Sep 2025 Microsoft 365 Changes: What's New and What's Gone?

Over 35 updates are landing this month from fresh boosts to features heading out the door.    **In the spotlight:**  * **Unlicensed OneDrive Accounts to Enter Read-Only Mode -** OneDrive accounts unlicensed before July 28, 2025, will move to read-only mode by September 26, 2025. Admins should act by renewing, archiving, or deleting these accounts.  * **Retirement of Azure AD Graph API -** Apps that still rely on Azure AD Graph APIs will lose access and must migrate to Microsoft Graph APIs.  * **Retirement of Legacy MFA and SSPR Policy -** Microsoft will stop supporting authentication methods managed in legacy MFA and SSPR policies. Move to Authentication Methods policy in Entra ID.  * **High Volume Exchange Email in General Availability -** Microsoft will roll out High Volume Email (HVE) in general availability to support internal communication needs for line-of-business apps and high-volume SMTP use cases.  **Here’s the overview:**   * Retirements: 7   * New Features: 10  * Enhancements: 9   * Existing Functionality Changes: 3  * Action Required: 3  **Retirements:**  1. The l*egacy message trace experience and the cmdlets Get-MessageTrace and Get-MessageTraceDetail* in Exchange Online will be retired.  2. *Client Access Rules (CARs)* in Exchange Online will be deprecated by Sept 1, 2025.  3. *Classic eDiscovery (Premium) experience* will be inaccessible from Sept 1, 2025.  4. The *“Mobile Devices” settings page* used to view all synced devices in Outlook will be removed.  5. *Cognitive Services and Azure ML features* in Power BI will be retired by Sept 15, 2025.  1. After mid-Sept 2025, *Microsoft To Do will stop updates on iOS 16 or earlier and macOS 12* or earlier.  2. The *sub-domains feature* in Defender for Cloud Apps – Cloud Discovery, providing sub-domain level app insights, will be retired by Microsoft.  **New Features**  1. Microsoft will roll out *progressive alert scoring* in Purview Insider Risk Management. User activities will be assessed multiple times a day instead of once every 24 hours, with added alert insights.  2. *Planner will gain Information Barriers* support in both web and Teams apps. Users will only see members in their assigned segments, reducing exposure risk.  3. MS Teams will let IT admins run *silent call simulations* to test network readiness and detect issues early.  4. A new rule-based setting in the Teams admin center will allow *bulk management of Microsoft 365 certified apps.*  5. Microsoft Secure Score will add two new recommendations*: remove inactive service accounts and remove discovered passwords in AD account attributes.*  6. Blocked external domains in Teams will be managed centrally through the *Tenant Allow/Block List in Microsoft Defender*.  7. SharePoint will introduce a *new workflows experience* powered by Power Automate for lists, libraries, and chats.  8. Starting mid-September 2025, Purview retention policies will support a “*When items were last accessed” option,* enabling data cleanup in OneDrive and SharePoint.  9. Microsoft is introducing ‘*Priority Cleanup*’ in Purview Data Lifecycle Management, allowing admins to delete OneDrive and SharePoint content, including Teams recordings and transcripts, before retention or hold periods end.  10. The Microsoft 365 admin center will include a *Message Consumption Usage report* to help organizations track and manage Copilot Chat costs.  **Enhancements:**  1. Teams will *auto-set users’ work locations* when connected to org Wi-Fi or peripherals.  1. From mid-August 2025, SharePoint Page Analytics (with Viva Suite/Viva Pulse) will add long-*term retention, distribution channel breakdowns, export options, and new metrics*.  2. Outlook on the Web and new Outlook for Windows will get *advanced Mail Merge*, allowing dynamic fields in templates for personalized messages.  3. Starting mid-September 2025, Microsoft Authenticator will simplify Entra sign-ins with tap-only *same-device approvals and a streamlined onboarding experience*.  4. Microsoft SharePoint Online will introduce *smart tagging*, automatically adding the “Signed” tag to documents when they are electronically signed.  5. To enhance meeting security, Microsoft will validate Teams meeting URLs. Links rewritten or modified by security tools may be flagged as malicious, potentially affecting the meeting experience.  6. Private channel limits will expand to *1000 per team with up to 5000 members* each. Channels will support meetings, move to group-based storage with mailboxes, and apply compliance at group level.  7. By September 2025, the licensing page will *show separate tabs for direct and group-based assignments*, making license use clearer.  8. Diagnostics access in the Purview compliance portal will extend to *Compliance Administrators, Security Administrators, and Organization Management* roles in addition to Global Admins.  **Existing Functionality changes:**  1. From Sept 2025, Entra ID Access Reviews will keep history only for the *past 12 months*; older data won’t be retrievable through Graph or any method.  2. Defender for Identity classic alerts *move to the XDR platform* on Sept 18, 2025.  3. Microsoft Purview will *disable portal DLP alerts for rules* where they were turned off in PowerShell, keeping policy enforcement unchanged.  **Action Required:**    1. Azure DevOps will no longer *depend on ARM for sign-ins and token refresh*. Admins should create a dedicated Conditional Access policy for DevOps.  2. Teams PowerShell app-based auth now requires extra permissions. Update Entra app permissions to include *GroupMember.Read.All and RoleManagement.Read.Directory.*  3. Users must *complete MFA for all credential management actions* on the *My sign-ins* page if not authenticated in the last 10 minutes. Inform users about the more frequent re-authentication.  Act now to stay ahead and ensure these updates don't impact you!