What’s New in the Hybrid Data Center & Microsoft | May 2025

The world of Virtual Desktops is changing.  Whether it’s reducing a reliance on VMware, shifting towards a more cloud managed endpoint strategy, or frustration with increased costs and hazy product futures; Azure Virtual Desktop and Intune Managed Endpoints are thriving as a hybrid alternative to traditional VDI solutions. Start the Blog Series here to learn more.

More value with Microsoft Azure Arc – Increase your security while reducing or eliminating your dependency on legacy active directory and manage servers anywhere, securely, with Entra Id and Azure Arc.  Learn More

Interested in knowing more about how an Azure Data Center operates?  The new Microsoft Azure Virtual Data Center Tours does just that.  Having a conceptual understanding of how Azure is architected helps connect real-life scenarios for IT administrators when they are looking to transition their understanding from on-premises virtualization to Azure concepts.  Being able to understand the software defined nature of your resources promotes faster learning.

Azure FinOps Toolkit expands support for Microsoft Fabric Real-Time Intelligence that can offer cost savings over Data Explorer by using on-demand capacity. Learn More

Cost Management, simplified, with Azure Copilot.  Take the work out of analyzing your cost data and utilize natural language to ask your Azure Copilot, “What does X resource cost me?” or “Why is Y resource increasing month over month?”.  Learn More

Azure Site Recovery now supports the replication and failover of workloads that reside on Windows Server Failover Cluster (WSFC) clusters that are composed of Azure virtual machines and shared managed disks.

Copilot Wave 2 updates are rolling out for licensed users, including Copilot Search, Agent Store, simplified chat, updated Create experience, Notebooks, and improved memory and personalization.

Microsoft is announcing the use o1 reasoning model in prompt builder feature as part of model selection and temperature settings for AI Builder. This feature allows makers to embed advanced AI reasoning capabilities into agents, applications, and workflows and is slated for GA on May 16.

M365 Copilot will soon allow users to search for and select SharePoint sites when writing prompts using Context IQ. The rollout will complete by mid-May 2025. No admin action is required. Users will see their recent SharePoint sites in CIQ.

Microsoft 365 Copilot app’s Wave 2 Spring release updates for unlicensed users include a refreshed navigation pane, simplified Copilot Chat experience, and an Agent Store.

People with an M365 Copilot license will soon have a Facilitator agent that takes real-time notes during meetings. This feature can be disabled by admins. Sensitivity labels won’t apply to notes automatically.

Copilot will offer AI-generated audio overviews for Word documents, PDF files, and Teams meeting recordings with transcripts in OneDrive by late May 2025. Summary and podcast styles are options.

OneDrive will introduce Copilot for meeting recordings, providing actionable insights and immediate answers via Q&A. Users can recap meetings, generate notes, and highlight @mentions.

Fix spelling and grammar with one click using the new Copilot feature, available from late April to mid-June 2025. Users can review and undo changes.

Copilot in Forms will help users collect and monitor form responses, reducing manual follow-ups.

Users will soon be able to search their past Microsoft 365 Copilot chat sessions.

Copilot introduces Researcher and Analyst agents, available in the US for licensed users. Researcher aids in complex research, while Analyst performs advanced data analysis. Both agents are part of the Frontier program, free of additional cost, and require specific admin settings to enable user access.

Agent makers can track Copilot agents’ billing consumption in Copilot Studio.

Enhanced agent discovery will be available in the App Store for Teams, Microsoft 365, and Outlook, allowing users to view the entire catalog of agents regardless of their M365 Copilot license.

Copilot will soon allow users to upload files as knowledge sources for agents and enable admins to manage these agents. Supported file types include docx, pptx, xlsx, pdf, txt, and csv, with specific size limits. Sensitivity labels will apply to agents.

Copilot will soon support custom engine agents, using any large language model. Custom agents require a Microsoft 365 Copilot license and can be created using low-code or pro-code tools. Admin approval is needed for deployment.

Admins can use Billing Policies to manage Copilot Pay-as-you-go services, controlling usage and costs by linking agent usage to departments and user groups.

Defender for Cloud Apps will enhance threat protection with a new dynamic model for detections and alerts, rolling out in July. This model allows faster response to threats and will be implemented seamlessly. Legacy policies will be disabled but visible temporarily.

Update your firewall rules to ensure continued access to Defender for Cloud Apps. Allow outbound traffic on port 443 for specified IP addresses or add the Azure service tag ‘AzureFrontDoor.MicrosoftSecurity’.

Check out the ALL NEW eGroup Enabling Technologies ThreatHunter page and learn more about how a Microsoft Verified MSSP delivers 24×7 security.  Explore ThreatHunter

Defender for Office 365 has expanded its Safe Links feature, offering increased capabilities for zero-hour auto purge (ZAP), quarantine, and end-user reporting of potential malicious messages. Additionally, Exchange Online permission management is now supported in Microsoft Defender XDR Unified role-based access control (RBAC), streamlining permission assignments across security solutions.

The Attack Simulation and Training feature now utilizes machine learning to drive more effective simulations, offering intelligent predicted compromise rates and high-quality payload recommendations. Furthermore, a broader library of over 70 training modules is available, allowing organizations to assign training content directly without tying it to phishing simulation campaigns.

Defender for Office 365 now extends protection to Microsoft Teams, offering real-time scanning of messages and files for malicious content. Features include Safe Links, Safe Attachments, and anti-impersonation safeguards, all integrated into the unified security operations platform.

Defender for Office 365 will soon offer auto-remediation for malicious URL and file clusters identified through AIR. Admins must enable this feature in the new MDO automation settings page.

Microsoft recently introduced the Security Copilot Phishing Triage Agent, which is an AI-driven tool that autonomously assesses user-reported phishing emails. By filtering out false positives, it allows security teams to focus on genuine threats, streamlining incident response.

The integration of Microsoft Purview Data Security Investigations into Defender XDR enables security operations centers to quickly assess data exposure during incidents. This enhancement facilitates quicker, more informed responses to potential data breaches.

Deploy the new Defender for Identity sensor on Microsoft Entra Connect servers for comprehensive monitoring and threat detection.

Entra ID will update the user sign-in experience with Microsoft Authenticator Lite and the Microsoft Authenticator app, with users seeing a new message instructing them to refresh notifications if they don’t receive a sign-in request.

Microsoft has announced the retirement of Microsoft Entra Permissions Management (MEPM). Effective April 1, 2025, MEPM will no longer be available for sale to new Enterprise Agreement or direct customers, with complete retirement and discontinuation of support scheduled for October 1, 2025. Microsoft recommends transitioning to alternative solutions, such as Privilege Control for Cloud Entitlements (PCCE) by Delinea, to maintain similar capabilities.

Microsoft Entra ID Protection now includes real-time password spray detection and new Microsoft-managed Conditional Access policies to limit device code and legacy authentication flows. In Entra ID Governance, granular Microsoft Graph permissions for lifecycle workflows have been introduced, enhancing control over user lifecycle management. Additionally, Privileged Identity Management integration in Azure Role-Based Access Control is now available, providing more robust governance capabilities.

Action Required for Exchange Hybrid Deployments! Microsoft has released Hotfix Updates (HUs) for Exchange Server 2016 CU23 and 2019 CU14/CU15, introducing a dedicated Exchange hybrid application in Entra ID. Organizations utilizing hybrid configurations with rich coexistence features (such as Free/Busy lookups and MailTips) must transition to this dedicated app by October 2025 to maintain functionality.

Microsoft Exchange Online will disable legacy tokens starting June 2025, with full retirement by October 2025. Organizations must migrate to NAA and Entra ID tokens to ensure Outlook add-ins continue functioning.

Exchange Web Services (EWS) in Exchange Online will be deprecated on October 1, 2026.

Starting mid-May 2025, the Intune Service Administrator role will be required to configure device limit enrollment restrictions. Admins without this role will have read-only access. Review and update RBAC assignments to ensure proper permissions.

SharePoint and Outlook users can secure PDFs with passwords on OneDrive Web. The rollout begins early May for General Availability.

Microsoft will archive unlicensed accounts to read-only mode by May 16, 2025. For accounts unlicensed after February 17, 2025, read-only mode starts on day 60, and archiving occurs on day 93. Eligible users will be prompted to back up files to OneDrive via the Message Bar in Microsoft Word, Excel, and PowerPoint. Admins can use policies to manage or block these prompts.

Microsoft Purview has introduced Collection Policies (Currently in preview) that provide a high-level overview of data collection processes, including their purpose, key features, and benefits. This feature aims to help users manage their data collection processes more effectively.

Critical data elements (CDE) and objectives and key results (OKR) data are now available for self-service analytics and can be used alongside other Microsoft Purview metadata for insights. Additionally, Data Health controls have been introduced, allowing users to configure the severity of rules applied for each data health control, enhancing data governance capabilities.

Microsoft Purview Insider Risk Management will soon allow analysts to identify compromised user alerts in Microsoft Entra.

Purview will soon allow DLP admins to rename existing policies and rules without recreating them. Purview DLP will extend to M365 Copilot in Word, Excel, and PowerPoint, allowing DLP policies to exclude processing of labeled content by Copilot. Public Preview starts mid-May, with GA in late June 2025. No preparation is required other than creating DLP policies and assigning licenses.

SharePoint’s eSignature service will allow users to create additional eSignature requests without waiting for previous ones to complete. New toast notifications will inform users of request statuses, streamlining the document signing process.

Microsoft SharePoint and OneDrive will introduce a PDF compression feature, allowing users to reduce PDF file sizes with three compression levels.

SharePoint Online has introduced AI-driven features like SharePoint Copilot, which assist in task automation and provide insights to enhance productivity. Additionally, SharePoint 2025 deepens its integration with Microsoft Teams, allowing for immediate file and page access by adding sites as tabs, and saving Teams channel whiteboards directly to SharePoint, enhancing accessibility.

SharePoint and OneDrive users can now protect PDF files with passwords to restrict unauthorized access. Document libraries now offer improved performance and editing capabilities, including support for editing Choice fields, assigning users or groups through Person fields, and adding or changing images directly within the grid view. The Hero web part has been updated to offer more customization options, user-defined fluid layouts, resizable tiles, and new slide-based and carousel navigation features.

Classic Microsoft Teams will be unavailable on Mac and Windows desktops starting July 1, 2025. Users must upgrade to the new Teams or use Teams on the web to avoid disruptions.

Teams will soon allow users to report security concerns involving external collaborators in chats and meetings, excluding shared channels. The rollout starts in May 2025 and will be available for admins to enable. Admins should review and enable this feature in the Teams admin center.

Teams will now block clients older than 90 days from accessing the service. Users will receive banner warnings prompting them to update, ensuring that all clients are up-to-date for optimal performance and security. Admins should verify that all Teams users are using the latest Teams clients.

Microsoft has recently reinstated the default “General” channel in new Teams. Users can now choose to retain the “General” channel or rename it according to their preferences, offering greater flexibility in team organization.

Teams is introducing an interpreter feature that allows meeting participants to speak or listen in their preferred language using AI-powered real-time speech-to-speech translation, supporting up to nine languages with simulated personal voice translation.

Teams will soon allow adding a Loop workspace tab to standard channels for real-time collaboration. Rollout completes late May 2025. Users can create, manage, and share content within Teams.

Teams Rooms on Windows and Android are receiving updates, including support for live transcription controls during meetings, additional language support, and real-time translation for captions. Admins will benefit from expanded device health signals and a unified device management experience through the Teams Rooms Pro Management portal.

Teams will introduce Lobby chat, allowing meeting organizers and co-organizers to send one-way messages to attendees in the meeting lobby. This feature will be on by default and can be managed in the Teams admin center. Rollout begins late June for general availability.

Teams is introducing a “Manage what attendees see” feature, allowing organizers and presenters to preview changes before making them visible to attendees.

The “From” field of voicemail email messages will be modified to meet the latest RFC standard. Specifically, RFC 6854. According to this standard, the Internet message format must always include an address in the “From” header. For example Previously: +44 28 7584 5695 <442875845695>, will now be after the change: +44 28 7584 5695 <noreply@skype.voicemail.microsoft.com>

Teams devices that have reached end-of-support will no longer work after July 2025.

Device management for Teams Android devices has migrated to the Android Open-Source Project (AOSP) platform with Intune. IT admins must manually create new policies in Intune for migration.

Teams will soon support native Bluetooth call controls for multiple peripheral devices on Windows desktop. The device used to answer a call will temporarily sync with Teams, reverting to the original device after the call.

Teams Admin Center now includes security and compliance information for apps. Admins will be notified of this feature and can access a tutorial and live count of certified apps. Rollout by early June 2025

Premium users will soon be able to create and use personal meeting templates for scheduling in early June 2025. Users can save, edit, and delete templates via the new calendar interface.

Teams will increase the town hall attendee limit to 100,000 for organizers with a Premium license.