Microsoft 365: Upcoming Changes and End-of-Support Milestones

Last updated: February 2026

Join us in this blog as we explore the dynamic world of Microsoft 365. 🌟 We’ll shed light on the features and products that are undergoing transformations or bidding farewell. Whether you’re a system administrator 🧑‍💻 managing the Microsoft 365 environment or an avid user 🙋‍♂️ staying ahead of the curve, this blog will provide invaluable insights and actionable recommendations.

🚀Discover the key changes, deprecations, and end-of-support scenarios that require your attention. From deprecated features to configuration modifications and essential upgrade plans, we’ve got you covered! Make informed decisions and ensure a smooth transition.⚡️

Note: Interested in exploring past month’s features and deprecations? Look no further! You can find a comprehensive history of all the changes in our GitHub repository.

Here is a list of changes categorized by month and yea

• Feb 2026 (Retirements: 2, New Features: 10, Enhancements: 3, Existing Functionality Changes: 2, Action Needed: 1)
• Mar 2026 (Retirements: 2, New Features: 10, Enhancements: 3, Existing Functionality Changes: 2, Action Needed: 1)
• Q2 2026 (Attention Needed: 13)
• Q3 2026 (Attention Needed: 6)
• Q4 2026 (Attention Needed: 6)
• 2027 (Attention Needed: 4)

Retirements: 6 | New Features: 13 | Enhancements: 5 | Existing Functionality Changes : 3 | Action Needed: 4

Microsoft is completing a major update to Microsoft Planner, with the new experience becoming fully available to all users by mid-February 2026. This update introduces new capabilities such as task chats and custom templates. Once the rollout is complete, several existing Planner features will be retired and will no longer be accessible.

Features being retired:

• Legacy task comments (replaced by task chat)

• Whiteboard tab for premium plans

• Planner component in Loop pages

• Planner integration with Viva Goals

• iCalendar feed for Planner tasks

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1193421

Microsoft retires the endpoint-sensitive data alerting in the Microsoft Defender portal and moves this functionality entirely to Microsoft Purview DLP. From February 16, 2026, new Defender alert policies can no longer be used to monitor endpoint sensitive data activities.

Solution: Re-create required alerting using Microsoft Purview DLP policies by February 15, 2026.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1217649

Microsoft will retire the custom greeting feature for voice call MFA by February 28, 2026. After this date, voice call authentication will use Microsoft’s default voice recordings.

Solution: Prepare users for the transition to Microsoft’s default voice greetings.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1219798

Microsoft will retire the Designer bot and Designer banners in Microsoft Teams by February 27, 2026. After this change, users will no longer be able to use the Designer bot in chats or create channel announcement banners with Designer.

Solution: Organizations should transition image generation workflows to Copilot in Microsoft Teams going forward.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1197104

Starting early February 2026, Microsoft will introduce two new Microsoft Graph APIs to manage Copilot agents and apps:

1. GET graph.microsoft.com/copilot/admin/catalog/packages
   Returns a full inventory of all Copilot agents and apps available in the tenant, including Microsoft-built, third-party (external), shared, and custom packages.
   

2. GET graph.microsoft.com/copilot/admin/catalog/packages/{id}
   Returns detailed information of a specific Copilot agent or app, including its manifest, configuration, and related metadata.

These APIs enable automated reporting and integration for admins managing Copilot agents and apps across Microsoft 365, with no additional license requirements.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1173195

Microsoft is introducing a new built-in RBAC role in the Teams admin center called Teams External Collaboration Administrator. Admins assigned to this role can manage external access policies to allow/block external domains and external access settings for federated domains.

This role allows delegated admins to manage external collaboration settings via PowerShell without requiring full Teams administrator permissions, making it well suited for scoped delegation scenarios.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1215071

Microsoft introduced Content Security Policy (CSP) in SharePoint as a browser-level security standard that controls which scripts, styles, images, and other resources a site is allowed to load. If a resource isn’t explicitly approved, the browser blocks it. This helps protect SharePoint sites from threats like cross-site scripting (XSS), clickjacking, and other code injection attacks. This CSP will be in report-only mode starting Feb 29, 2026.

Ref: https://techcommunity.microsoft.com/blog/spblog/sharepoint-online-content-security-policy-csp-enforcement-dates-and-guidance/4472662

Teams will soon allow users to chat with external contacts using their email addresses, even if those contacts do not have a Teams account. External users will receive an invitation to join as guests. This experience, which will be in General availability follows your organization’s B2B Guest policy and will be enabled by default.

Admins can disable chat with anyone using an email address by setting UseB2BInvitesToAddExternalUsers as false in Set-CsTeamsMessagingPolicy cmdlet.

Ref: https://admin.cloud.microsoft/?ref=MessageCenter/:/messages/MC1182004

Microsoft Purview Data Risk Assessments is expanding its capabilities to include item-level investigations for SharePoint content.

With this update, admins can drill down into individual items to view key details such as applied sensitivity labels and existing sharing links, making it easier to detect and assess overshared content. From the same experience, admins can take direct remediation actions including,

• Resolving findings

• Notifying users

• Applying sensitivity labels

• Removing sharing links

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?id=523202

Beginning February 5, 2026, Microsoft Defender XDR will activate built-in alert tuning rules that automatically process selected low-severity and informational alerts from Microsoft Defender for Office 365.

This update introduces 12 predefined rules that leverage Automated Investigation and Response (AIR) to triage alerts in the background. Alerts that require analyst attention are automatically reopened and returned to the queue. In multi-tenant environments, settings can be centrally managed and distributed using the Multi-Tenant Management (MTO) portal.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1222979

Microsoft is introducing a Paid Extended Service Term (EST) for direct Microsoft 365 subscriptions under the Microsoft Customer Agreement, effective February 9, 2026.

EST replaces the automatic grace period and allows customers to extend services on a monthly, paid basis with a 3% prorated premium, ensuring uninterrupted access while renewal decisions are finalized.

When a subscription reaches the end of its term, customers can:

• Renew on time to continue without disruption

• Extend the service using the paid EST

• Cancel the subscription, with data retained for 90 days before deletion

This applies to Microsoft purchases or renewals made directly on or after February 9, 2026.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1216259

Microsoft is extending Teams external user management into Microsoft Defender, allowing security teams to block external users directly from the Tenant Allow/Block List.

Admins can block up to 4,000 domains and 200 email addresses, with full audit logging and no impact on existing Teams configurations. To enable this capability, the following settings must be turned on by navigating to Teams admin center > ‘External collaboration’ section > External access.

• Block specific users from communicating with people in my organization

• Allow my security team to manage blocked domains and blocked users

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1200058

Microsoft is simplifying external collaboration settings across chats, calls, meetings, Teams, and shared channels. This update reaches general availability in mid-February 2026 and introduces a new interface with three predefined collaboration modes:

• Open: Allows chats, calls, and meetings with all external domains and Teams personal accounts via federation or external access.

• Controlled: Matches the current default for enterprise and EDU tenants and blocks shared channel collaboration.

• Custom: Allows complete customization of external collaboration settings across all Teams surfaces.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1183006

Microsoft Purview eDiscovery (Premium) will introduce a new tenant-level process report. Admins and users with eDiscovery Manager roles can use this report to centrally monitor and manage all eDiscovery processes. This enhancement provides faster operational oversight, clear end-to-end visibility, and improved tracking of eDiscovery activities across the tenant. Also, this feature will be enabled by default.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1225187

Microsoft Purview Insider Risk Management will introduce new pre-built templates to help detect potential data theft involving non-Microsoft 365 data sources.

These templates help identify risky activities across platforms such as Microsoft Fabric, Box, Dropbox, Azure, and AWS, particularly for:

• Users leaving the organization

• Users whose accounts have been deleted in Microsoft Entra ID

This feature is not enabled by default.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1221449

Microsoft is introducing soft deletion support for cloud security groups. Deleted groups can be restored for up to 30 days, along with their settings, membership, and properties. Audit logs will track deletion, restoration, and hard deletion events.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1183299

Microsoft is enabling centralized SharePoint site branding management using PowerShell. Tenant admins can apply enterprise themes, enable or disable custom branding for specific sites, audit branding changes, and apply branding during site creation.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1186372

Microsoft Purview will map certain high-privileged Purview admin roles to new roles in Microsoft Entra such as Purview Workload Content Reader, Purview Workload Content Writer, and Purview Workload Content Administrator.

Role assignments will sync automatically, and admins will receive the appropriate Entra role based on their Purview permissions. These roles should not be assigned directly in Entra, as Purview manages and overwrites them. Admins may also see new Purview-specific Entra roles in audit logs.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1199765

Currently, only users with licenses such as Microsoft 365 E3/E5/A3/A5, Business Standard, Business Premium, or Microsoft 365 Copilot can create Loop workspaces.

Microsoft is expanding this capability so that other users (for example, Office 365 E1/E3/E5 and Microsoft 365 F1/F3) can create Loop workspaces if they have OneDrive or SharePoint storage. Admins who want to prevent workspace creation can configure a cloud policy with the setting:
“Create Loop workspaces in Loop” = Disabled.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1217996

Currently, the ability to report suspicious Teams messages was limited to users of Microsoft Defender for Office 365 Plan 2. Microsoft is now expanding this capability to customers with Microsoft Defender for Office 365 Plan 1

Also, users can report Teams messages as:

• Security risks (phishing, malware, or malicious content)

• Not a security risk (false positives)

This enhancement helps security teams detect, investigate, and respond to threats across Teams chats, channels, and meetings while strengthening overall Defender protection.

Ref: https://admin.microsoft.com/#/MessageCenter/:/messages/MC1219788

Following the introduction of app support for shared channels, Microsoft is extending the same capability to private channels. Apps such as bots, tabs, and message extensions can now be added to private channels, expanding beyond the earlier limited set of supported tabs.

Apps must be configured at the channel level, as team-level app settings do not apply to shared or private channels. This capability will reach general availability by late February, will be enabled by default.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1197145

Microsoft will enhance the Microsoft Authenticator app with jailbreak and root detection capabilities for Entra credentials on both iOS and Android platforms. Once this feature is active, Entra credentials on jailbroken or rooted devices will stop functioning. And any existing ones will be automatically wiped for security reasons.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1179154

Microsoft Entra will remove “Revoke multifactor authentication sessions”, which applied only to per-user MFA, and replace it with “Revoke sessions” in February 2026. The new Revoke sessions action will invalidate all active user sessions, including MFA, regardless of whether MFA is enforced through Conditional Access or per-user policies.

Ref: https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#plan-for-change—update-to-revoke-multifactor-authentication-sessions

Microsoft is simplifying Teams meeting URLs to improve sharing. The new format includes only the meeting ID and a hashed passcode, removing tenant and organizer details.

New format:
https://teams.microsoft.com/meet/<meeting_id>?p=<HashedPasscode>

This change will roll out to GCC High and DoD environments by February 2026.

Ref: https://admin.microsoft.com/Adminportal/Home#/MessageCenter/:/messages/MC772556

Microsoft is updating the string format of certain database-related properties returned by Exchange Online PowerShell cmdlets. This change reduces unnecessary data retrieval and improves service consistency.

Example (Get-Mailbox output):

• Before:
  Database : APCP153DG038-db080

• After:
  Database : APCP153.PROD.OUTLOOK.COM/7ad9dea1-26b7-4088-ad73-708c219faff6

This change applies only to Exchange Online. On-premises Exchange environments are not affected.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1108848

The Exchange Online Moderation feature allows moderators to approve or reject messages before they’re sent. Currently, this can only be done in Outlook Desktop or Outlook on the web. With the new update using Actionable Messages, moderators can now approve or reject moderated messages from any Microsoft email client, including Outlook for Windows, Mac, iOS, and Android.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?searchterms=492743

When performing a direct export from an eDiscovery case, Microsoft packages the selected data into a secure, temporary container for download. Starting February 16, 2026, these export containers will expire 14 days from the date of creation, and the exported data will be automatically deleted. This change improves both storage efficiency and security.

This update applies only to exports created after February 16, 2026. Exports created before this date and exports from Review Sets are not affected.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1217141

Review sets store and analyze collected data such as emails, documents, and Teams messages, while case-level data sources define shared locations used across searches.

Starting February 16, 2026, modern eDiscovery Content Search cases will no longer support review sets and case-level data sources. These capabilities will remain available in dedicated non-Content Search eDiscovery cases, which should be used when structured reviews and centralized data scoping are required.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1216266

Microsoft began a gradual rollout of MFA enforcement for Microsoft 365 admin center sign-ins in February 2025. From February 2026 onward, MFA enforcement is active, and users will no longer be able to sign in to Microsoft 365 admin center without completing MFA.

Solution: Admins should enable MFA now to avoid access issues and ensure all users have valid MFA methods configured.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1215070

Exchange Online will block devices using Exchange ActiveSync (EAS) versions below 16.1 starting March 1, 2026, to improve security and reliability. Devices running older EAS versions will no longer connect, while Outlook Mobile is not affected.

Solution: Use the Get-MobileDevice PowerShell command to identify devices running unsupported EAS versions and prompt users to upgrade before enforcement.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1197103

From March 2026, Microsoft will retire the Featured Links capability in SharePoint Online. Admins will no longer be able to create, edit, update, or access Featured Links. As part of this change, existing Featured Links will be removed from the SharePoint Online start page and the mobile app.

Solution: Highlight important sites and content using alternatives such as global navigation links or Viva Connections Resources.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1197131

Microsoft Defender for Android will end support for devices running Android 10. Starting January 5, 2026, Android 11.0 or later will be required to receive updates, security patches, and new features.

Action Required: Advise users to upgrade their devices to Android 11.0 or later.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1222977

Microsoft Defender for Android will stop protecting personal profiles on enrolled devices and will focus exclusively on work profiles.

This change improves corporate security while preserving user privacy and requires no action from admins or users. Work profiles and unenrolled devices are not affected.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1221927

External access tokens for actionable messages will be retired on March 31, 2026, and organizations must transition to Microsoft Entra authentication to ensure continued functionality. After this date, any actionable message relying on external tokens will fail. This change strengthens security and aligns with modern identity standards.

Solution: Organizations using actionable messages should review their current implementations and update all integrations to Microsoft Entra authentication before the deadline to avoid disruptions.

Ref: https://learn.microsoft.com/en-us/outlook/actionable-messages/

Microsoft Teams will roll out a new External Domain Anomalies report in March 2026. The report helps admins detect unusual or risky external interactions by flagging spikes, new domains, and abnormal communication patterns. This provides early visibility into potential data sharing and security risks.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?id=536572

Microsoft Entra ID has introduced Account Recovery to help users regain access when all registered authentication methods are unavailable. The recovery flow is secured with Conditional Access policies and will be available in public preview in March.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?id=529855

Starting March 2026, Microsoft Purview will support a new Data Loss Prevention (DLP) rule action that triggers custom Power Automate workflows when a policy match occurs.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?id=380721

Microsoft 365 Archive will support file-level archiving in SharePoint, enabling more granular retention and storage control. This feature enters the public preview in March 2026.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?id=477371

Admins will be able to configure longer-term retention for Microsoft 365 backups, allowing data storage beyond one year. This feature will be available in preview by March 2026.

Ref: https://www.microsoft.com/en-us/microsoft-365/roadmap?id=481834

Information Barriers v2 (IB v2) will be available by default for all new onboarding tenants. It supports up to 5,000 segments, allows users to be in up to 10 segments, and offers flexible user discoverability while enforcing IB policies.

Existing IB v1 tenants must opt in to upgrade to IB v2 to use these new capabilities. This update applies only to IB v1 customers.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?id=402516

Microsoft Teams will introduce a feature that automatically sets users’ work locations when they connect to the organization’s Wi-Fi or certain peripherals. This helps deliver location-based experiences without manual input. The feature will be disabled by default. Tenant admins will have the option to enable it and will require end-user consent to proceed.

Ref: https://www.microsoft.com/en-US/microsoft-365/roadmap?filters=&searchterms=488800

Microsoft Entra ID will bring passkey profiles and synced passkeys to general availability starting March 2026. This update gives admins the option to enable a new passkey profiles experience that supports group-based passkey assignments and introduces a passkeyType property to improve management and customization.

Tenants that do not opt in during the rollout window will be automatically migrated, with existing FIDO2 and passkey settings preserved and moved into a default passkey profile. Microsoft-managed registration campaigns will also update target passkeys where synced passkeys are enabled.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1221452

Microsoft is introducing Brand Impersonation Protection for Teams calling. This feature detects and warns users about fraudulent external callers impersonating trusted organizations.

Users will see a warning and can choose to accept, block, or end the call. The feature will be enabled by default and will evaluate incoming VoIP calls from first-time external callers.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1219793

Microsoft is introducing a new voice and face enrollment dashboard in the usage reports of the Teams admin center. The dashboard gives admins visibility into user voice and face enrollment used by AI-powered features such as speaker attribution, voice isolation, and face-based room experiences.

Admins can view enrollment status and related metrics. They can also permanently delete voice or face enrollment data for individual users or in bulk, improving data control and compliance.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1191921

Microsoft is adding a rule-based configuration option in the Teams admin center to simplify app management. With this update, administrators can control Microsoft 365 certified third-party apps in bulk from the Org-wide settings section. Also, app availability can be determined using publisher information and permission scopes.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1085133

Microsoft Purview will introduce the Data Security Posture Agent to continuously discover sensitive data and assess data risks across the environment.

The agent uses AI to analyze content intent and meaning, delivering clearer insights and summaries that help security teams quickly identify risks and take corrective actions. It will be out for general availability by mid-Mar 2026.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1217155

Microsoft is expanding Organizational Messages to support Entra ID Hybrid-joined devices in addition to fully cloud-joined devices. This allows organizations to deliver customized messaging to a wider range of enrolled endpoints.

Ref: https://www.microsoft.com/en-US/microsoft-365/roadmap?filters=&searchterms=503564

Organizational messages currently support delivery through Windows Taskbar, Notifications, Spotlight, and Teams popovers. Microsoft is adding email as a delivery channel, enabling admins to send tenant-wide informational messages via email.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?searchterms=503562

Microsoft is expanding DLP support to Microsoft 365 Copilot. Admins can configure DLP policies to block Copilot responses when prompts involve sensitive data from Microsoft 365 or the web.

This helps prevent data leakage and strengthens compliance controls across Copilot interactions.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?searchterms=515945

Before March 27, 2026, Conditional Access policies targeting All resources with exclusions were not consistently enforced for apps requesting limited scopes, such as OIDC. This allowed users to sign in without meeting requirements like MFA, even when the app was not explicitly excluded.

Starting March 27, 2026, these policies will be enforced consistently for all apps, ensuring users must complete required authentication and access controls unless an app is explicitly excluded.

Ref: https://techcommunity.microsoft.com/blog/microsoft-entra-blog/upcoming-conditional-access-change-improved-enforcement-for-policies-with-resour/4488925

Microsoft introduced the Microsoft Entra ID Governance guest billing meter last year. Starting March 31, 2026, guest-related governance features will require an Azure subscription to be linked.

This requirement applies to access reviews scoped to guest users, including:

• Inactive user reviews

• User-to-group affiliation helper reviews

Without a linked Azure subscription, admins will be blocked from creating or updating guest-scoped governance policies.

Ref: https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#general-availability—entra-id-governance-guest-billing-meter-enforcement

Currently, enabling email notifications in DLP policies for SharePoint and OneDrive also forces policy tips to be enabled, and vice versa. With this update, admins will be able to configure policy tips and email notifications independently, providing more flexibility in how alerts are managed.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC791114

The Require approved client app control in Azure Active Directory (Azure AD) Conditional Access will be retired and no longer enforced.

Solution: You can make use of the “Require app protection policy” control, which has all the same capabilities

Ref: https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-change-announcements-march-2023-train/ba-p/2967448

The retirement deadline for Office 365 Connectors in Microsoft Teams has been extended to March 31, 2026, giving organizations additional time to migrate.

Solution: Plan and complete the transition from Office 365 Connectors to Workflows webhooks to avoid disruption.

Ref: https://devblogs.microsoft.com/microsoft365dev/retirement-of-office-365-connectors-within-microsoft-teams/

Microsoft will retire the legacy CDN domain publiccdn.sharepointonline.com by late April 2026. Organizations must update any hardcoded references to the new domain public-cdn.sharepointonline.com to avoid broken links or 404 errors.

Solution: Complete validation and updates before March 31, 2026, for uninterrupted access to SharePoint resources.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1184996 v/retirement-of-office-365-connectors-within-microsoft-teams/

Previously, cross-tenant synchronization supported only users. Microsoft is now extending this capability to security groups in Microsoft Entra, allowing centralized group management and cross-tenant access.

The feature will enter general availability by late-April and requires admin opt-in with configured attribute mappings and access policies.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1198077

Starting April 2026, SharePoint Online will retire several legacy compliance and records management features, including Information Management Policies, In-Place Records Management, and deletion-only policies for documents and site closure. These features will no longer be supported or accessible through the UI or APIs.

Solution: Organizations should migrate to modern Microsoft Purview capabilities, including Data Lifecycle Management and Purview Records Management.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1211579

As AI agents become more common in Microsoft 365, associated risks also continue to rise. Microsoft will extend Insider Risk Management to cover AI agents, enabling admins to define policies specifically for agent-driven activities. This enhancement helps detect, flag, or block risky behaviors when AI agents access sensitive data or perform high-risk actions across platforms like Copilot Studio, Azure AI Foundry, and Agent 365.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?filters=&searchterms=516032

Effective April 1, 2026, Microsoft is updating Teams and Places licensing to bring several high-value features directly into core Teams Enterprise licenses, making collaboration, space management, and large-scale events easier for all users:

• Microsoft Places Explorer and Places Finder for end-users → now included in licenses with Teams/Outlook calendar (E3/E5, Business, Exchange Online, etc.)

• Teams Shared Space license → renamed and expanded; admins get space management + analytics; 4 desks per license.

• Town halls & webinars → advanced features now available for all Teams Enterprise users, up to 3,000 interactive attendees (10,000 view-only)

• New Attendee pack add-ons → extend town hall capacity from 5,000 up to 100,000 participants.

Ref: https://techcommunity.microsoft.com/blog/microsoftteamsblog/licensing-updates-extend-access-to-advanced-capabilities-in-microsoft-teams-and-/4488312

Microsoft 365 Enterprise users will automatically switch to the new Outlook for Windows, gaining access to modern features like Copilot, theming, and time-saving options such as Pinning and Snoozing emails. A toggle will be available for users to revert to the classic Outlook. Admins can prevent this automatic migration via cloud policy.

Ref: https://admin.microsoft.com/#/MessageCenter/:/messages/MC949965

SharePoint 2013 workflows will no longer be supported.

Solution: You can move to Power Automate or other supported solutions.

Ref: https://admin.microsoft.com/?ref=MessageCenter/:/messages/MC542767

SharePoint Add-Ins will stop working for existing tenants from April 2nd, 2026.

Solution: Admins can run the Microsoft 365 Assessment tool to scan their tenants for SharePoint Add-In usage.

Ref: https://admin.microsoft.com/?ref=MessageCenter/:/messages/MC693865

After April 2, 2026, existing tenants using Azure ACS for custom or third-party app access in SharePoint Online will no longer function due to its retirement.

Solution: Admins can utilize the Microsoft 365 Assessment tool to scan the tenants for any usage of Azure Access Control Service (ACS) and migrating from Azure ACS to Microsoft Entra ID.

Ref: https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/retirement-announcement-for-azure-acs

From Apr 02, 2026, the domain isolated web part feature will be fully retired. Organizations using this feature will receive an error message.

Solution: Update your domain isolated web parts to regular web parts and redeploy them to ensure continued functionality.

Ref: https://devblogs.microsoft.com/microsoft365dev/retiring-sharepoint-framework-domain-isolated-web-parts-for-sharepoint-online/

Microsoft will introduce Microsoft Graph API support for Message Trace in public preview starting April 5, 2026.

Organizations currently relying on the Reporting Web Service API for Message Trace should begin transitioning to this Graph API, as the Reporting Web Service API will be deprecated.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1221939

Microsoft is introducing Entra ID Account Recovery, a new advanced recovery feature that helps users regain access to organizational accounts if they lose all registered authentication methods. Unlike a standard password reset, this feature securely verifies the user’s identity and re-establishes trust before allowing new authentication methods to be set up.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?filters=&searchterms=529856

Previously, retention policies could delete content based on conditions such as ‘When items were created’ or ‘When items were last modified’. Microsoft is now enhancing Data Lifecycle Management by introducing a new “When items were last accessed” condition for retention policies.

This feature allows admins to manage and automatically clean up OneDrive and SharePoint content based on access history. It improves storage hygiene and helps optimize Microsoft 365 Copilot responses.

Ref: https://admin.microsoft.com/Adminportal/Home#/MessageCenter/:/messages/MC999442

Microsoft is retiring the legacy IDCRL (Identity Client Run Time Library) authentication protocol in SharePoint and OneDrive for Business as part of the Secure Future Initiative. Legacy authentication will be permanently blocked beginning May 1, 2026, with modern OpenID Connect and OAuth protocols taking precedence.

Solution: Organizations should transition to modern authentication as soon as possible.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1184649

Admins will have the ability to permanently delete sensitive Exchange mailbox content, bypassing retention policies and eDiscovery holds. This will be possible through the “Priority Cleanup Administrator” role, which grants authorized users’ permission to initiate Priority Cleanup for Exchange, allowing exceptions to standard retention and legal hold policies.

Since this process is irreversible and overrides existing policies, Microsoft has built-in approvals and special auditing for security.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?filters=&searchterms=392838

Microsoft is retiring the Sway Windows desktop app to streamline app management and focus on a single, fully supported web platform.

Solution: Users should switch to the web version at sway.cloud.microsoft, which provides the same features, preserves all content, and offers improved accessibility and updates.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1213784

Microsoft plans to make the Adaptive Protection and Data Lifecycle Management (DLM) integration generally available by late June 2026. This integration allows administrators to retain or restore items deleted by high-risk users, providing better safeguards against insider threats and accidental data loss.

Ref: https://admin.microsoft.com/Adminportal/Home#/MessageCenter/:/messages/MC791110

Microsoft is finalizing the rollout of Unified App Management for Teams, Outlook, and the Microsoft 365 app. This update simplifies app management by consolidating the separate admin experiences into a single, centralized management interface. The unified experience will be fully available to all organizations by the end of June 2026.

Ref: https://admin.microsoft.com/Adminportal/Home#/MessageCenter/:/messages/MC796790

To modernize Viva Connections, Microsoft will retire the Assignments and Courses adaptive card extensions (ACEs) and their SharePoint dashboard web parts for Education tenants. These SPFx components currently surface assignment and course information on the dashboard, and their removal aims to reduce redundancy and streamline the user experience. Also, the existing components will reach the end of support on June 30, 2026.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1184647

Microsoft will block Exchange Web Services access for mailboxes that do not include EWS usage rights starting June 30, 2026. After enforcement, requests made without a supported license will return an HTTP 403 error. Impacted licenses include Exchange Online Kiosk, Microsoft 365/Office 365 F1, and F3.

Solution: To continue using EWS, assign a license that includes EWS access, such as Exchange Online Plan 1 or 2 or Microsoft 365 E3/E5.

Ref: https://techcommunity.microsoft.com/blog/exchange/update-to-ews-access-for-kiosk–frontline-worker-licensed-users/4474299

Starting July 1, 2026, Microsoft will implement a global price increase across all Microsoft 365 plans. Prices will increase by 5% to 33%, depending on the SKU. The increase reflects ongoing investments in AI capabilities, security enhancements, and advanced management features.

Alongside the price increase, Microsoft is adding value to select plans:

• Microsoft 365 Business Premium will receive an additional 50 GB of email storage at no extra cost.
• Advanced Microsoft Intune capabilities will be included with Microsoft 365 E3 and E5 subscriptions.
• Microsoft will include Security Copilot in E5 subscriptions at no additional cost.

Ref: https://www.microsoft.com/en-us/microsoft-365/blog/2025/12/04/advancing-microsoft-365-new-capabilities-and-pricing-update/

InfoPath Client 2013 will reach the end of its extended support period on July 14, 2026, and to keep an aligned experience across Microsoft products, InfoPath Forms Service will be retired from SharePoint Online.

Solution: To understand the usage of InfoPath within your organization, you can utilize the Microsoft 365 Assessment tool to scan your tenant and analyze InfoPath usage. If you are currently using InfoPath, you can initiate the migration process to modern alternatives such as Power Apps, Power Automate, or Forms.

Ref: https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/support-update-for-infopath-forms-services-in-microsoft-365/ba-p/3858190

Microsoft will discontinue support for SharePoint Alerts. Existing alerts can no longer be modified and will eventually stop functioning.

Solution: Microsoft recommends migrating SharePoint Alerts to Power Automate or SharePoint Rules. Use the Microsoft 365 Assessment tool to review alerts and plan the move.

Ref: https://support.microsoft.com/en-us/office/sharepoint-alerts-retirement-813a90c7-3ff1-47a9-8a2f-152f48b2486f

Microsoft Defender Threat Intelligence will merge with Microsoft Defender and Microsoft Sentinel by August 1, 2026, bringing threat intelligence directly into the SecOps workflow. After the transition, threat insights will be available through the Microsoft Defender portal, with enhanced Threat Analytics that include:

• Indicators of Compromise (IoCs) integrated into reports
• MITRE ATT&CK mappings for tactics and techniques
• Insights into threat actors and targeted industries
• IoCs linked to cases for Microsoft Sentinel customers

After August 1, 2026, accessing MDTI capabilities will require an active Microsoft Defender or Microsoft Sentinel license.

Solution: Plan your transition to Microsoft Defender or Microsoft Sentinel before the deadline and review licensing to ensure uninterrupted access to MDTI capabilities.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1192257

Read Aloud, Transcription, and Dictation features in Microsoft 365 Office apps will stop working on versions earlier than 16.0.18827.20202 because of backend upgrades. This change takes effect after September 2026 for Worldwide tenants and November 2026 for GCC, GCC High, and DoD environments.

Solution: Update all Office apps to 16.0.18827.20202 or later before the deadline.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1127222

Microsoft is retiring legacy Education LTI tools (Teams Assignments, OneDrive, OneNote Class Notebook, Reflect) on September 17, 2026, replacing them with a unified Microsoft 365 LTI tool. Users and admins will need to transition to the Microsoft 365 LTI unified tool.

Ref: https://admin.microsoft.com/Adminportal/Home#/MessageCenter/:/messages/MC1160188

Microsoft is introducing Just-in-Time protection for SharePoint in Microsoft Purview Data Loss Prevention in preview.

With this feature, organizations can automatically apply DLP restrictions to unclassified files when they are accessed or shared externally. Instead of restricting files in advance, JIT protection enforces security measures only when there is a risk of data leaving the organization.

Ref: https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=139457

October 1, 2026, Microsoft will start blocking EWS requests from non-Microsoft apps to Exchange Online. The changes in Exchange Online do not affect Outlook for Windows or Mac, Teams, or any other Microsoft product.

Solution: Migrate your applications to Microsoft Graph to access Exchange Online data and gain access to the latest features and functionality.

Ref: https://techcommunity.microsoft.com/t5/exchange-team-blog/retirement-of-exchange-web-services-in-exchange-online/ba-p/3924440

User risk policy or Sign-in risk policy UX in Entra ID Protection (formerly Identity Protection) will be retired on October 1, 2026.

Solution: Migrate Sign-in risk and User risk policies to Conditional Access.

Ref: https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/what-s-new-in-microsoft-entra/ba-p/3796395

In October 2026, Microsoft will discontinue Publisher in Microsoft 365, with on-premises suite support ending. While support lasts, they’re exploring modern alternatives across Word, PowerPoint, and Designer for common Publisher tasks, with updates forthcoming.

Ref: https://admin.microsoft.com/?ref=MessageCenter/:/messages/MC716267

Microsoft Entra ID is enforcing a stricter Content Security Policy (CSP) for sign-ins starting mid-October 2026. Only trusted Microsoft scripts will be allowed, blocking injected code to reduce XSS risks. This applies to browser-based sign-ins on login.microsoftonline.com and does not affect Entra External ID tenants.

Solution: If you use tools or extensions that inject code, switch to non-injecting alternatives and test sign-in flows before CSP enforcement begins.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1191924

Microsoft will retire Microsoft Entra Privileged Identity Management Iteration 2 (beta) APIs on October 28, 2026. After this date, applications and scripts using these APIs will fail because the endpoints will no longer return data.

Solution: Migrate to the Iteration 3 (GA) APIs, which are fully supported and more reliable. Stop new development on Iteration 2 APIs and begin migration planning.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1181281

Starting in December 2026, organizations will be able to select how long Message Trace data is retained by choosing from a set of predefined retention periods. This enhancement gives admins greater flexibility to align log retention with their compliance, audit, and operational requirements.

Ref: https://www.microsoft.com/en-in/microsoft-365/roadmap?id=542929

SMTP AUTH Basic Authentication will be disabled by default for existing tenants by Dec end, though admins can enable it if required.

Solution:

• Migrate applications and devices to OAuth-based authentication.

• Use alternatives such as High-Volume Email for Microsoft 365, Azure Communication Services for Email, or an on-premises Exchange.

Ref: https://techcommunity.microsoft.com/blog/exchange/updated-exchange-online-smtp-auth-basic-authentication-deprecation-timeline/4489835

Dynamics 365 Guides and Dynamics 365 Remote Assist will retire on December 31, 2026. After this date, the products will no longer receive security updates, bug fixes, or technical support.

Solution: Customers should plan their transition early by identifying dependent users and scenarios. Explore alternative mixed reality solutions available in the Microsoft Marketplace, and consider Microsoft Teams Mobile with spatial annotation for certain remote collaboration use cases.

Ref: https://learn.microsoft.com/en-us/lifecycle/announcements/dynamics-365-guides-remote-assist-end-of-support

Microsoft will disable Basic Authentication with Client Submission (SMTP AUTH) by default starting January 2027. OAuth will be the supported authentication method.

Proactive Steps:

• Move applications and devices to OAuth-based authentication for SMTP AUTH.

• If Basic Authentication is still needed, consider alternatives such as High-Volume Email for Microsoft 365, Azure Communication Services for Email, or an on-premises Exchange Server in a hybrid setup.

Ref: https://techcommunity.microsoft.com/blog/exchange/updated-exchange-online-smtp-auth-basic-authentication-deprecation-timeline/4489835

To unify the interface across Microsoft Defender products, Microsoft will retire the Microsoft Defender for Endpoint (MDE) Advanced Hunting API and Microsoft Defender XDR Advanced Hunting API.

Solution: Move to Microsoft Graph Security API for broader data coverage, improved consistency, and better scalability for automation and security workflows.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1220762

In October 2027, Microsoft will remove the option to create meetings without passcodes. This means all online meetings created through the Microsoft Graph API will automatically require a passcode, and the isPasscodeRequired property on the joinMeetingIdSettings resource will be removed. This change ensures that every meeting is consistently secured with a passcode, simplifying meeting creation, and improving security.

Ref: https://admin.cloud.microsoft/#/MessageCenter/:/messages/MC985483

To align with the updated passkey policy API schema that supports group-based passkey profiles, Microsoft will retire isAttestationEnforced and keyRestrictions from the fido2AuthenticationMethodConfiguration API. During the transition, these properties will sync with attestationEnforcement and keyRestrictions in the Default passkey profile.

Solution: Admins should update configurations, automations, and integrations to use the new schema.

Ref: https://admin.cloud.microsoft/?#/MessageCenter/:/messages/MC1188230

In conclusion, navigating the ever-evolving landscape of Microsoft 365 requires staying informed about the changes 🔍. By proactively adapting to these changes, you can optimize your Microsoft 365 experience, maximize productivity, and effectively plan for the future. 💪

Don’t miss out on the latest buzz in Microsoft 365! 🐝

We’re committed to keeping this blog fresh with the most current information. Stay tuned for the latest updates!

End of Support Resources for Microsoft 365: