M365 Message Center

Geändert

08.07.2025

Services

Windows

Starting with the April 8, 2025, Windows security updates, protections for CVE-2025-26647 are being rolled out and enforced in phases. These updates change how certificate-based authentication (CBA) is handled when the issuing certificate authority (CA) is not in the NTAuth store but a Subject Key Identifier (SKI) mapping exists in the altSecID attribute.The second phase, Enforced by Default phase, begins today, July 8, 2025.When will this happen:July 8, 2025: Enforced by Default phaseUpdates released on or after July 8, 2025, will enforce the NTAuth store check by default. The AllowNtAuthPolicyBypass registry key setting will still allow customers to move back to Audit mode if needed. However, the ability to completely disable this security update will be removed.October 14, 2025: Enforcement modeUpdates released on or after October 14, 2025, will discontinue Microsoft support for the A

Geändert

08.07.2025

Services

Windows

The July 2025 security update is now available for all supported versions of Windows. We recommend that you install these updates promptly. For more information about the contents of this update, see the release notes, which are easily accessible from the Windows 11 and Windows 10 update history pages. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. Highlights for the Windows 11, version 24H2 update: This security update includes improvements that were a part of update KB5060829 (released June 26, 2025).This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.This update makes miscellaneous security improvements to internal OS functionality. This update addresses an issue where notification sounds didn’t play. Affected sounds included those for on-screen alerts, volume ad

Geändert

03.07.2025

Services

Microsoft 365 for the web

The cloud.microsoft domain was provisioned in early 2023 to provide a unified, trusted, and dedicated DNS domain space to host Microsoft’s first-party authenticated SaaS products and experiences. This post is to inform admins that the following Microsoft products and scenarios are now available at the cloud.microsoft domain, in parallel with the previous domains. Microsoft Visio (https://visio.cloud.microsoft/) [When this will happen:]The services above are already available on cloud.microsoft, in parallel to their previous domains. You can expect the previous domains to be redirected to cloud.microsoft in the coming months.[How this will affect your organization:] The cloud.microsoft domain has been a part of standard Microsoft network guidance on domains and service endpoints since April 2023. If you are currently following this guidance, this change should not impact users in your org

Geändert

02.07.2025

Services

Windows

Microsoft is updating the logic used by Application Control for Business to handle signer rules that rely on TBS (To Be Signed) hash values for Microsoft intermediate certificate authorities (CAs). This is in response to the upcoming expiration of several 15-year CAs starting in July 2025. The new logic allows Application Control to automatically infer trust for the new 2023 and 2024 CAs if your existing policy already trusts the older CAs. Signer elements like CertEKU, CertPublisher, FileAttribRef and CertOemId are preserved in the inferencing logic. When this will happen: Beginning in July 2025, these CAs will begin to expire according to the following schedule:July 6, 2025 - Microsoft Code Signing PCA 2010July 6, 2025 - Microsoft Windows PCA 2010July 8, 2026 - Microsoft Code Signing PCA 2011October 19, 2026 - Windows Production PCA 2011April 18, 2027 - Microsoft Windows Third Party Co

Geändert

01.07.2025

Services

Windows

Newly created Windows quality update policies now have hotpatch updates enabled by default to streamline policy creation. When will this happen: This feature is now available for all Windows Autopatch users. How this will affect your organization: Organizations using Windows Autopatch will benefit from faster security compliance and reduced downtime for devices running supported Windows editions. What you need to do to prepare: Create your new Windows Autopatch quality update policies today, with hotpatch enabled by default, to ensure your organization starts receiving hotpatches as early as August 2025. For new policies, hotpatch updates will be enabled by default. Just review and deploy them as usual.To create a new quality update policy, follow the steps here:Go to the Microsoft Intune admin center.Navigate to Devices > Windows updates > Quality updates.Select Create, and select Windo

Geändert

30.06.2025

Services

Windows

Start using the newest Windows 11 capabilities with helpful tips and actionable steps summarized in one place. Discover enhancements to hotpatching, role-based access control (RBAC) in Windows Autopatch, and several productivity features. See how to get started with these and other improvements across Microsoft Intune, Windows Server, and Windows security. When will this happen: Improvements summarized in this monthly recap are already available. Note that some of them are rolling out gradually. How this will affect your organization: You can start seeing improvements across various workflows in your organization with: Hotpatching for Windows Server 2025 Configuring role-based access control (RBAC) in Windows Autopatch New secure by default capabilities for Windows 365 Cloud PCs Preparation for expiration of Secure Boot certificates (June 2026) Copilot Control System Additional improveme