M365 Message Center

Geändert

10.12.2025

Services

Windows

Starting with the January 2026 security update, the AllowOOBEUpdates CSP policy will be available and disabled by default. It shows up as a new setting on the Windows Autopilot Enrollment Status Page (ESP). This policy allows you to install the latest Windows quality updates during the out-of-box experience (OOBE) on eligible devices. Devices must be Microsoft Entra joined or Microsoft Entra hybrid joined and running Windows 11, version 22H2 or later. The original announcement and documentation are updated to reflect this change and to clarify device targeting. When will this happen: January 2026: The AllowOOBEUpdates CSP policy will be available and disabled by default. August 2025: The original announcement introduced this new capability. How this will affect your organization: With Windows Autopilot and Microsoft Intune (or alternative management solutions), you can maintain seamless

Geändert

09.12.2025

Services

Windows

The December 2025 security update is now available for all supported versions of Windows. We recommend that you install these updates promptly. For more information about the contents of this update, see the release notes, which are easily accessible from the Windows 11 update history page. To learn more about the different types of monthly quality updates, see Windows monthly updates explained. Highlights for the Windows 11, version 25H2 update: This security update includes improvements that were a part of update KB5070311 (released December 1, 2025).This update addresses security issues for your Windows operating system. This update addresses an issue where Ask Copilot didn’t activate the Click to Do* window as expected. The window now appears in the foreground when you share data with Copilot.This update addresses an issue where File Explorer briefly flashes white when you navigate b

Geändert

08.12.2025

Services

Windows

You can now deploy, manage, and monitor Secure Boot certificate updates. This method represents an alternative to setting registry keys and using Group Policy. You can use Intune to deploy on all domain-joined Windows clients, opt out of high-confidence buckets, and opt in to Microsoft managing these updates. When will this happen: The following settings are now available in the Intune settings catalog: Configure Microsoft Update Managed Opt-In Configure High-Confidence Opt-Out Enable SecureBoot Certificate Updates How this will affect your organization: As the 2011 Secure Boot certificates will start expiring in June 2026, it is essential that organizations start planning for and updating to 2023 certificates. You can now use Microsoft Intune, in addition to registry keys and Group Policy, to deploy, manage, and monitor this update process. The three new settings are disabled by default

Geändert

06.12.2025

Services

Microsoft 365 suite

[Introduction] We’re improving the reliability and performance of Microsoft Edge Workspaces by migrating to a new architecture. Workspaces, introduced in 2022, lets users create durable sets of tabs that can be saved and shared. As part of this update, we will migrate saved Workspace data from OneDrive/SharePoint to the Edge Sync service and remove the collaboration/share functionality. [When this will happen:] General Availability (Production, GCC, GCCH, DoD): Rollout begins mid-February 2026. [How this affects your organization:] Who is affected: All organizations using Microsoft Edge Workspaces. What will happen: Saved Workspace data will migrate from OneDrive/SharePoint to Edge Sync service. Collaboration and sharing functionality will be removed. Organizations that have disabled Workspaces via EdgeWorkspacesEnabled policy will not have data migrated. If Sync is disabled through poli

Geändert

04.12.2025

Services

Windows

Join us December 10, 2025, at 8:00 AM PST for a live Ask Microsoft Anything (AMA) session focused on updating Secure Boot certificates on your Windows devices before they expire in June 2026. This event gives IT admins the chance to ask questions and get expert guidance on Secure Boot configuration, update scenarios, inventorying and preparing your environment, and formulating the right deployment plan for your organization. Members of the Windows team will be available to answer your questions, share tips, and provide insights to help you prepare devices for Secure Boot certificate deployment.Visit the AMA: Secure Boot event page, log in to Tech Community, and post your questions in advance or during the live broadcast in the comments section. Save the date and start posting your questions early.

Geändert

04.12.2025

Services

Windows

A new Windows Autopatch report empowers your organization to prioritize update deployment, demonstrate compliance, and maintain a robust security posture. The Common Vulnerabilities and Exposures (CVEs) report joins your other Windows quality update reports right in the Microsoft Intune admin center. Use it to view Windows CVEs addressed by recent quality updates and follow links to remediation documentation and device-level vulnerability status. When will this happen: The new report is already available. How this will affect your organization: This report can help simplify how you track which vulnerabilities have been remediated and which devices remain at risk. It can also help strengthen your vulnerability response strategy by identifying and linking to specific Windows updates that address each vulnerability. What you need to do to prepare: Read Additional information to learn how to