Top 5

  1. Hotpatch now default for all eligible Windows devices — GA, May 2026 Windows security update. Opt-out available at tenant level or per quality update policy. Review your rings before it hits.
  2. Entra hard-match restriction for role-holding accounts — Action required before June 1. AD → cloud sync will be blocked for objects targeting Entra role-assigned accounts.
  3. Agent 365: Shadow AI page + Intune endpoint controls for local agents — Preview. First real governance surface for endpoint-level AI activity. OpenClaw covered now; Claude Code and GitHub Copilot CLI on the roadmap.
  4. Conditional Access enforcement for policies with resource exclusions — Action required before June 15. Apps that don’t handle CA challenges will break for affected tenants.
  5. Purview DSPM major evolution + IRM → Defender XDR integration — Rolling. Biggest Purview release of 2026. Third-party signals, AI observability, Security Copilot agents.

Identity

  • Entra Connect Sync → Cloud Sync migration (July 2026 notifications) [Action Required] — Microsoft is transitioning tenants from on-prem Entra Connect Sync to cloud-native Cloud Sync; notification windows will be assigned via Microsoft 365 Message Center, Entra Connect Health, and email starting July 2026. Don’t wait for the notification — begin readiness assessment now, especially if you have write-back scenarios, complex attribute mapping, or custom sync rules that may not have a Cloud Sync equivalent yet.

  • Hard-match restriction for Entra role-holding accounts [Action Required — June 1] — Beginning June 1, Entra Connect Sync and Cloud Sync will be blocked from hard-matching a new AD user object to an existing cloud-managed Entra ID account that holds an Entra role. Ongoing sync for previously hard-matched objects is not affected. Audit role-holding cloud accounts and validate sync rules — fix the logic, not the deadline.

  • External MFA now generally available [GA] — External Multifactor Authentication (formerly External Authentication Methods) is now GA, allowing organizations to satisfy Entra MFA requirements using a third-party MFA provider while keeping Entra ID as the full policy evaluation plane. Conditional Access, real-time sign-in risk, and session controls all continue to apply — no workaround needed for non-Microsoft MFA shops.

  • Global Secure Access: network-level file type filtering for GenAI/SaaS [GA] — Admins can now define policies in Global Secure Access to block or restrict transfers of specific file types (documents, spreadsheets, PDFs) to generative AI and SaaS apps at the network layer. Adds DLP enforcement upstream of the endpoint, complementing Purview endpoint DLP — useful for orgs not yet fully deployed on Purview who need a fast control.

  • Prompt injection protection in AI Gateway [Preview] — Real-time protection against malicious prompt injection attacks on enterprise GenAI apps and agents is now available in AI Gateway (part of Global Secure Access). Applies to Copilot Studio agents with the Global Secure Access client installed; pairs with the Agent 365 Shadow AI controls for a layered defense.

  • Conditional Access enforcement for resource exclusion policies [Action Required — June 15] — CA policies targeting “All resources” with one or more resource exclusions will begin enforcing against previously-exempt scopes on June 15; apps that don’t handle CA challenges (MFA, device compliance) will fail for affected users. Microsoft will notify affected tenants via M365 Message Center — don’t wait. Review your CA exclusion list and test app behavior against CA challenge flows in non-prod first.

  • Entra audit log improvement: only changed properties surfaced [GA] — Authentication Methods Policy audit log entries now show only modified properties rather than the full policy payload, dramatically reducing log noise for SIEM ingestion and making policy change tracking via Graph or Microsoft Sentinel significantly cleaner. No action required — formatting change only, behavior unchanged.

  • Conditional Access extended to agents [GA (delegated) / Preview (own-access)] — Entra Conditional Access now enforces Zero Trust policies on AI agents; delegated access agents (acting on behalf of a user) are GA, and own-access agents (operating with their own identity) are in public preview. Same policy model as users — no new policy framework required. Create CA policies scoped to agents directly in the Entra admin center.

Devices

  • Hotpatch enabled by default for all eligible devices [GA] — Starting with the May 2026 Windows security update, hotpatch is on by default for all devices managed via Windows Autopatch, Intune, or Graph API; patches apply to running processes in memory with no restart required. Opt out at the tenant level in the Intune admin center or configure per-device via quality update policy — policy-level settings override the tenant toggle. Review quality update policies before the May patch cycle reaches your rings.

  • New Intune device view [Preview] — Redesigned single-pane device view replaces the old tabbed layout: OverviewTools and reports, HardwareDetails, and Properties gets cleaner scope tag editing. All device actions, reports, and info from one surface — less context switching for helpdesk teams. Enable via the toggle in Devices → All Devices; low risk, worth enabling in preview to shape it before GA.

  • Linux SSO broker replaced with microsoft-identity-broker (C++) [GA] — The Java-based Linux SSO broker is retired; the new C++ microsoft-identity-broker enables full device join and device-bound authentication tokens, unlocking phishing-resistant MFA for Linux endpoints in Intune. The device itself now gets a certificate-based identity in Entra ID, not just enrollment as a managed endpoint. Plan re-enrollment or configuration policy push for affected Linux fleets.

  • Ubuntu 26.04 LTS support added; 22.04 end of support August 2026 [GA] — Intune now supports Ubuntu 26.04 LTS; Ubuntu 22.04 support ends August 2026 — currently enrolled devices stay enrolled but new enrollments will be blocked after EOS. Identify 22.04 devices now: Devices → All Devices, filter by Linux, add the OS version column.

  • Intune Data Warehouse beta connector retiring [Action Required] — The Power BI beta connector for the Intune Data Warehouse began its retirement transition April 20 over a two-week rollout window; reports created before November 2025 may still use the beta connector and will return no data after the transition completes. Reports created after November 2025 already use connector v2. Audit your Power BI reports and migrate any using the beta connector.

  • Android XR device management via Android Enterprise [Rolling] — Intune now supports dedicated and fully managed enrollment for Android XR devices, with OEMConfig available in the Intune store; full availability expected mid-May 2026. Requires Intune Plan 2 license (included in M365 E3/E5 from July 1, 2026). Supports remote delete, retire, restart, rename, sync, and enrollment-time group assignment.

  • Secure Boot 2023 certificates — June 2026 deadline [Action Required] — Microsoft Secure Score now surfaces a recommendation to update devices to Secure Boot 2023 certificates ahead of the June 2026 expiration of old certs; the May 2026 cumulative update includes additional device targeting data to increase eligible device coverage for the automatic certificate rollout. Check Secure Score and ensure the May 2026 CU is deployed across your fleet before the June deadline.

Apps

  • Agent 365 becomes the unified agent control plane [Action Required] — The Entra admin center Agent Registry and Agent Collections blades were retired on May 1; agent management moves entirely to Agent 365 in the Microsoft 365 Admin Center. The existing registry Graph API will be deprecated (date TBD) — agents registered via the current API will need re-registration via the new Agent 365 API. Watch for the deprecation date announcement in Message Center.

  • Agent 365 policy templates for onboarding governance [Preview] — Reusable policy templates in Agent 365 bundle Entra, Purview, Defender, and SharePoint policies into agent onboarding guardrails, applying consistent security controls at agent approval time rather than configuring per-agent post-deployment. Critical for orgs scaling agent adoption across business units.

  • Copilot Calendar Agent + Outlook thread summarization [Rolling] — The Copilot Calendar Agent lets users set plain-English scheduling rules that Copilot executes in the background — fully reviewable and adjustable. Outlook Copilot now summarizes full email threads and drafts context-aware replies. Review which users have Copilot licenses and whether calendar delegation policies need updating for the agent access model.

  • SharePoint AI Charts web part + AI Citations Analytics [Rolling (mid-May)] — Page authors can generate interactive charts via plain-language prompts with the new AI Charts web part; AI Citations Analytics shows how often SharePoint content is referenced in Copilot responses org-wide — a direct signal for content governance and information architecture reviews. Both rolling mid-May 2026.

Data

  • Purview DSPM: unified posture management experience [Rolling] — The largest Purview release of 2026 delivers a rebuilt Data Security Posture Management experience: unified visibility across data estate, AI observability, posture reporting, Security Copilot agents, and third-party signal ingestion from BigID, Cyera, OneTrust, and Varonis. Insider Risk Management alerts now integrate directly into Defender XDR. Validate existing DLP policies before the new DSPM engine changes evaluation behavior and review IRM alert integration with your XDR incident queue.

  • Endpoint DLP expanded capabilities [Rolling] — Endpoint DLP gains default file path exclusion controls, hyperlink support in warn/block toasts, and expanded protection for Copilot+ PC Recall snapshots as part of the broader DSPM release. Review existing endpoint DLP policies to account for new evaluation behavior before the rollout completes.

Visibility & Automation

  • Shadow AI page: visibility into local AI agents on Windows devices [Preview] — A new Shadow AI page in Agent 365 (powered by Microsoft Defender + Intune) surfaces local AI agent activity on Windows endpoints and lets admins apply Intune policies to block unsanctioned agent execution. Initial coverage is OpenClaw; GitHub Copilot CLI and Claude Code are on the roadmap. This is the first operational governance surface for endpoint-level AI — get visibility established before you build policy.

  • Defender XDR: automatic attack disruption now isolates compromised devices [Preview] — Attack disruption can now autonomously isolate devices identified as active attacker footholds, blocking lateral movement and attacker communication while keeping the device connected to security services. Time-limited, scoped to devices in the incident, and operator-reversible at any time — high-confidence incidents only. Update IR runbooks to account for automated device isolation events and ensure your SOC has a clear “release from isolation” procedure.

  • Defender XDR: predictive shielding [Preview] — Uses predictive analytics and real-time insights to infer risk, anticipate attacker progression, and proactively harden the environment before threats materialize. Works alongside attack disruption. Check the Activities tab on incident pages for shielding status.

  • Identity Security dashboard in Defender XDR [Preview] — New unified dashboard covering human and non-human identities across on-prem, SaaS, PAM, and IGA integrations, including a Coverage and Maturity page for gap analysis. Rolling out gradually — worth enabling in preview if you’re on a zero-trust identity hardening track.

Action Required

  • Hotpatch default rollout — act before May patch cycle [GA] — Review Autopatch/Intune quality update policies before hotpatch reaches your device rings. Configure the tenant-level opt-out in the Intune admin center if you need a delay window; policy-level settings override the tenant toggle.

  • Hard-match restriction for Entra role-holding accounts — June 1 deadline [Action Required — June 1] — Audit Entra sync rules for hard-match patterns against role-holding accounts before June 1. Fix provisioning logic — don’t let this hit silently post-deadline. Any provisioning pipeline relying on this pattern will fail with no automatic fallback.

  • Conditional Access enforcement for resource exclusion policies — June 15 deadline [Action Required — June 15] — Identify and test apps with CA “All resources” exclusions before June 15 enforcement. Run CA What-If analysis in non-prod for affected app registrations; apps that don’t handle CA challenges will break for affected users.

  • Secure Boot 2023 certificates — June 2026 deadline [Action Required — June 2026] — Check Secure Score for the Secure Boot 2023 certificate recommendation. Ensure the May 2026 CU is deployed across your fleet before the June cert expiry.

  • Ubuntu 22.04 LTS end of support — August 2026 [Action Required — August 2026] — Identify Ubuntu 22.04 LTS devices in Intune (Devices → All Devices, Linux filter, OS version column) and start upgrade communications. New enrollments will be blocked after EOS; currently enrolled devices remain enrolled.

  • Intune Data Warehouse beta connector — migrate now [Action Required] — Migrate Intune Data Warehouse Power BI reports from the beta connector if you haven’t already. Check report creation dates — pre-November 2025 reports are at risk of returning no data after the retirement transition completes.

  • Agent 365 migration — watch for Graph API deprecation date [Action Required] — The Entra admin center Agent Registry and Agent Collections blades are already retired (May 1). Monitor Message Center for the Graph API deprecation date and plan re-registration of agents via the new Agent 365 API before it lands.