Specops Secure Access is a multi-factor authentication solution that adds a second authentication layer to Windows logon, Remote Desktop Protocol (RDP), and VPN connections in Active Directory environments. It is designed for on-premises or hybrid Active Directory environments and extends MFA to critical Windows access points without replacing Active Directory as the identity store. The solution addresses the growing vulnerability of password-based authentication and helps organizations fulfill compliance requirements for modern cybersecurity standards. It can also help organizations meet cybersecurity insurance requirements by strengthening access controls.

Source

Starting March 2026, Microsoft Entra ID will introduce passkey profiles and synced passkeys to general availability, enabling group-based authentication configurations with granular control over device-bound and synced passkeys. Microsoft will automatically enable passkey profiles for tenants that don't opt in during the initial rollout, with existing settings preserved to maintain their current security posture.

Source

Microsoft has introduced trust-based enhancements to the Teams Admin Center (TAC), designed to simplify app security and compliance management for IT administrators. These updates, known as Trust Through Certification, enable you to quickly identify trusted applications, enforce organizational standards, and streamline governance workflows through features such as "apps to consider allowing," security compliance filters, and Microsoft-certified app collections. The enhancements build on existing foundational features while adding dedicated trust indicators that consolidate security signals in a centralized dashboard. You can now evaluate apps based on industry-standard certifications without leaving the Teams Admin Center, reducing the time spent on manual reviews and cross-checking vendor documentation.

Source

Microsoft Entra Connect will enforce new security hardening measures starting March 2026 to prevent SyncJacking, a sophisticated attack technique that exploits synchronization mechanisms to hijack privileged accounts in hybrid identity environments.

Source

Microsoft is disabling hands-free WDS deployments that use unattend.xml answer files due to security concerns (CVE-2026-0386), with the feature first warning after January 2026 updates and then being turned off by default from April 2026. However, it can still be re‑enabled via a registry key, and alternative WinPE-based methods remain supported for Windows 11 deployments.

Source

Microsoft just announced the Security Baseline for Microsoft 365 Apps for enterprise version 2512 ( (v2512, December 2025) as part of the Microsoft Security Compliance Toolkit. This security configuration package aligns with Administrative Templates released in version 5516 and introduces updated policies designed to strengthen protections in Excel, PowerPoint, and core Microsoft 365 Apps components. You can deploy these Microsoft-recommended security configurations through multiple methods including Office cloud policies, Microsoft Intune, or Group Policy to reduce configuration drift and ensure consistent protection across enterprise environments.

Source

Windows 11 26H1 is a platform update designed primarily for next-generation ARM processors rather than a traditional feature-rich release. This guide briefly outlines what version 26H1 offers, how to download it, and who should install it.

Source

Microsoft released version 1.2.0 of the Microsoft Entra PowerShell module, introducing production-ready support for Agent Identity Blueprints, enhanced application configuration parameters, and modernized invitation APIs. This update consolidates Agent Identity functionality into the main module and delivers new cmdlets for automated identity management across Microsoft Entra ID environments.

Source

Microsoft introduced a new PowerShell parameter, ExcludeFromAllHolds, that simplifies removing multiple retention holds from inactive mailboxes in Exchange Online. This capability enables you to remove various retention holds from inactive mailboxes while preserving essential compliance protections such as eDiscovery holds and litigation holds.

Source

Microsoft announces the general availability of the Azure Test Run Hub, which delivers a new interface for managing test execution in Azure DevOps Test Plans.

Source

Microsoft has initiated a critical security hardening phase for Windows Active Directory domain controllers to address CVE-2026-20833, a Kerberos vulnerability that enables Kerberoasting attacks by allowing attackers to exploit weak RC4 encryption. The January 2026 security updates mark the beginning of a phased transition that will disable RC4 encryption by default and enforce AES-SHA1 as the standard encryption method for Kerberos authentication.

Source

Microsoft released Windows 11 Insider Preview Build 26220.7653 (KB5074157) to the Beta Channel on January 16, 2026. This update introduces modernized user interface elements with dark mode support, enhanced desktop background options, and multiple performance fixes. The build is based on Windows 11 version 25H2 and includes changes that are gradually rolling out to Insiders who enable the toggle for the latest updates in Settings > Windows Update.

Source

Microsoft is expanding Windows Backup for Organizations with a first-sign-in restore feature that lets you recover Windows settings and Microsoft Store apps immediately after logging in on Windows 11 devices. This new capability, currently in private preview, provides a safety net for users who miss or encounter issues during the initial device setup process.

Source

Microsoft has started automatically updating Secure Boot certificates on eligible Windows 11 systems with the January 2026 security update. The update replaces certificates that are set to expire in June and October 2026, ensuring devices maintain boot security and continue receiving critical updates. Learn what admins need to know.

Source

Microsoft has launched a native migration orchestrator in public preview that enables you to move user data between Microsoft 365 tenants during mergers, acquisitions, divestitures, and organizational restructurings. This cloud-based solution consolidates Exchange mailboxes, OneDrive files, and Teams chats and meetings into a single migration workflow, eliminating the need for multiple third-party tools and reducing administrative complexity.

Source

Microsoft announced the immediate retirement of Microsoft Deployment Toolkit (MDT) on January 6, 2026, marking the end of a tool that has served IT administrators for over 20 years. You will no longer receive updates, fixes, or support for MDT, and the download packages have been removed from official distribution channels. Find out about alternatives to the MDT and how administrators reacted to its retirement announcement.

Source

Microsoft will enforce multi-factor authentication (MFA) for all users signing in to the Microsoft 365 admin center starting February 9, 2026. This critical security measure aims to prevent unauthorized access to administrative accounts that manage tenant configurations, user provisioning, and compliance settings.

Source

Microsoft integrates Teams with Defender for Office 365, enabling security admins to block external users directly from the Microsoft Defender portal using the Tenant Allow/Block List. This centralized security management feature rolls out in January 2026, supporting up to 4,000 domains and 200 email addresses with automatic blocking across chats, meetings, channels, and calls.

Source

Microsoft has introduced the new RemoveMicrosoftCopilotApp Group Policy that allows IT administrators to uninstall the Microsoft Copilot app on managed Windows 11 devices. However, the uninstall option has several specific requirements and limitations you need to understand before attempting to remove Copilot from your Windows.

Source