Microsoft 365 April 2026: Important Retirements, Security Tightening, and Copilot Upgrades Admins Must Act On

Microsoft 365 admins are in for a busy month, with April 2026 (via Reddit) bringing a wave of retirements, security updates, new Copilot capabilities, and compliance enhancements that will impact SharePoint, Teams, Purview, and more.

Major retirements admins must address

April brings seven significant retirements across SharePoint, Teams, Viva Engage, and Defender, several of which are hard cutovers with no extensions.

• SharePoint Online legacy compliance: Information Management Policies, In-Place Records Management, and deletion-only policies are retired, with Microsoft directing organizations to modern Microsoft Purview Data Lifecycle Management and Records Management instead.

• SharePoint 2013 workflows stop being supported from April 2, 2026, with Microsoft recommending migration to Power Automate or other supported orchestration solutions.

• SharePoint Add-ins, Azure ACS-based app access in SharePoint Online, and domain isolated SharePoint Framework web parts all stop working starting April 2, pushing customers toward SPFx with Entra ID and non–domain-isolated designs.

• Viva Engage live events powered by Teams Live Events are deprecated on April 15, 2026, in favor of Viva Engage events backed by Teams town halls.

• The Semi-Annual Enterprise Channel installation option for unmanaged devices in the Microsoft 365 Apps admin center is retired starting April 6–11, meaning it cannot be newly selected going forward.

These retirements heavily impact older SharePoint customizations and workflows, making April a critical deadline for tenants still relying on 2013-era patterns.

New features focused on voice, identity, and security

Twelve new features are rolling out, with a strong emphasis on Teams governance, passwordless security, and AI-assisted protection.

• Teams gains rule-based management for Microsoft 365–certified third-party apps, plus support for assigning up to 10 phone numbers per Teams Phone user for more flexible calling scenarios.

• Express Voice Enrollment in Teams lets users quickly enroll voice profiles in-meeting, powering voice isolation, speaker recognition, better transcripts, and Copilot meeting insights.

• Microsoft Entra ID registration campaigns now support passkeys as a target method, enabling phishing-resistant, passwordless onboarding via FIDO2 credentials instead of relying solely on Microsoft Authenticator.

• Cross-tenant Intune MAM in Microsoft Edge for Business allows protection of corporate data in work profiles even when devices are managed by a different tenant, ideal for contractors and mergers.

• Microsoft Purview adds a device health dashboard for Endpoint DLP and brings AI-driven Data Security Triage Agent summaries for DLP alerts in Defender XDR.

• New auto-labeling actions in Purview for SharePoint and OneDrive let policies override manually applied sensitivity labels or remove labels entirely when files no longer meet classification rules, though these are off by default and require careful configuration.

One of the biggest additions this month is Security Copilot being bundled into Microsoft 365 E5, with phased rollout starting April 20 and including 400 Security Compute Units per 1,000 users (up to 10,000 SCUs/month) plus core Copilot experiences across Entra, Intune, Purview, Defender, and the Copilot portal.

Important Enhancements to Teams, Purview, Authenticator, and Entra

April also brings six notable enhancements that deepen existing capabilities rather than introducing entirely new ones.

• Teams and Places licensing changes on April 1 expand access to advanced capabilities—like Places Explorer/Finder and richer town hall/webinar features—into core Teams Enterprise licenses, with new attendee pack add-ons scaling events up to 100,000 participants.

• Insider Risk in Purview shifts “Other AI apps” indicators to a pay-as-you-go billing model linked to an Azure subscription, while Copilot-related indicators remain license-based.

• Microsoft Authenticator gains jailbreak/root detection for Entra credentials on iOS, automatically wiping and blocking those credentials on compromised devices, tightening security posture.

• The Purview Data Security Triage Agent is enhanced with metadata-aware instructions, consolidated settings, support for non-content condition alerts, and the ability to operate under its own Entra identity for better auditability.

• New targeting options for Purview sensitivity label policies allow excluding modern Microsoft 365 groups and including dynamic, non–mail-enabled security groups, while cross-tenant synchronization in Entra is extended beyond users to include security groups.

Taken together, these changes give security and compliance teams more granular control while nudging organizations toward modern, AI-informed governance.

Pertinent Functional Changes in Teams, OneDrive, Purview, and Viva

Six changes land in April that alter how existing features behave, particularly for device management, DLP, and notifications.

• Management of Teams Rooms on Android, Teams phones, panels, and displays is moving from the Teams Admin Center to the Pro Management Portal, consolidating inventory and health data and redirecting admins who try to manage these devices in TAC.

• A new policy allows admins to customize the local OneDrive sync root folder name on Windows, helping reduce path length issues created by “OneDrive – Organization Name” defaults.

• Always-on diagnostics for Endpoint DLP will be enabled by default in mid-April, storing up to 90 days of local diagnostic data; admins can opt out, but doing so will reduce visibility and make troubleshooting harder.

• Purview eDiscovery (Premium) increases the per-case review set limit from 20 to 100, significantly expanding how large investigations can be structured.

• DLP policy tips and email notifications for SharePoint and OneDrive are decoupled, giving admins independent control over user prompts and email alerts.

• Viva Engage completes its sender domain migration from @yammer.com (and @eu.yammer.com) to @engage.mail.microsoft and @eu.engage.mail.microsoft, aligning branding and modern email authentication.

These shifts will especially matter to organizations with heavy Teams Rooms deployments, complex DLP policies, or legal teams relying on large-scale eDiscovery.

Critical Deadlines where action is required

Four items in April explicitly require admin action to avoid impact or data loss.

• By April 8, organizations using the legacy Reporting Web Service message trace endpoints must begin migrating to Microsoft Graph Message Trace APIs, as the old endpoints are being retired.

• On April 14, the Outlook for Windows usage report is removed from the Exchange admin center; admins should switch to the Microsoft 365 admin center usage reports for equivalent insights.

• Office 365 Connectors in Microsoft Teams are fully retired on April 30 after an extended deadline, requiring migration to Workflows webhooks to keep integrations working.

• Also by April 30, Microsoft Defender for iOS ends support for iOS 16, so security teams must identify devices stuck on iOS 16 and upgrade or replace them to maintain protection.

These April 2026 changes add up to a clear message: modernize legacy SharePoint and workflow investments, lean into Purview and Copilot-powered security, and prioritize migrations away from deprecated APIs and connectors before the lights go out.

Recent Posts You Might Like

• March 2026 Microsoft 365 Changes: The Definitive Guide for IT Pros and SMB Admins
• Microsoft Adds Multi-Model ‘Critique’ and ‘Council’ to Microsoft 365 Copilot Researcher for Deeper, More Accurate AI Research
• Microsoft Launches MAI-Transcribe-1, Voice-1, and Image-2: Faster, Cheaper AI Models Hit Foundry
• Microsoft Reveals Powerful Microsoft 365 Copilot Wave 3 With New Agents, Agent 365, and E7 Frontier Suite