Skip to main content

M365 Roundup, February 2026: EWS Finally Gets a Shutdown Date

Nick Ross6 min read

TL;DR

  • Exchange Web Services in Exchange Online begins phased disablement on October 1, 2026, with permanent shutdown starting April 1, 2027.
  • Microsoft is ending the free CSP grace period on May 4, 2026; expired subscriptions will renew, cancel, or move to paid Extended Service Terms.
  • Beginning January 30, 2026, Entra ID Governance features for guest users require a linked Azure subscription.
  • Purview Posture Reports reached general availability in February 2026, giving admins executive-ready visibility into Information Protection and DLP posture.
  • Intune reports now exclude devices inactive for 12 or more months, starting late February 2026.

Two deadlines headline February: Exchange Web Services finally has a retirement schedule, and the free CSP grace period has an expiration date of its own. Around them, Microsoft shipped a steady drip of Teams, Intune, Entra, Purview, and Copilot changes worth a spot on your roadmap. Here is everything that matters, grouped by product.

A quick word on how we read these each month: CloudCapsule automates Microsoft 365 security assessments against the CIS Controls, born from the need to measure tenants against a trusted standard without a consultant-day of clicking. The monthly updates below are the kind of changes those assessments watch for.

CloudCapsule automated security assessments mapped to the CIS Controls
Microsoft Admin logo

Admin and licensing: the two deadlines

EWS retirement now has real dates

Microsoft has updated the timeline and process for retiring Exchange Web Services (EWS) in Exchange Online. As previously announced, EWS goes away in favor of Microsoft Graph, which brings improved security, modern authentication, and broader capability support. The phased disablement begins October 1, 2026, and permanent shutdown starts April 1, 2027.

An EWS usage report is available in the admin center to find what will break. Microsoft's field guidance on finding and remediating EWS app usage is worth reading now: Notes from the field: finding and remediating EWS app usage before retirement (opens in new tab)

EWS usage report in the Microsoft 365 admin center

The free grace period becomes paid Extended Service Terms

Microsoft announced that the free grace period for accessing services on nonrenewed CSP subscriptions is being discontinued as of May 4, 2026. After expiration, customers and partners get three choices: renew, cancel, or move to a paid Extended Service Term (EST) to keep service running while next steps get decided.

Official documentation: Use Extended Service Terms (EST) for Cloud Solution Provider (CSP) subscriptions (opens in new tab). We cover the full MSP playbook, including uplift pricing and distributor gotchas, in our dedicated EST breakdown.

Extended Service Terms announcement in Partner Center
Microsoft Entra ID logo

Microsoft Entra

Hybrid join without AD FS, via Entra Kerberos

You can now use Microsoft Entra Kerberos to perform Microsoft Entra hybrid join for a device without requiring Active Directory Federation Services (AD FS) or Microsoft Entra Connect sync. You get hybrid join behavior instantly, no AD FS setup.

In preview. Details: How to hybrid join using Microsoft Entra Kerberos (opens in new tab)

App registrations can be deactivated instead of deleted

Deactivating an app registration gives you a reversible way to stop an application from accessing protected resources without permanently removing it from the tenant. A deactivated app immediately stops receiving new access tokens, though existing tokens stay valid until they expire. Useful for security investigations, temporarily suspending suspicious applications, or keeping configuration data intact while access is cut.

Generally available. Details: Deactivate an app registration (opens in new tab)

Deactivating an app registration in the Entra admin center

Guest governance now requires a linked Azure subscription

Beginning January 30, 2026, Microsoft Entra ID Governance requires all tenants to have a linked Azure subscription to continue using Identity Governance features for guest users. If you rely on access reviews or entitlement management for guests, get the subscription linked.

Details: Microsoft Entra ID Governance licensing for guest users (opens in new tab)

Microsoft Purview logo

Microsoft Purview

Posture Reports hit general availability

Microsoft Purview Posture Reports are now generally available, providing out-of-the-box, executive-ready visibility into data protection posture across Information Protection and Data Loss Prevention. Admins get unified, near-real-time insight into label usage, DLP activity, posture trends, and risk areas with no custom reporting or manual refreshes.

Rolling out early February 2026, complete by mid-February 2026. Details: Microsoft Purview reports (opens in new tab)

Separate retention policies for Copilots and AI apps

Admins will be able to configure retention policies for Copilot and generative AI interactions separately from everything else, giving organizations more flexibility over retention and deletion timelines for AI conversations.

Rolling out mid-March 2026, complete by May 2026. Details: Retention policies in Purview (opens in new tab)

AI analysis upgrades in Data Security Investigations

Data Security Investigations (DSI) gets enhanced AI analysis to help analysts evaluate risky content more efficiently. Items are now automatically prepared for AI analysis as they are added to an investigation, and a new standard categorization option streamlines the workflow.

Rolling out mid-April 2026 through mid-May 2026. Details: Data Security Investigations (opens in new tab) and AI analysis in DSI (opens in new tab)

AI analysis enhancements in Purview Data Security Investigations

Relaxed proximity matching removed from built-in SITs

Microsoft is updating the out-of-box sensitive information type detection logic to improve accuracy and reduce false positives. The relaxed proximity matching behavior previously used in some built-in SITs is being removed, so all out-of-box SITs will consistently apply stricter proximity rules for more precise detections. Generally available. If your DLP policies lean on built-in SITs, expect match behavior to tighten.

Microsoft Intune logo

Microsoft Intune

Stale devices drop out of reports

Starting late February 2026, Intune excludes devices inactive for 12 or more months from reports. Your numbers may shift; the new ones are closer to reality.

Secure Boot status report in Windows Autopatch

A new report lets Windows Autopatch admins monitor Secure Boot status across the organization. With the 2011 Secure Boot certificates starting to expire in June 2026, this is the place to begin identifying devices that have Secure Boot enabled. Generally available.

Details: Secure Boot status report (opens in new tab)

Secure Boot status report in Windows Autopatch

First sign-in restore goes beyond OOBE

The Windows first sign-in restore experience extends beyond the out-of-box experience (OOBE), delivering a streamlined, admin-controlled restore across more device types and deployment scenarios. For the first time, users signing in with a Microsoft Entra ID on eligible devices can restore their environment even if they missed the option during OOBE. Generally available.

Details: Windows first sign-in restore experience now available (opens in new tab)

Windows first sign-in restore experience
Microsoft Teams logo

Microsoft Teams

Ongoing meeting indicators in channels with threads

Teams has not had an efficient way for channel members to discover all ongoing meetings and pick the one to join. A new indicator fills that gap, surfacing active meetings at a glance in channels using the threads layout. Rolling out early March 2026, complete by mid-March 2026.

Ongoing meetings indicator in Teams channels

Annotate a single shared window on Windows

Presenters in Teams meetings on Windows can now annotate directly on a shared application window without sharing their entire desktop, a more focused and privacy-preserving way to collaborate that came straight from customer feedback. Rolling out mid-March 2026, complete by late March 2026.

Control over quick views in the chat list

New controls let users customize how quick views appear at the top of chat and channel lists, showing only the views that are relevant and managing when they appear. Rolling out late March 2026, complete by mid-April 2026.

Quick view controls in the Teams chat list
Microsoft Copilot logo

Microsoft Copilot

Branded footers in the Copilot app

A new co-branding capability lets organizations display a branded footer at the bottom of the Chat screen in the Microsoft 365 Copilot app, helping users confirm they are in the trusted, work-managed Copilot experience. Rolling out March 2026, complete by late April 2026.

Branded footer customization in Microsoft 365 Copilot

Copy tables out of Copilot Chat

Users can now copy tables generated in Microsoft 365 Copilot Chat, making it easy to move AI-generated structured content like comparison tables, checklists, and summaries directly into documents, emails, and spreadsheets. Rolling out and complete by early March 2026.

Teams Audio Recap learns eight languages

Microsoft Teams Audio Recap expands support to eight additional languages: Chinese, English, French, German, Italian, Japanese, Portuguese, and Spanish. Rolling out late March 2026, complete by mid-April 2026.

Copilot Studio: evaluation inputs from real conversations

Copilot Studio users can generate evaluation inputs directly from real production conversations, converting past customer interactions into reusable structured inputs. Evaluations built on actual usage patterns help uncover quality gaps, validate fixes, and improve agent behavior. Generally available March 31, 2026.

Microsoft changes monthly. Your baselines should notice.

Every roundup item that touches a security setting becomes drift in somebody's tenant. CloudCapsule assesses 250+ controls across all your tenants in about 60 seconds, so the February changes do not become the June surprises.

Run a free scan
Nick Ross

Written by

Nick Ross

CEO · Microsoft MVP · Founder, T-Minus 365

Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.

Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.

Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.

Keep reading