What’s New in the Hybrid Data Center & Microsoft | December 2025

–Security Copilot Included for M365 E5 (Rolling Out Now): Requires no additional purchase. Provides SOC-level insights, guided remediation, and threat summarization.

–Anthropic Models Enabled by Default (Jan 7): Governed by Microsoft Product Terms and Data Protection Addendum, ensuring enterprise-grade contractual protection for LLM use.

–Secure Deployment Settings (Mid-January 2026): Provides centralized recommendations, governance settings, and secure configuration templates for safe Copilot rollout.

–Automatic Meeting Rescheduling (GA): Copilot can reschedule 1:1 meetings and personal events based on user preferences.

–AI-Generated File Summaries (January): Available in Windows Explorer and OneDrive Activity Center for licensed users.

–Automatic Installation of Copilot App on Windows: Appears in Start menu; admins may opt out.

–New Copilot Modes: Auto, Quick, Think Deeper: Defaults to GPT-5 with persistent user mode selection.

–Excel Agent Mode (GA Dec–Feb): AI-assisted spreadsheet editing with web search; no admin changes required.

–Expanded Free Copilot Chat Features (Jan–Mar): Adds inbox-wide Outlook support, Agent Mode in Office apps, and specialized agents powered by Claude models.

–Hands-Free Activation (“Hey Copilot”): Off by default; can be enabled via Windows settings.

–Voice Chat Across Desktop/Web/Mobile: Secure transcripts stored in Microsoft 365.

–Explore Pane for Guided AI Navigation: Provides centralized help across Create, Search, and Notebooks.

–Preview: User-Level Federated Connectors: Users can securely connect apps like Notion and Canva using their credentials. Admins manage via 365 Admin Center.

–Simplified Navigation Menu: Rolling out through January. No admin action required.

–Teams Channels now available in Context IQ Prompts: Expands AI-assisted content retrieval based on channel activity.

–Document/Chart/Code Generation Agents: Studio Lite agents can generate Word, Excel, and PowerPoint artifacts using the “Generate documents, charts, and code” skillset.

–All Custom Agents Moving to GPT-4.1 (Nov 26): Admins should validate agent behavior and outputs due to model change.

–Migration from Studio Lite → Full Copilot Studio (Dec 18): Authors can copy agents into the full environment.

–Microsoft Agent 365 (Frontier Program, Late December): Enables enterprise oversight with agent inventory, access control, behavioral monitoring, threat protection, and segmentation by license/creator.

–Zero-Hour Auto-Purge (ZAP) Default Enablement (Jan 6): Automatically moves malicious Teams messages to quarantine for Defender for Office 365 Plan 1.

–Agentic AI Grading for Phishing: Large language models assess phish submissions with natural language explanations to accelerate triage.

–Threat Actor Attribution Moved (Jan 12, 2026): Removed from Defender for Endpoint alert pages and moved to Incidents + Threat Intelligence.

–Identity Alerts Transition to XDR Platform: Requires admins to update workflows, Detector IDs, and alert exclusion rules using XDR Alert Tuning.

–New Security Recommendations (Preview): Includes blocking NTLM and Remote Registry Service to prevent common attack paths.

–Modern Message Trace (GA): Replaces legacy Message Trace. Legacy Reporting Web Service retires March 18, 2026.

–EWS API Blocking for F1/F3/Kiosk Licenses (Mar 1, 2026): EWS access disabled for lower-tier licenses; admins must update integrations and workflows.

–GA Support for SQL Database + Cosmos DB: Enables enterprise-grade relational and NoSQL workloads directly inside Fabric.

–Copilot Sidecar Chat Tools: Conversational troubleshooting for pipelines, dataflows, and deployments.

–Document → Analytics Conversion via OneLake Shortcuts: Converts Office files/PDFs into analytics-ready data without ETL.

–GraphQL APIs for Materialized Views: Provides real-time data access for modern app development.

–Warehouse Deployment Automation: Adds DacFx support and dependency resolution for multi-item rollouts.

–Fabric Data Agents for Unstructured Data: LLM-powered reasoning over PDFs and documents using Azure AI Search indexes.

-Intune Data Warehouse Architecture Update (Mid-February): Resets historical data to ~30 days, modifies licensing definitions, and regenerates surrogate keys. Reporting teams should prepare for schema changes.

–Mandatory App SDK Updates (Jan 19 Deadline): iOS SDK, iOS Wrapper, and Android Company Portal must be updated to prevent app-launch blocks. Conditional Launch policies recommended.

–Copilot Agent Governance (Dec 21): Admins can enforce authentication rules, policies, and environment-level governance before agents interact with Power Platform data.

–AI-Generated Structured Plans from Solutions: Power Apps can now convert existing solutions into structured blueprints (objectives, roles, data models). Simplifies redesigns and documentation.

–AI-Powered Data Security Investigations (Preview → GA Mar 2026): Adds vector search, content categorization, NLQ search, and expanded investigative details.

–DLP + Edge for Business Integration: Provides inline protection for file uploads to unmanaged GenAI apps.

–New Insider Risk Triggers: Flags outbound attachments to free public domains or personal emails.

–Priority Cleanup Policies: Allows pre-retention deletion of SharePoint/OneDrive content.

-Auto Archive for Exchange: Moves the oldest mailbox items to archive automatically when usage hits 96%, by default for mailboxes with archives. 

–Dark Teal & Dark Blue Themes (Mid-December): Two new Microsoft-designed dark themes (Dark Teal, Dark Blue) will be available for SharePoint sites starting mid-December to enhance visual experience, and support accessibility. 

–SharePoint Page Agent: The SharePoint page agent, a declarative Copilot agent, enables users with Microsoft 365 Copilot licenses to create and refine SharePoint pages using natural language within supported apps.  

Security and communication improvements for external interactions.

• Tenant-Owned Domain Impersonation Warnings: Alerts users when external contacts appear suspicious. Enabled by default.
• Malicious URL Protection (Complete as of Nov 2025): Warns users before opening harmful links.
• Blocked Weaponizable Files: Executables and similar file types blocked automatically to reduce malware propagation.
• User Reporting for False Positives: Requires Defender for O365 P2 + TAC/Defender portal configuration.

Enhances facilitation in large or structured meetings.

• Organizer/Presenter Private Chat (January): Unified backroom chat for structured meetings, webinars, and town halls.
• Custom AI Summaries in Meeting Recap (Mid-Jan 2026): Templates and instructions enable personalized recap generation for Copilot users.
• Real-Time Interpretation for Teams Rooms on Windows: 9 supported languages, 20 hours/month per room for Pro-licensed rooms.
• Collaborative Annotation Requests: Participants can request annotation during screen sharing.

Admins must prepare for a new calling process and upcoming features.

• New ms-teams_modulehost.exe Process: MSFT is improving startup time of calling features in the Teams Desktop Client for Windows by introducing a new child process named ms-teams_modulehost.exe to handle the calling stack separately from the main application (ms-teams.exe). Update endpoint management and security software to allowlist ms-teams_modulehost.exe alongside ms-teams.exe and communicate this change to helpdesk staff to avoid confusion during troubleshooting. 
• Teams Queues Shared Call History (Feb): Teams Queues app will introduce shared call history for queue members to view all call events through February. The feature is disabled by default and requires Teams Premium license.
• Network Strength Indicator (Early Feb): Teams will introduce a Network Strength Indicator displaying connection quality with 3 bars (Good, Poor, Bad) starting early February.  
• DTMF-Based PSTN Merge to Meetings (Feb): Teams will enable consulting and merging PSTN callers into meetings via DTMF navigation through IVR systems in February. 

Stronger administrative controls for security and compliance.

• Rule-Based App Controls in Teams Admin Center: Admins can manage Microsoft 365 certified Teams apps using rule-based controls under org-wide settings, customizing app availability based on permissions and publisher requirements.
• Defender for Office 365 Tenant Allow/Block List Integration: Teams now integrates with the Tenant Allow/Block List, enabling centralized blocking of external domains, preventing communication, deleting existing messages, and auditing domain-block actions.
• Malicious URL Protection (Rolled Out November 2025): Teams now warns users about unsafe links in chats and channels. Admins may configure settings via Teams Admin Center or PowerShell.
• Blocking Weaponizable File Types (Starting November): Teams will automatically block messages containing executable or similarly dangerous file types to prevent malware propagation.
• User Reporting for False-Flagged Threat Messages: Users will be able to report messages incorrectly flagged as security threats. Requires Defender for Office 365 Plan 2 and must be enabled in both TAC and the Defender portal.
• Voice/Face Enrollment Dashboard (January): A new dashboard will provide visibility into AI-related enrollment data, including options for reviewing and deleting stored voice or facial enrollment artifacts.

–Secure Boot Certificate Expiration (June 2026): Secure Boot uses cryptographic certificate authorities (CAs) to validate trusted firmware. These certificates—embedded in many Windows systems for ~15 years—will begin expiring June 2026, requiring organizations to assess firmware update readiness and OEM guidance.

–Windows 10 22H2 ESU Update Failure (Nov 2025 Update): Some commercial devices enrolled in Extended Security Updates may fail to install the November 2025 patch. Admins should review deployment logs, validate ESU licensing, and prepare remediation steps for affected devices.

–Windows 11 Enterprise 25H2 Hotpatch Loop (KB5068966): Devices using hotpatching may repeatedly download and reinstall the same KB5068966 update released on November 11, 2025. Investigation and corrective action are required to break the update loop.

–WINS Removal After Windows Server 2025: Windows Internet Name Service (WINS) will be removed from all Windows Server releases following Windows Server 2025. Organizations relying on WINS for legacy applications must plan migration to modern name resolution mechanisms.

Grace Period Removal (April 1, 2026): Microsoft will no longer provide a renewal grace period. If a customer does not renew or cancel by their renewal date, the subscription automatically converts to a monthly paid/monthly commit model at a 23% premium. Licenses will not shut off, but billing increases immediately.

Proactive Renewal Support from eGroup: eGroup will contact customers 60–90 days before renewal to prevent unintentional premium charges and ensure renewals are properly executed.

Price Increases Effective July 1, 2026: Subscriptions starting or renewing on/after July 1 will reflect the new pricing below:

*  Select Intune Suite capabilities will be included in Microsoft 365 E3 and Microsoft 365 E5 subscription plans.