At FabCon and SQLCon 2026 in Atlanta, Microsoft announced additions to Microsoft Fabric, its integrated data and analytics platform. The highlights include the Database Hub—a unified management console for major Microsoft database services—Fabric IQ, a new semantic layer that gives AI tools a structured understanding of business data, and a series of updates to OneLake, the shared data storage layer that underpins Fabric. This article provides simple introductions to OneLake, Fabric, Database Hub, and Fabric IQ, and outlines other new features announced in Atlanta.

Source

Microsoft released new security and governance controls for Microsoft 365 Copilot, introducing Data Loss Prevention (DLP) policies that inspect prompts before Copilot processes them, protecting web searches from leaking sensitive data, and enabling bulk remediation of overshared SharePoint files. The Copilot Dashboard gained expanded access, user satisfaction tracking, and CSV export. This article explains what each feature does technically, how to configure the relevant policies, and where the current limitations are.

Source

Microsoft introduced new SCIM 2.0 APIs for Microsoft Entra. The APIs now support bidirectional provisioning, which allows external identity systems to provision users and groups directly into Entra. SCIM (System for Cross-domain Identity Management) is an open internet standard that defines a common HTTP-based protocol for managing user accounts across different systems. Previously, Entra could only push user data to other applications via SCIM. Now, it also accepts incoming SCIM requests. The APIs follow a consumption-based pricing model, require an Azure subscription, and are generally available in the Microsoft public cloud.

Source

Microsoft's Conditional Access Optimization Agent uses AI to continuously scan your Microsoft Entra ID environment for policy gaps and recommend remediations. It requires a Microsoft Entra ID P1 license and a Microsoft Security Copilot subscription. Several new features are in public preview, including context-aware recommendations, deep gap analysis across all policies, and phased policy rollouts. This article explains what Conditional Access policies are, how the agent works, what you need to run it, and where its limitations lie.

Source

Microsoft has released a new unified monitoring and reporting platform for Windows 365 Cloud PCs into public preview in April 2026. It is built into the Microsoft Intune admin center and consolidates health, performance, and configuration data that was previously scattered across multiple locations. This article explains what the platform monitors, how you access it, and where its current limitations lie.

Source

Microsoft announced the public preview of the Windows 365 connector for Microsoft Power Platform and Azure Logic Apps on April 2, 2026. The connector lets you build automated workflows around Windows 365 Cloud PCs — the cloud-hosted Windows virtual machines that Microsoft manages for individual users. Using prebuilt building blocks called actions and triggers, you can automate tasks such as notifying users when their Cloud PC is ready, bulk-managing provisioning policies, or reacting automatically to administrative events. The connector is currently in public preview and is classified as a premium connector, which has licensing implications described below.

Source

Microsoft's March 2026 Entra update promotes passkey authentication to general availability, introduces a built-in tenant backup feature in public preview, and announces a breaking security change for hybrid environments, taking effect June 1, 2026. Additional changes enforce TLS 1.2 for Entra Connect Health agents and bring several multi-tenant governance capabilities into preview. This article covers changes relevant to administrators managing Microsoft 365 tenants and hybrid Active Directory environments.

Source

GitHub Copilot CLI—GitHub's AI assistant for the terminal—introduced an experimental feature called Rubber Duck that pairs your primary AI model with an independent reviewer from a completely different AI vendor. The goal is to catch early planning mistakes before they compound into harder-to-fix downstream errors, a known weakness of single-model AI agents. In performance testing on real-world coding problems, combining Claude Sonnet with Rubber Duck closed 74.7% of the performance gap between Sonnet and the more capable Opus tier.

Source

Microsoft announced a breaking change to the Microsoft Graph API affecting Exchange Online: from December 31, 2026, applications that modify sensitive email properties -- such as the subject, body, or recipients -- on delivered messages must hold elevated Mail-Advanced.ReadWrite permissions. Until now, the standard Mail.ReadWrite permission was sufficient for these operations. The new permissions require explicit approval from the tenant administrator ("admin consent"). If you operate Microsoft 365 and have custom applications or third-party tools that interact with email via the Graph API, you need to audit and potentially update these apps before the enforcement date.

Source

On April 1, Microsoft published a TechCommunity blog post explaining how Windows Update management in Intune differs from Configuration Manager (still widely known as SCCM). A Techzine author read the post as an announcement of upcoming changes and reported that "patch behavior is set to change significantly for Microsoft Intune." That framing is a human hallucination, as Microsoft's post does not announce any changes.

Source

Microsoft has released file-level archiving for Microsoft 365 Archive in public preview on March 30, 2026. The feature lets you move individual files in SharePoint document libraries to a low-cost cold storage tier while the rest of the site remains fully active. This builds on site-level archiving, which has been generally available since May 2024. General availability of Microsoft 365 Archive file-level archiving is targeted for July 2026. Policy-based automation for automatic archiving is planned for late 2026.

Source

Microsoft is making a decisive shift as Windows App is finally replacing Remote Desktop, introducing a unified way to access cloud PCs, virtual desktops, and local machines. Alongside this transition come key upgrades, including LAN support, built-in keylogging protection, more reliable connections with RDP Multipath, and flexible Mobile Application Management (MAM).

Source

Microsoft released the March 2026 updates for Intune, its cloud-based service for managing devices and apps across an organization. The most significant change is that hotpatch security updates—patches that apply without requiring a device restart—will become the default for eligible Windows 11 devices starting May 2026. On the Apple side, two notable additions arrive: a Recovery Lock for macOS and expanded support for Apple's modern device management framework. Improved push notifications and a managed installer change also streamline Windows device deployment.

Source

Microsoft released new preview builds across three Windows Insider channels. The Dev and Beta channels (Builds 26300.8142 and 26220.8138, both based on Windows 11 25H2) introduce the most notable changes: continued rollout of Administrator Protection—a new security feature that limits what admin accounts can do by default—plus Task Manager improvements for monitoring the Neural Processing Unit (NPU) and a new touchpad setting. The Canary Channel receives Build 29558, which primarily introduces Windows Console Host improvements but also includes other fixes.

Source

Starting in April 2026, Windows updates will change the default Kerberos ticket issuance behavior to AES-SHA1 for accounts without explicit encryption settings, while RC4 can still be used where explicitly enabled. This change, driven by CVE-2026-20833, affects every Windows Server environment where service accounts or devices still rely on RC4. Any service account, NAS device, or legacy application not explicitly configured for AES-SHA1 encryption may lose authentication capability. This article explains what Kerberos and RC4 are, what will break in April 2026, and what you must do to prevent outages.

Source

Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) solution that delivers comprehensive security for Software as a Service (SaaS) applications across your organization. This security platform provides visibility into shadow IT, threat protection, data loss prevention capabilities, and security posture management for cloud-based applications. The tool integrates with Microsoft Defender XDR to offer extended detection and response across the full attack chain. Recent updates include March 2026 changes to Secure Score category calculations that reclassify some recommendations from the Cloud apps category to Identity, more accurately reflecting where controls apply without changing the overall Secure Score.

Source

Exchange Online now lets you choose, per outbound connector, whether SMTP DANE and MTA-STS are enforced opportunistically, mandatorily (for DANE), or not at all. These new connector modes give you granular control over how strictly Exchange Online enforces modern email security standards when sending mail to external domains.

Source

Microsoft announced several new Defender features at the RSA Conference 2026, most of which are in preview and have minimal technical documentation. The primary additions include AI-powered triage agents in Security Copilot that automatically classify security alerts, a new dashboard that consolidates identity-related security events, automated hardening actions based on attack predictions, and voice-call monitoring in Microsoft Teams.

Source

Microsoft has introduced external Multi-Factor Authentication (MFA) as the new, fully integrated OpenID Connect (OIDC)-based way to connect third-party MFA providers, replacing the Custom Controls mechanism that previously enabled external MFA in a more limited way. Custom Controls will be deprecated on September 30, 2026.

Source