Microsoft is retiring One-Time Passcode (SPO OTP) authentication and transitioning to Entra B2B guest accounts for external users. This ensures that SharePoint and OneDrive external collaboration is governed by the same security and compliance standards as internal access. SPO OTP method will be fully retired by August 31, 2026, following rollout beginning in May 2026.
Microsoft now allows admins to enforce a default expiration period for “People in your organization” sharing links in SharePoint Online and OneDrive. By configuring maximum and recommended expiration values, admins can prevent internal links from staying active indefinitely. This update helps reduce stale access while maintaining flexible and secure collaboration.
Starting March 3, 2026, Microsoft is introducing a completely reimagined SharePoint experience in Microsoft 365, designed to make collaboration smarter, faster, and more intuitive. The new experience features a redesigned app bar categorized into three core jobs - Discover, Publish, and Build along with AI-powered tools and a neutral theme.
Microsoft Entra Kerberos provides a simpler way to set up hybrid-joined devices by reducing the need for Microsoft Entra Connect or Active Directory Federation Services. By using cloud-based authentication with Microsoft Entra ID, organizations can streamline device onboarding and simplify hybrid deployments.
Tracking Microsoft 365 licenses can be challenging for many organizations. To simplify this, Microsoft introduced the Cloud Licensing beta API in Microsoft Graph (preview), giving admins and developers granular control. Instead of just showing a flat license count, it supports batch tracking, queuing users when licenses run out, and quickly identifying assignment errors.
Starting in late February 2026, Microsoft Teams Mobile (Android & iOS) will prompt users to choose between Edge and the default browser when opening non-Office and PDF links. While Microsoft presents this as a usability update, the flow clearly promotes Edge within the decision screen. It’s less forceful than before, but still a built-in nudge toward Microsoft’s browser. The feature is enabled by default for all tenants but can be disabled by admins via PowerShell.
Struggling to automate secure monitor manage M365?
Try AdminDroid for Free!One stop place for comprehensive Microsoft 365 security checklists, covering all services.
Explore how ConsentFix attack abuses trusted Microsoft 365 first-party app access and learn mitigations to prevent OAuth token misuse.
15 min read
Explore step-by-step methods to identify insecure RC4 usage in Active Directory Kerberos tickets and disable them to strengthen security.
16 min read
Discover 15 SharePoint permissions best practices to prevent unauthorized access, manage permissions efficiently, and stay in control.
13 min read
Learn how to prevent Teams sprawl with 10 proven strategies to improve governance and reduce security risks.
12 min read
Discover the top Microsoft 365 admin blogs of 2025, featuring the latest tips and best practices to help you manage your M365 environment.
15 min read
Explore the crucial Microsoft Teams governance strategies to improve collaboration and ensure compliant use of Teams across the organization.
11 min read
Cybersecurity Month wrap-up: Strengthen IT environments and secure Microsoft 365, Active Directory, hybrid, and AI platforms.
11 min read
Explore key strategies to safeguard employee personal data across apps, devices, and cloud services in modern hybrid workplaces.
8 min read
Local admin accounts can make or break security. Learn all risks and practical steps to secure local admins and protect devices from privilege abuse.
7 min read
Protect your remote work environment by implementing 11 remote desktop access best practices to prevent data leaks caused by unauthorized access.
8 min read
Learn how to defend against Microsoft hybrid identity attacks such as Entra Connect compromise, Pass-the-PRT, and more.
10 min read
Explore 10 best practices to secure admin accounts in a hybrid environment to reduce the attack surface & safeguard against evolving threats.
7 min read