1. Excel to Block External Links to Risky File Types by Default
Overview
Microsoft Excel is going to block external workbook links to file types marked as unsafe by the Trust Center, and this change is taking place this October.
This will result in a #BLOCKED error for new links and stop refreshes for existing ones. The change is rolling out gradually from July 2026, as admins can now override this default behavior via registry/Group Policy settings.
This new setting is part of an update to File Block Settings. This is now extending to external workbook links for better file protection. The setting is controlled via a new Group Policy to allow organizations to manage link behavior more tightly.
Impact
- New Links: External links to blocked file types will show a #BLOCKED error.
- Existing Links: Will retain the last refreshed value, but won’t refresh further.
- Build 2509: A warning bar will appear for affected files to alert users.
- Build 2510: Enforcement begins; external links to blocked file types will no longer function unless a policy change happens.
- Workbook Links Pane: Will highlight which links failed due to blocking.
- No change if the Group Policy is explicitly configured to allow these links.
Action Needed
Admins who want to allow external links to blocked file types need to do one of the following before rollout completes:
- Registry Key:
- Set
- HKCU\Software\Microsoft\Office\16.0\Excel\Security\FileBlock\FileBlockExternalLinks = 0
- Group Policy Setting:
- Go to:
- Excel Group Policy Template > Excel Options > Security > Trust Center > File Block Settings > File Block includes external link files
- Set this to Disabled
Review existing workbooks. Also, alert users who rely on external links to prepare for the change. No compliance actions required.
2. Upgrade Required to Keep Using Read Aloud, Transcription & Dictation in Office Apps
Overview
Microsoft is going to upgrade the backend service for Read Aloud, Transcription, and Dictation in M365 Office apps. The change is coming from January 2026 when these features will stop working on any Office app version which is older than 16.0.18827.20202. For GCC, GCC High, and DoD environments, the cutoff time is March 2026.
Impact
Organizations running Office clients below version 16.0.18827.20202 will lose access to these three AI-powered capabilities:
- Read Aloud
- Transcription
- Dictation
Users on supported versions will not see any changes. No compliance risks have been identified.
Action Needed
Update all Microsoft 365 Office apps to version 16.0.18827.20202 or later before:
- January 31, 2026 (Worldwide)
- March 31, 2026 (GCC, GCC High, DoD)
This will ensure continued use of the affected features without disruption.
3. Smarter Copilot Responses with AI-Powered Communication Memory
Overview
Microsoft 365 Copilot is rolling out communication memory from September 1, 2025. It’s a new AI-driven feature that will enhance personalization by analyzing a user’s past emails, chats, meetings, etc.
It builds a private, user-specific memory to help Copilot generate more relevant, context-aware responses in Microsoft 365 apps. This capability is enabled by default for enterprise users with Copilot licenses.
Impact
Communication memory gives Copilot a unified understanding of your digital conversations across apps, and not just in one like Outlook or Teams. It uses large language models to summarize past communications and store those summaries privately per user.
These insights help Copilot create responses that better reflect what matters to each individual.
Yes, summaries may sometimes be imperfect, but users can review source links tied to each memory. This is a cross-app personalization layer unlike app-specific features.
It’s also a step forward in how users engage with generative AI: more tailored, more aware, more useful.
Action Needed
Admins can manage this feature via the Enhanced Personalization control using Microsoft Graph. They can also restrict access via Entra ID group membership. Turning it off disables all Copilot memory features org-wide. Also, users can also view/manage their own communication memory. No further action required!!
4. Retirement Notice: Shifts Deployment via Teams Admin Center Ends September 2025
Overview
Microsoft is going to retire the “Deploy Shifts to your frontline teams at scale” feature of Teams Admin Center. Admins will no longer be able to use this option post September, 5, 2025. However, Shifts will still be fully manageable via Teams app, where ongoing enhancements will continue.
Impact
After the retirement date:
- Admins will lose access to Shifts bulk deployment via the Admin Center.
- All Shifts management moves to the Teams web/desktop apps.
- There are no compliance changes or data storage concerns.
- This update is automated. No interruption/transition process is needed.
Action Needed
No admin action required!!
5. Update Conditional Access Policies to Secure Azure DevOps Sign-ins
Overview
Microsoft Entra is going to stop applying Conditional Access (CA) policies targeting the Windows Azure Service Management API to Azure DevOps sign-ins, from September 4, 2025.
Organizations need to explicitly target Azure DevOps (App ID: 499b84ac-1321-427f-aa17-267ca6975798) in their CA policies to maintain secure access controls like MFA, compliant device requirements, etc.
Azure DevOps is moving away from using Azure Resource Manager (ARM) during authentication flows. As a result, existing policies that don’t directly target Azure DevOps won’t apply anymore.
Impact
- CA policies targeting ARM, the app ID mentioned above, will not protect Azure DevOps after enforcement begins.
- Azure DevOps may become accessible without existing access controls unless policies are updated.
- No user-facing UI changes will occur.
- Sign-ins remain protected if you already target all users and all cloud apps. Also, Azure DevOps is not excluded.
- Azure DevOps may appear as “Microsoft Visual Studio Team Services” in some tenants; the App ID remains unchanged.
- A Microsoft Entra ID P1 or P2 license is required for CA.
Action Needed
Deadline: September 4, 2025
Admins need to update Conditional Access policies to explicitly include Azure DevOps:
- Go to: Entra admin center
- Navigate to: Entra ID > Conditional Access > Policies
- Select the relevant policy
- Under Target resources, select Azure DevOps (App ID: 499b84ac-1321-427f-aa17-267ca6975798)
- Save changes
Also:
- Check license compliance (Entra ID P1 or higher required)
- Monitor sign-ins using Entra ID logs
Windows Management Experts
Now A Microsoft Solutions Partner for:
✓ Data & AI
✓ Digital and App Innovation
✓ Infrastructure
✓ Security
The Solutions Partner badge highlights WME’s excellence and commitment. Microsoft’s thorough evaluation ensures we’re skilled, deliver successful projects, and prioritize security over everything. This positions WME in a global tech community, ready to innovate on the cloud for your evolving business needs.
Unlock the Full Potential of Microsoft 365
Keep your business at the cutting edge with the latest Microsoft 365 enhancements. The future of work is evolving. Are you ready? Connect with our experts today to ensure your Microsoft 365 & Azure systems are secure and future-proof.
