security attributes	van @janbakker_
Design Ideas on SharePoint Pages	van @gregoryzelfond
11 Best Practices to Secure Remote Desktop Access	van nogintevullen
Weekly Update 27 October 2025 – AI in Windows, VS, Workflows. Microsoft Agent Framework write-up	van @tomorgan
Stealing Access Token Secrets from Teams is Hard Unless a Workstation is Compromised	van @12Knocksinna
Microsoft Teams: AI Workflows Powered by Microsoft 365 Copilot	van nogintevullen
Microsoft Authenticator to block Entra credentials on jailbroken/rooted devices	van nogintevullen

Office 365 Roadmap Updated: 2025-10-28

Additions : 4
Updates : 7

More Details At: www.roadmapwatch.com

New Features	Current Status
Microsoft Copilot (Microsoft 365): [Copilot Extensibility] [DevX] Compliance sensitivity labels for custom connectors	In Development
Microsoft Copilot (Microsoft 365): [Copilot Extensibility] User can create agents scoped on specific item/ container using URL	In Development
Outlook: LDAP directory support for S/MIME in New Outlook	In Development
Microsoft 365 admin center: Usage reports – Microsoft 365 Copilot Connectors	In Development

Updated Features	Current Status	Update Type
Microsoft Teams: Copilot in Teams meetings can search web and work files, emails and people	Cancelled	Status, Description
Outlook: New Scheduling and Event Creation Experience	Rolling Out	Description
Microsoft Copilot (Microsoft 365): Reference a Loop or Page when creating a presentation with Copilot	Launched	Status
Microsoft Copilot (Microsoft 365): Reference a Loop or Page when creating a presentation with Copilot	Launched	Status
Microsoft Copilot (Microsoft 365): Reference a Loop or Page when creating a presentation with Copilot	Launched	Status
Microsoft Copilot (Microsoft 365): Copilot for PowerPoint will help you build your story’s narrative	Cancelled	Status, Description
Microsoft Copilot (Microsoft 365): Copilot for PowerPoint will help you build your story’s narrative	Cancelled	Status, Description

Items from the MessageCenter in Microsoft 365

(Update)Microsoft Purview compliance center: Insider Risk Management – Enhancements to user scoping features in Policies
Category:Microsoft Purview
Nummer:MC1047928
Status:stayInformed

Updated: We have updated the timeline for gov clouds. Thank you for your patience.

Microsoft Purview Insider Risk Management will be rolling out enhancements to user scoping features in Policies.

This message is associated with Microsoft 365 Roadmap ID 484081.

[When this will happen:]

Public Preview: We will begin rolling out on mid-April 2025 and expect to complete by late April 2025.

General Availability (Worldwide): We will begin rolling out in late June 2025 and expect to complete by early July 2025.

General Availability (GCC, GCC High, DoD): We will begin rolling out in early October 2025 and expect to complete by late January 2026 (previously early November 2025).

[How this will affect your organization:]

With this new feature, Insider Risk Management administrators can include or exclude specific users, groups, and adaptive scopes within Policies. We are also adding support for non-email enabled Security Groups within Insider Risk Management policies.

[What you need to do to prepare:]

Insider Risk Management admins with appropriate permissions can select combinations of users, groups, and adaptive scopes to include or exclude from Insider Risk Management policies in the Microsoft Purview portal. Insider Risk Management admins can also choose non-email enabled Security Groups in the Users & Groups step of Insider Risk Management policies.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

(Updated) Microsoft Purview | Insider Risk Management: Updated user scoping features in policies
Category:Microsoft Purview
Nummer:MC1075907
Status:stayInformed

Updated: We have updated the timeline for gov clouds. Thank you for your patience.

Microsoft Purview | Insider Risk Management will roll out enhancements to user scoping features in policies,

This message is associated with Microsoft 365 Roadmap ID 412942.

[When this will happen:]

General Availability (Worldwide): We will begin rolling out late June 2025 and expect to complete by early July 2025.

General Availability (GCC, GCC High, DoD): We will begin rolling out early October 2025 and expect to complete by late January 2026 (previously early November 2025).

[How this will affect your organization:]

After this rollout, Insider Risk Management admins with appropriate permissions can select combinations of users, groups, and adaptive scopes to include or exclude from Insider Risk Management policies in the Microsoft Purview portal at New insider risk policy > Users and groups > Exclusions (optional):

admin controls

This change will be available by default.

[What you need to do to prepare:]

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. You may want to notify your users about this change and update any relevant documentation.

Learn more about creating policies in Microsoft Purview Insider Risk Management

Microsoft Copilot Studio – Automate approvals decisions with Intelligent Approvals
Category:Power Platform
Nummer:MC1162218
Status:stayInformed

Update: Release of this feature has been postponed; we will announce a new date in the future.

We are announcing the ability to automate approvals decisions with Intelligent Approvals in Microsoft Copilot Studio. This feature will reach general availability on October 28, 2025.

How does this affect me?
With this feature, makers will not need to route every approval to a human. Instead, they configure an AI stage where a large language model evaluates the request using natural language prompts and contextual variables, such as text, documents, and images. The AI uses the defined logic to decide whether to approve or reject the request. Makers keep full control and decide if approvals are automatic or if humans can veto them.

What action do I need to take?
This message is for awareness, and no action is required.

If you would like more information on this feature, please visit Automate approvals decisions with Intelligent Approvals.

Microsoft Copilot Studio – Strengthen security of Copilot Studio agents with additional threat protection
Category:Power Platform
Nummer:MC1180712
Status:stayInformed

We are announcing the ability to strengthen security of Copilot Studio agents with additional threat protection in Microsoft Copilot Studio. This feature will reach general availability on November 28, 2025.

How does this affect me?
This feature allows you to configure external threat detection systems for enhanced oversight. These tools operate during the agent’s run-time, continuously evaluating agent activity. If the system detects any tools or actions it deems suspicious, it can intervene to approve or block their execution, providing an extra layer of real-time protection and compliance enforcement.

With the flexibility provided by this feature, users can select Microsoft Defender, integrate with other trusted security partners, or develop and connect your own custom monitoring solutions. Admins can enable this feature using the following steps:

Register a Microsoft Entra application: A Power Platform Administrator creates an Entra app to securely authenticate between Copilot Studio and the chosen external monitoring provider. This can be done using a provided PowerShell script or manually through the Azure portal.
Configure integration in Power Platform Admin Center: The administrator enters the Entra app details and the REST API endpoint from the security partner in the Admin Center’s threat detection settings.

Once enabled, Copilot Studio shares only the necessary runtime data with the external provider for real-time decision-making. The integration can be disabled at any time if requirements change. External threat detection is available only for generative agents using generative orchestration (not classic agents).

Organizations are responsible for ensuring their chosen provider’s data handling and compliance standards meet internal and regulatory requirements.

What action do I need to take?
This message is for awareness, and no action is required.

If you would like more information on this feature, please visit the Enable external threat detection and protection for Copilot Studio custom agents (preview).

An updated version of the October 2025 Scan Cab is available
Category:Windows
Nummer:MC1180840
Status:stayInformed

IMPORTANT: This notice is only relevant for environments where:

Windows Server Update Services (WSUS) is used to deploy Windows security updates to Windows Server devices.
Scan Cab is used to check for update compliance.
The October 2025 Scan Cab was deployed before 8:54 PM PT on October 24, 2025.

An updated version of the October 2025 Scan Cab was made available at 8:54 am PT on October 24, 2025. This Scan Cab includes new metadata corresponding to new updates for the following versions of Windows Server:

• Windows Server 2025 (KB5070762; KB5070881)

• Windows Server, version 23H2 (KB5070879)

• Windows Server 2022 (KB5070884)

• Azure Automanage for Windows Server 2022 with Hotpatch (KB5070892)

• Windows Server 2019 (KB5070883)

• Windows Server 2016 (KB5070882)

• Windows Server 2012 R2 (KB5070886)

• Windows Server 2012 (KB5070887)

The new Microsoft updates for these Windows Server versions, released October 24, 2025, included additional protections to address CVE-2025-59287. See the additional information section of this message for details.

How this affects your organization:

IT administrators who downloaded the Scan Cab before 8:54 PM PT on October 24, 2025, should re-acquire and re-deploy it if the Scan Cab is used to assess updates for environments where WSUS is used to deploy Windows security updates to Windows Server devices.

No action is required on environments where Scan Cab is not employed and does not use WSUS to Windows Server devices. However, please note that there might be non-Microsoft applications which utilize Scan Cab. Review the documentation for any software and update deployment tools which might be in use for your organization, to understand if this is applicable in your environment.

What you need to do to prepare:

Administrators can re-deploy the updated Scan Cab via their usual processes. For detailed guidance, see the Additional Information section below.

Additional information:

Updated Scan Cab: Download the new Scan Cab here
Take Action: Out-of-band update to address a vulnerability in Windows Server Update Services (WSUS)
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Announcing a smaller WSUS Scan Cab – Microsoft Tech Community: Learn more about WSUS and the Scan Cab process
Using WUA to Scan for Updates Offline – Win32 apps | Microsoft Docs: Windows Update Agent (WUA) can be used to scan computers for security updates without connecting to Windows Update
WSUS and the Catalog Site | Microsoft Docs: The Catalog Site used by WSUS to import updates and drivers

Power Platform admin center – Updates for security roles in child business units
Category:Power Platform
Nummer:MC1180845
Status:stayInformed

We have scheduled an update for the Power Platform admin center that changes how Dataverse security role fields are populated in child business units. The ModifiedOn and ModifiedBy Dataverse security role fields in child business units will now inherit the value set in the parent business unit. This change will be deployed on October 31, 2025.

How does this affect me?
Previously, when security roles were inherited from the parent business unit into the child business units, the ModifiedOn and ModifiedBy fields of the child business units were not populated.

What action do I need to take?
Review your process or report if you are reporting on these fields and make the necessary changes.

For more information, please review the Security roles and privileges documentation.

Microsoft Copilot Studio – Add and configure tool groups to agents
Category:Power Platform
Nummer:MC1180873
Status:stayInformed

We are announcing the ability to add and configure tool groups to agents in Microsoft Copilot Studio. This feature will reach general availability on November 20, 2025.

How does this affect me?
This feature introduces a streamlined workflow for adding Outlook and SharePoint actions to agents by curating action groups. Instead of manually selecting individual operations, makers can now add pre-curated sets of actions optimized for common scenarios in Outlook and SharePoint.

These action groups ensure agents use the most reliable and relevant tools, improving orchestration quality and minimizing errors.

What action do I need to take?
This message is for awareness, and no action is required.

Microsoft Purview | Insider Risk Management – Data security alert triage agent generally available
Category:Microsoft Purview
Nummer:MC1180884
Status:planForChange

Microsoft Purview Insider Risk Management (IRM) has reached General Availability for the Security Copilot alert triage agent. The agent helps analysts focus on the most urgent alerts by analyzing and prioritizing Insider Risk Management alerts. It also provides a summary of findings to help users quickly understand the risky activities that make an alert critical to review.

With this release, users can report miscategorized alerts and provide feedback on prioritization. Feedback is sent directly to Microsoft but is not used for agent memory. Additionally, the file risk section of the agent summary has been deprecated.

This message is associated with Microsoft 365 Roadmap ID 503764.

[When this will happen:]

General Availability (Worldwide): Rollout begins in late November 2025 and is expected to complete by mid-December 2025.

[How this affects your organization:]

Who is affected: Organizations using Microsoft Purview Insider Risk Management.
What will happen:
- The alert triage agent will be available by default; no action is required to enable it.
- Users will be able to submit feedback on alert prioritization directly to Microsoft.
- The file risk section in the agent summary will be deprecated.
- No changes to existing admin policies are required.

[What you can do to prepare:]

No action is required to enable the feature.
Access the alert triage agent on the Microsoft Purview portal.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Microsoft Viva Insights: Retirement of Export via Microsoft Graph Data Connect (MGDC)
Category:Microsoft Viva Microsoft Copilot (Microsoft 365)
Nummer:MC1180889
Status:planForChange

To streamline data export processes and improve security, Microsoft is retiring the Viva Insights export capability via Microsoft Graph Data Connect (MGDC). This change does not impact other export alternatives via Viva Insights.

When this will happen

Onboarding of new customers and scenarios to Viva Insights export via MGDC will stop 30 days from this announcement.
Existing customers will retain access to current MGDC data export pipeline until full retirement. Final timelines will be shared in future communications.

How this affects your organization

Who is affected: Organizations using Viva Insights export via Microsoft Graph Data Connect.

What will happen:

Starting in late November 2025, onboarding of new customers and Viva Insights datasets to MGDC will no longer be available.
Existing users will retain access to current datasets until full retirement.
Customers are encouraged to transition to supported export alternatives:

Viva Insights Power BI Connector to Microsoft Fabric

This connector allows you to export Viva Insights data into Microsoft Fabric for advanced analysis and reporting. Learn more:Export query data using the Power BI connector
All Viva Insights query types supported: Yes
Automated exports: Yes
Row-level data export: Yes
Charges: Yes (Fabric usage). Learn more: Dataflow Gen2 pricing for Data Factory in Microsoft Fabric
Setup: Refer to setup steps outlined in Export query data using the Power BI connector.
Access query results: Refer to Dataflow Gen2 data destinations and managed settings.

Flat file export option available.

CSV Export

Note: Customers who prefer a flat file export can use the CSV export feature. Learn more: Download and import results in Excel.

What you can do to prepare

If you are an existing MGDC customer, select an alternative export method.
To offboard from MGDC-based export:
1. Check access to output folders from previous runs.
2. Stop and delete all Data Factory Copy activity pipelines.
3. Delete MGDC app registrations.
4. MGDC admin should deselect “Viva Insights” from enabled datasets:
  - In Microsoft 365 Admin portal, go to Settings > Org settings.
  - Under Services, select Microsoft Graph data connect.
  - Deselect Viva Insights.

For additional questions, raise a support ticket.

Learn more:

Compliance considerations

Does the change alter how existing customer data is processed, stored, or accessed (e.g. documents, emails, chats, etc.), if so how and to what extent?	Yes. This change retires the Microsoft Graph Data Connect (MGDC) export method for Viva Insights, which alters how customers access and export their existing datasets. Customers must transition to alternative export methods such as the Power BI Connector or CSV export.
Does the change modify how users can access, export, delete, or correct their personal data within Microsoft 365 services (GDPR Data Subject Rights), if so summarize the changes?	Yes. The retirement of MGDC affects how users export personal data from Viva Insights. Users will need to use supported alternatives like the Power BI Connector or CSV export to access and manage their data.
Does the change include an admin control and, can it be controlled through Entra ID group membership?	Yes. Admins can manage dataset access by deselecting “Viva Insights” in the Microsoft Graph Data Connect settings within the Microsoft 365 Admin Portal. This control can be scoped using Entra ID group membership.
Does the change allow a user to enable and disable the feature themselves?	Yes. Admins can disable the MGDC export feature by offboarding and updating settings in the Microsoft 365 Admin Portal. End users cannot enable or disable the feature directly.

Workplace Patterns Report in Viva Glint with Viva Insights integration
Category:Microsoft Viva
Nummer:MC1180891
Status:planForChange

[Introduction]

We’re introducing the Workplace Patterns Report in Viva Glint—an integrated analytics report that combines Viva Insights workplace behavior data with employee sentiment from Viva Glint surveys. This feature enables HR analysts and administrators to uncover actionable relationships between how people work and how they feel, without needing custom analysis. It accelerates decision-making and supports meaningful actions across the organization.

This message is associated with Roadmap ID 489229.

[When this will happen:]

General Availability (Worldwide): Rollout will begin in late November 2025 and is expected to complete by mid-December 2025.

[How this affects your organization:]

Who is affected: Company-level Viva Glint administrators and HR analysts. Other roles may be granted access if permissions are extended.
What will happen:
- The report provides:
  - Integrated Analytics: Combines Viva Insights workplace habits data with Viva Glint survey sentiment to uncover actionable relationships between how people work and how they feel.
  - Automated Insights: Streamlines discovery of key patterns and sentiment drivers for HR analysts and admins, eliminating manual data sifting.
  - Role-Based Access: Available to company-level Glint admins; can be extended to other roles as needed, but designed for large population analysis.
  - Confidentiality & Data Requirements: Enforces strict confidentiality thresholds (minimum respondent counts) and requires sufficient data volume for reliable analysis.
  - Relationship Mapping: Highlights strongest associations between workplace metrics (e.g., after-hours work, collaboration hours) and survey items (e.g., work-life balance, burnout).
  - Interactive Drill-Downs: Allows users to click into relationships for detailed breakdowns by metric buckets, supporting deeper analysis.
  - Heatmap Visualization: Provides color-coded tables to show how sentiment scores vary across workplace metric groups.
  - Filtering & Customization: Enables filtering by survey items, categories, and Viva Insights metrics; supports benchmarking and comparison settings.
  - Actionable Guidance: Offers best practices for interpreting results, validating hypotheses, combining quantitative and qualitative feedback, and sharing insights with stakeholders.

[What you can do to prepare:]

Review prerequisites and setup instructions: Send Viva Insights data to Viva Glint | Microsoft Learn. This article contains:
- Prerequisites for the integration that powers the report
- Workflow to send Viva Insights data to Viva Glint
- Understand Confidentiality Thresholds
Role-based enablement and access: Viva Glint Reporting setup | Microsoft Learn. The Workplace Patterns Report is targeted at HR analysts and admins at the company level. Company-level Glint admins will have access to this report by default. Users from other roles do not automatically see this report unless permissions are specifically extended. As an admin, you can choose whether to enable this report for additional roles, but it’s recommended to enable for roles handling large populations to get meaningful insights.
Review the strategic playbook: Microsoft Viva Glint + Insights Playbook (PDF). Outlines strategic guidance for combining sentiment and work patterns data and illustrative examples of how this information provides insight value. Use this playbook to understand how to interpret combined Viva Insights and Viva Glint data to unlock deeper insights into your people’s experiences.
Communicate availability to HR teams and update internal documentation if needed.

[Compliance considerations:]

Consideration	Explanation
New customer data storage	Viva Insights data is sent to Viva Glint for analysis. Data is stored securely and subject to confidentiality thresholds.
Changes to data processing	Combines workplace behavior data with sentiment survey responses for integrated analysis.
Admin control	Admins can enable or restrict access based on role and population size.
Integration with 3rd party	Viva Insights and Viva Glint integration involves data exchange between Microsoft services.

The blogs of this day are:

Office 365 Roadmap Updated: 2025-10-28

Items from the MessageCenter in Microsoft 365

Leave a Comment Cancel Reply

Socials

Contact

© 2024 All rights reserved

The blogs of this day are:

Office 365 Roadmap Updated: 2025-10-28

Items from the MessageCenter in Microsoft 365

Related Posts

Leave a Comment Cancel Reply