A new External Domain Anomalies report in the Teams admin center should provide an overview of how users in the tenant interact with people outside the organisation and flag sudden spikes or unusual engagement that fall outside normal patterns.
Microsoft is enabling Unified RBAC for new tenants with Defender for Office 365 Plan 2 starting at the end of May 2026.
Defender for Office 365 URL click alerts are expanding to Microsoft Teams. When users click malicious links in Teams messages, alerts now appear in the Defender portal for faster detection and investigation.
The “Revoke Sessions” action in Microsoft Entra has been updated to invalidate all user sessions, regardless of whether MFA is enforced via Conditional Access or per-user policies.
Organizations should update Secure Boot certificates ahead of the June 2026 expiration deadline. In this post, I share my personal experience deploying these certificates via Intune, encountering a licensing error, working around it with a registry key, resolving a BIOS-related failure, and verifying the final result with PowerShell.
Microsoft is expanding Teams message reporting to Defender for Office 365 Plan 1, allowing users to report suspicious and false-positive messages starting February 2026.
Microsoft will enable new messaging safety protections in Teams for tenants using the default configuration starting January 2026.
Microsoft is introducing Baseline Security Mode in the Microsoft 365 admin center, providing a central dashboard with 18 recommended security settings for Office products, SharePoint, Exchange, Teams, and Entra.
Microsoft will enable ZAP in Teams for organizations with Defender for Office 365 Plan 1 starting in January 2026, with an opt-out option available for security admins.
Legacy IDCRL authentication in SharePoint Online will be retired starting February 2026. Admins should review Purview Audit Logs and update any applications still using legacy protocols.
Microsoft will enforce Content Security Policy (CSP) for SharePoint tenants starting in March 2026. Report-only mode runs from April 2025 to February 2026. Admins should review CSP violations now to avoid broken custom scripts and components once enforcement begins.
Entra ID now supports multi-device passkeys, allowing users to store their passkey in password managers like 1Password for seamless, passwordless sign-in.
Admins can now remove users from Teams group chats and 1:1 conversations directly from Microsoft Defender, helping speed up incident response and containment.
Microsoft is rolling out three new security features to Teams chats and channel conversations: Weaponizable File Protection, Malicious URL Protection, and the ability to report messages as not a security concern.
Microsoft is introducing Content Security Policy (CSP) in SharePoint. While it’s currently in Report-only mode, enforcement will block untrusted scripts. SharePoint administrators should review violation reports now and prepare trusted sources before enabling CSP.
Microsoft has introduced new Trust Center controls in Microsoft 365 Apps for Windows to reduce risks from legacy protocols. By default, FPRPC is now blocked, while FTP and HTTP remain allowed unless users or admins choose to disable them.
Microsoft Teams has added a new capability, allowing internal users to report security risks when interacting with external users in 1:1, group, and meeting chats.
In the standard version, Connect-SPOService continues to use Basic Authentication for the connection to SharePoint Online. SharePoint administrators can customize it very easily.
In April, Microsoft introduced two new licenses and rolled back a change made in February.
More operating systems and apps support Passkey. I tested Passkey with Windows 11, 1Password and iOS 17 in GitHub.