M365 Message Center

Geändert

19.11.2025

Handlung bis

14.10.2027

Services

Microsoft Entra

Introduction Starting October 2027 and ending November 2027, we will retire the isAttestationEnforced and keyRestrictionsproperties from the existing fido2AuthenticationMethodConfiguration API schema. This change aligns with the latest update to the passkey policy API schema, which introduces support for granular group-based configurations with passkey profiles. During the retirement period, isAttestationEnforced and keyRestrictions will remain in sync with their counterparts attestationEnforcement and keyRestrictions within the Default passkey profile. When this will happen Retirement begins in mid-October 2027 and is expected to complete by early November 2027. How this affects your organization:You are receiving this message because our reporting indicates your organization may be using this feature. Who is affected: Admins managing FIDO2 authentication configurations and any custom a

Geändert

19.11.2025

Handlung bis

01.07.2026

Services

Microsoft Defender XDR

Updated November 19, 2025: We have updated the timing of this change below. Thank you for your patience.On July 1, 2026, you may encounter issues if you haven't updated your analytic rules, automation rules/playbooks, workbooks, hunting queries, or custom integrations to be precedence-aware for account entity naming. We've standardized the account entity naming logic in Microsoft Sentinel incidents and alerts, where the account entity naming priority is: UPN prefix → name → display name. Please update your queries and automations to use the new precedence pattern.You are receiving this message because our reporting indicates your organization may be using Microsoft Sentinel incidents, alerts (AlertV3), or related automation.[When this will happen:]July 1, 2026 (previously February 13, 2026)[How this will affect your organization:] If you don't fix this problem, these queries, automations

Geändert

19.11.2025

Services

Windows

Windows is embedding intelligence into systems, silicon, and hardware so you can move from AI experimentation to execution at scale. Because every organization approaches AI differently, Windows gives you the choice and control to decide how agents fit into your workflow so when you use them, you can do so with confidence and transparency. Catch up on the Windows AI innovations we’re sharing at Microsoft Ignite and find out what they mean for your organization. When will this happen:This week at Microsoft Ignite, we announced:Windows security and resiliency innovations to help mitigate riskThe ability to scale resiliency with new recovery toolsWays to improve your update experience with Windows Autopatch update readiness, quality update reports, and automatic or manual approvals for security, non-security, and out-of-band updatesSysmon functionality coming natively to Windows 11 and Wind

Geändert

18.11.2025

Services

Windows

(Update: This message was updated to reflect the availability of the updated November 2025 Scan Cab.) Microsoft has identified an issue where some Windows 10, version 22H2 devices enrolled in Extended Security Updates (ESU) for commercial customers might fail to install the November 2025 security update (KB5068781) with error 0x800f0922 (CBS_E_INSTALLERS_FAILED). This issue is isolated to devices whose Windows OS licenses were activated via Windows subscription activation through the Microsoft 365 admin center. The organizations affected by this issue can resolve it by installing KB5072653: Extended Security Updates (ESU) Licensing Preparation Package for Windows 10, which was released on November 17, 2025. Once you install this preparation package (KB5072653), you will be able to deploy the November 2025 security update (KB5068781).Note: A new Scan Cab including metadata for KB5072653 w

Geändert

18.11.2025

Services

Windows

IMPORTANT: This notice is only relevant for environments where:Windows Server Update Services (WSUS) is used to deploy Windows security updates to Windows 10, version 22H2 devices enrolled in Extended Security Updates (ESU).Scan Cab is used to check for update complianceThe November 2025 Scan Cab was deployed before 12:00 PM PT on November 18, 2025. An updated version of the November 2025 Scan Cab was made available at 12:00 PM PT on November 18, 2025. This Scan Cab includes new metadata for KB5072653 corresponding to a new update released for Windows 10, version 22H2 devices enrolled in ESU. This release (KB5072653) contains a new Extended Security Updates Licensing Preparation Package for Windows 10, and it addresses a recent known issue. See the additional information section of this message for details. How this affects your organization:IT administrators who downloaded the Scan Cab

Geändert

18.11.2025

Services

Windows

Secure Boot helps ensure that only trusted software runs during the boot sequence. It uses cryptographic keys, known as certificate authorities (CAs), to validate that firmware modules come from a trusted source. After 15 years, the Secure Boot certificates that are part of many Windows systems will start expiring in June 2026. These certificates were originally issued in 2011. Many Windows PCs manufactured since 2024 already have updated (2023) certificates. For the remaining devices, we recommend that you start monitoring the progress of certificate updates today as well as prepare for and install new certificates on devices that aren’t automatically getting them through Windows updates. An initial set of tools and guidance is now available to support you in this effort. When will this happen:While Microsoft will deliver the new 2023 Secure Boot certificates through Windows monthly upd