Skip to main content

M365 Roundup, January 2026: Passkeys Stop Waiting for You

Nick Ross6 min read

TL;DR

  • Microsoft Entra will automatically migrate tenants to passkey profiles starting March 2026 if admins have not opted in beforehand.
  • Users on Defender for Office 365 Plan 1 can report suspicious Teams messages from mid-February 2026, a capability previously limited to Plan 2.
  • Brand impersonation protection for Teams Calling rolls out enabled by default starting mid-March 2026.
  • Standalone SharePoint Online and OneDrive for Business plans stop selling to new customers after May 31, 2026, and reach end of service in December 2029.
  • Microsoft's Data Security Posture Agent enters preview in mid-March 2026, using LLMs to find sensitive data beyond keyword matching.

January's Microsoft 365 changes split neatly into two piles: things Microsoft will do for you whether you act or not, and things you should plan around. The passkey change leads the first pile, the SharePoint and OneDrive plan retirement leads the second, and Teams quietly picked up four genuinely useful security features in between.

Here is everything that matters from the January 2026 update cycle, organized by what deserves your attention first.

The one you cannot snooze: passkey profiles auto-enable in March 2026

Microsoft Entra is bringing passkey profiles and synced passkeys to general availability, and this is an opt-in that becomes a push. Administrators can adopt the new passkey profiles experience now, with group-based passkey configurations and a new passkeyType property. Tenants that have not opted in by their automatic enablement period will be migrated automatically.

Here is what the migration does:

  • Existing Passkey (FIDO2) configurations move into a Default passkey profile
  • The new passkeyType property is auto-populated
  • If enforce attestation is enabled, device-bound passkeys are allowed
  • If enforce attestation is disabled, both device-bound and synced passkeys are allowed
  • Existing key restrictions remain intact
  • Existing user targets are assigned to the Default passkey profile

Registration campaigns change too, for tenants on Microsoft-managed campaigns where synced passkeys are enabled:

  • The targeted authentication method updates from Microsoft Authenticator to passkeys
  • Default user targeting widens from voice call and text message users to all MFA-capable users
  • The "Limited number of snoozes" and "Days allowed to snooze" settings stop being configurable, fixed at unlimited snoozes with a one-day reminder cadence

Rollout begins March 2026. Review the configuration before Microsoft reviews it for you:

Teams picks up a real security toolkit

Four of January's Teams announcements are security features, and together they make Teams a meaningfully harder target.

Suspicious message reporting reaches Defender for Office 365 Plan 1

Users can now report suspicious Teams messages on Defender for Office 365 Plan 1, a capability previously reserved for Plan 2. Security teams get user-sourced signal on potential phishing, malware, and spam across internal and external Teams chats, channels, and meeting chats. Rolling out and completing in mid-February 2026.

Inbound calls get brand impersonation screening

Brand impersonation protection for Teams Calling targets fraudulent external callers posing as trusted organizations, the classic first-contact social engineering play:

  • Teams evaluates inbound calls for signs of brand impersonation
  • Users see high-risk warnings before answering suspicious calls
  • Warnings can persist during the call if risk signals continue
  • Users can accept, block, or end the call
  • The feature ships enabled by default

Rollout starts mid-March 2026 (moved from mid-February) and completes by late March 2026 for Targeted Release.

Users can report suspicious calls, not just messages

A new Report a Call option lands in Teams call history for one-to-one calls, on by default in the Teams client. Users click more options next to any call and select Report a Call; relevant call metadata and limited context is shared securely with the organization and Microsoft. Security teams review detailed reports in the Microsoft Defender portal, which requires Defender for Office 365 Plan 1 or Plan 2 or Defender XDR, and summaries appear in Teams admin center under Protection reports > User-reported security submissions. Mid-April through late April 2026.

A report for cross-tenant communication anomalies

The new External domains anomalies report in the Teams admin center, under Protection reports, analyzes cross-tenant communication patterns and flags sudden spikes or abnormal engagement. Admins select Communication anomalies, pick a date range, and run the report.

External domains anomalies report in the Microsoft Teams admin center

Rollout starts early March 2026 (moved from late February) and completes mid-March 2026.

Copilot reaches into rules, calendars, forms, and agents

Seven Copilot updates this month, ranging from quality-of-life to genuinely new capability.

Inbox rules by natural language. Outlook gains Copilot capabilities to create and view Inbox rules conversationally. Late January 2026 through early March 2026.

Copilot creating an Outlook inbox rule from a natural language prompt

Emails open inside Copilot chat. Users can open Outlook emails directly within any full-app Microsoft 365 Copilot experience, including Copilot chat, cutting the context switch when Copilot references a message. Mid-February through late February 2026.

Copilot manages RSVPs. Users with a Microsoft 365 Copilot license can set custom calendar instructions so Copilot proactively RSVPs to new meeting requests and removes canceled meetings on their behalf. Late January through early March 2026.

Structured documents from Forms. Microsoft Forms in SharePoint gains structured document generation: Copilot-licensed users create document forms linked to approved SharePoint templates, while business teams keep template governance enforced.

Structured document generation setup with Microsoft Forms in SharePoint
Generated standardized document from a SharePoint form template

Early February through late February 2026.

Data Security Posture Agent enters preview. This agent helps data security admins discover sensitive data across the estate and assess risk, using LLMs to understand purpose and context rather than relying on keyword matching alone. The most consequential Copilot item this month for security teams.

Data Security Posture Agent preview interface

Mid-March through late March 2026.

Researcher agent learns new formats. New output formats for the Researcher agent give users more ways to create, share, and use AI-generated research reports. Starts early February 2026 with a long tail: completion is expected by late December 2027.

Researcher agent output format options in Microsoft 365 Copilot

Scheduled AI workflows. Workflow templates built on scheduled Copilot prompts automate routine and complex tasks with guided setup. Late January through mid-February 2026.

AI workflow templates powered by Microsoft 365 Copilot

Licensing watch: standalone SharePoint and OneDrive plans are retiring

Microsoft is retiring the standalone SharePoint Online plan 1 and plan 2 and OneDrive for Business plan 1 and plan 2 SKUs. The Partner Center announcement (opens in new tab) lays out the runway:

  • Late January 2026: retirement communicated to customers
  • June 2026: end of sale; no new tenants or customers after May 31, 2026, renewals for existing customers only
  • January 2027: end of life; no renewals, existing contracts run to expiration
  • December 2029: end of service; customers must transition to Microsoft 365 suites, capacity packs, or pay-as-you-go storage

If any client still carries these SKUs, the migration conversation belongs in this year's planning, not 2029's.

Quality-of-life changes your users will actually notice

The smaller items, briefly:

  • Teams follows the device time zone without a client restart once a change is detected. Mid-February through late February 2026.
  • A Drafts quick view in Teams makes unsent draft messages easy to find, edit, and send. Mid-March through late March 2026.
Teams Drafts quick view showing unsent messages
  • Enter key behavior becomes a choice in Teams desktop and web: send the message or start a new line, set under Settings > Chats and channels ("When writing a message, press Enter to..."). Mid-February through late February 2026.
Teams setting for choosing Enter key behavior
  • Meeting notes come to instant meetings. Loop-powered Teams meeting notes now cover Meet now sessions and calls started from chat, with collaborative agendas, notes, and action items. Early April 2026 (previously late February) through late April 2026.
Loop-powered meeting notes in an instant Teams meeting
  • Code blocks render properly on Teams mobile for iOS and Android. Mid-February through late February 2026.
Code block rendering in the Teams mobile app
  • Outlook on iOS saves meeting drafts, so users can start an invitation, pause, and finish later. Late January through late February 2026.
Saving a meeting event as a draft in Outlook on iOS
Draft meeting event resumed in Outlook on iOS
  • Edge refreshes its profile flyout to better distinguish work and personal profiles, manage credentials, and reach key settings. Mid-February through late February 2026.
Refreshed Microsoft Edge profile flyout
Edge profile flyout showing credential management options

Two admin tools worth bookmarking

Slack to Teams migration gets first-party tooling. A new tool lets administrators migrate content from Slack public and private channels into Teams shared, public, and private channels. If you have been quoting Slack migrations with third-party tools, compare against Microsoft's migration tool documentation (opens in new tab) first. Mid-February through end of February 2026.

Slack to Microsoft Teams migration tool interface

Site Lifecycle Management emails are now customizable. SharePoint admins can tailor the notification emails sent to site owners during policy execution, generally available now. Details in Microsoft's documentation (opens in new tab).

Customized email notification settings in SharePoint Site Lifecycle Management

Frequently asked questions

What happens if a tenant ignores the Entra passkey profile change?

Nothing breaks, but control shifts. Tenants that have not opted in by their automatic enablement period get migrated to passkey profiles automatically: existing FIDO2 configurations move into a Default passkey profile, the new passkeyType property is auto-populated, and Microsoft-managed registration campaigns retarget from Authenticator to passkeys for all MFA-capable users.

When do standalone SharePoint Online and OneDrive plans actually disappear?

In stages. End of sale is June 2026 (no new customers after May 31, 2026), end of life is January 2027 (no renewals), and end of service is December 2029, when customers must move to Microsoft 365 suites, capacity packs, or pay-as-you-go storage.

Microsoft changes the rules monthly. Know which tenants noticed.

Every roundup item lands differently in every tenant. CloudCapsule checks 250+ controls in 60 seconds so the settings that shipped, drifted, or auto-enabled this month never surprise you at the QBR.

Run a free scan
Nick Ross

Written by

Nick Ross

CEO · Microsoft MVP · Founder, T-Minus 365

Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.

Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.

Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.

Keep reading