Until now, organizations needed an Office 365 Extra File Storage add-on for additional SharePoint storage, which required fixed-capacity purchases that often led to unused costs. To address this, Microsoft has introduced a pay-as-you-go billing model for SharePoint storage in Microsoft 365. This allows organizations to pay only for the additional storage they consume beyond their included quota. In this blog, we’ll explore Microsoft’s pay-as-you-go SharePoint storage model and how it can help optimize costs.
The introduction of Device Soft Delete in Microsoft Entra ID (Public Preview) brings a much-needed recovery layer for device management. Instead of being permanently deleted, devices now move into a soft-deleted state, allowing admins a 30-day window to restore them when needed.
Starting in early June 2026, Microsoft Outlook will support external email tags within inbox rules, allowing users to automatically organize and categorize external emails for improved prioritization.
Microsoft has integrated the Power Automate workflow experience directly into SharePoint Online. This allows users to view, create, and manage workflows without leaving the SharePoint site interface. This also introduces a context-aware “Mad-Lib” style automation experience that automatically prefills trigger inputs such as SharePoint sites, lists, and libraries to simplify workflow creation.
Storm-2949 is a sophisticated identity-based attack campaign where a single compromised Microsoft 365 account can lead to wider access across Microsoft 365 and Azure environments. Instead of relying on malware, the attackers abused trusted Microsoft services, MFA workflows, tokens, and permissions to silently move deeper into the environment.
The new Security Detection Report in the Teams admin center helps admins monitor messaging threats across Teams, including impersonation attempts, malicious links, and weaponizable file types. Available from late June 2026, it enables admins to review threats, export detection details, and block malicious external users identified in the report.
Struggling to automate secure monitor manage M365?
Try AdminDroid for Free!One stop place for comprehensive Microsoft 365 security checklists, covering all services.
Discover best practices for Active Directory break glass accounts to ensure secure and reliable access during critical incidents.
11 min read
Discover the top Microsoft 365 security settings you should disable to reduce risks, prevent data exposure, and strengthen tenant security.
16 min read
Explore how ConsentFix attack abuses trusted Microsoft 365 first-party app access and learn mitigations to prevent OAuth token misuse.
15 min read
Explore step-by-step methods to identify insecure RC4 usage in Active Directory Kerberos tickets and disable them to strengthen security.
16 min read
Discover 15 SharePoint permissions best practices to prevent unauthorized access, manage permissions efficiently, and stay in control.
13 min read
Learn how to prevent Teams sprawl with 10 proven strategies to improve governance and reduce security risks.
12 min read
Discover the top Microsoft 365 admin blogs of 2025, featuring the latest tips and best practices to help you manage your M365 environment.
15 min read
Explore the crucial Microsoft Teams governance strategies to improve collaboration and ensure compliant use of Teams across the organization.
11 min read
Cybersecurity Month wrap-up: Strengthen IT environments and secure Microsoft 365, Active Directory, hybrid, and AI platforms.
11 min read
Explore key strategies to safeguard employee personal data across apps, devices, and cloud services in modern hybrid workplaces.
8 min read
Local admin accounts can make or break security. Learn all risks and practical steps to secure local admins and protect devices from privilege abuse.
7 min read
Protect your remote work environment by implementing 11 remote desktop access best practices to prevent data leaks caused by unauthorized access.
8 min read