1. Final Countdown for Windows 11 Version 22H2 Enterprise & Education
Overview
Windows 11, version 22H2 (Enterprise, Education, and IoT Enterprise editions) is going to reach end of the servicing on October 14, 2025.
The October 2025 Patch Tuesday release will be the final monthly security & preview update for this version. Post that, no new security patches will come.
Impact
Any devices still running this version after the date, October 14, 2025, won’t receive any protection from new security threats. This includes all future monthly updates and preview patches.
Action Needed
Plan to upgrade to the latest version of Windows 11 before the end of support. Use Microsoft’s official lifecycle and release resources for version tracking.
2. Intune Update Preview – August 2025 Features Now Listed
Overview
Microsoft updates the In Development for Intune page for August 2025. This update outlines upcoming features planned for the completion of the rollout very soon. Basically, their goal is to help IT teams prepare for upcoming changes in Microsoft Intune.
Impact
The update comes with a forward look at what’s coming to Intune. IT admins, helpdesk teams, or even any relevant stakeholders can now review these planned changes so that they can prepare for implementation beforehand. The exact release dates may vary but the changes will start rolling out this August or in near future.
Action Needed
Review the In Development page for Microsoft Intune.
Notify your IT and even helpdesk staff as needed. Update user guidance only if any of the upcoming features are relevant to your users.
3. Microsoft Purview Adds Collection Policies for Targeted Endpoint Signal Discovery
Overview
Microsoft Purview now supports collection policies. It’s a new configuration that gives admins some fine grained control over what data signals are collected on Windows endpoints.
These changes, unlike traditional DLP or Information Protection policies, do not enforce actions. Actually, they focus on targeted signal discovery.
Admins can choose specific Sensitive Information Types (SITs) and user activities to scope collection for things like compliance, risk, governance solutions, etc, like Insider Risk Management, eDiscovery, Data Security Posture Management, etc.
Impact
- More Control, Less Noise: Customize signal collection to align with regulatory/internal needs. Basically, cut down irrelevant data.
- No Action Enforcement: These policies do not block content. They only influence what signals get surfaced to admins.
- Solution-Wide Reach: Affects IRM, DLP auditing, DSPM, eDiscovery, Data Lifecycle Management, Activity Explorer, etc.
- Scoped Auditing: Activity data is now filtered by selected SITs and a new user/group location picker.
- Policy Behavior: Once enabled, endpoint collection policies function as allowlists. They let your admins include/exclude users, groups, and activities.
No change will be seen unless a policy is created and DLP Always audit is turned on.
Action Needed
Nothing required until a collection policy is configured and DLP Always audit is enabled on Windows endpoints. To prepare:
- Review Microsoft Learn for prerequisites and policy details.
- Let relevant Purview admins know which signals and solutions will be impacted.
- Evaluate current setup. Update internal documentation if needed.
4. Microsoft Fabric Update: Default Contributor Access for Workspace Identities Being Removed
Overview
Microsoft Fabric is going to start removing default Contributor access from all Workspace Identities, both new and existing. This change will be on by default as it is aiming to reduce the risk of unintended access/misuse. That said, role assignments must now be done manually through RBAC. The update was originally planned for mid-July and is now expected to complete by early August 2025.
Impact
- New Workspace Identities won’t be receiving default Contributor permissions.
- Contributor access will be removed for the Existing Workspace Identities.
- You can still manually assign roles (like Contributor, Member, etc.) to Workspace Identity service principals.
- Modifying the associated application of a Workspace Identity is not supported. In fact, it may cause it to break.
- Anyone with access to a Workspace Identity can assume that identity if assigned via a workspace role.
Action Needed
No action is required before the rollout.
However, review your Workspace Identity configurations to check for any dependencies on default Contributor access.
To assign roles manually:
- Go to the relevant Fabric Workspace.
- Select Manage Access > Add people or groups.
- Enter the Workspace Identity name.
- Assign roles as needed.
5. Smarter App Control: Rule-Based Enablement for Certified Teams Apps
Overview
Microsoft Teams is going to introduce rule-based management for Microsoft 365 certified third-party apps via org-wide settings in the Teams admin center, from mid-September 2025. This feature will be enabled by default as it lets IT admins control app availability at scale using rules set for this purpose, typically stipulated on publisher name and requested permissions.
The rollout includes a one-time 30-day grace period so admins can adjust settings before the new changes take effect.
Impact
Previously, M365 certified apps could only be managed via third party app tenant settings. But this update means admins gain centralized control under:
Teams Admin Center > Manage apps > Actions > Org-wide app settings > Microsoft 365 certified apps.
By default, all apps available will be turned on. But admins can still customize availability further using the Customize availability option to set rules based on things like app publisher and required permissions.
This change applies globally as it enhances governance by only allowing apps that meet the configured rules.
Action Needed
No action required before the rollout!! However, Tenants with org-wide app settings already enabled for third party apps won’t need to make changes. Tenants with this setting turned off should review the new options though.
Windows Management Experts
Now A Microsoft Solutions Partner for:
✓ Data & AI
✓ Digital and App Innovation
✓ Infrastructure
✓ Security
The Solutions Partner badge highlights WME’s excellence and commitment. Microsoft’s thorough evaluation ensures we’re skilled, deliver successful projects, and prioritize security over everything. This positions WME in a global tech community, ready to innovate on the cloud for your evolving business needs.
Unlock the Full Potential of Microsoft 365
Keep your business at the cutting edge with the latest Microsoft 365 enhancements. The future of work is evolving. Are you ready? Connect with our experts today to ensure your Microsoft 365 & Azure systems are secure and future-proof.
