February 2026 (see January 2026) is shaping up to be one of the most significant months in recent memory for Microsoft 365 admins, with changes that touch licensing, security, collaboration, and compliance all at once. Some Microsoft 365 February 2026 updates are “nice to have” new features, but others—like mandatory MFA for admins and the end of the free subscription grace period—will impact how you manage and secure your tenant day to day.
In the spotlight: MFA, soft deletion, and new billing model
A helpful community roundup on r/sysadmin pulls together the important Microsoft 365 February 2026 changes and updates, and three items stand out for most organizations: Paid Extended Service Term (EST) for Microsoft 365 subscriptions, soft deletion for cloud security groups, and full MFA enforcement for the Microsoft 365 admin center.
Microsoft’s new Extended Service Term replaces the long‑standing free post‑expiry grace period with a paid extension model for subscriptions under the Microsoft Customer Agreement and in Partner Center. Instead of coasting for a few weeks after a subscription expires, customers (or partners) now have a third option: move into an EST month that keeps services running at the standard monthly price plus a 3% uplift while they decide whether to renew or cancel. Microsoft’s official Learn documentation explains that EST is implemented as a separate monthly SKU and that subscriptions with auto‑renew disabled will now roll into EST by default unless partners explicitly set them to cancel.
On the identity side, Microsoft Entra is rolling out soft deletion for cloud security groups, giving admins a 30‑day restore window for groups that are deleted, including their membership and properties. Microsoft’s Entra “What’s new” page and message center posts confirm that soft‑deleted security groups can be recovered via the Entra admin center or API, similar to how Microsoft 365 Groups already work. This dramatically reduces the blast radius of an accidental delete of a high‑value group, and many admins will want to update their runbooks and training to reflect the new recovery option.
Finally, Microsoft is finishing its gradual rollout of mandatory multi‑factor authentication for Microsoft 365 admin center sign‑ins. Entra guidance and security news reports underline that from February 2026, admins must complete MFA to access the Microsoft 365 admin center, as part of a broader push toward mandatory MFA for privileged operations. If you still have legacy admin accounts without MFA, or rely on old “break‑glass” patterns, you’ll need to revisit conditional access, emergency access accounts, and admin role scoping immediately.
What’s being retired in February 2026
The February wave also includes several retirements that will quietly break workflows if you ignore them.
Planner is losing a set of legacy features, including classic task comments (replaced by task chat), the Whiteboard tab for premium plans, Planner components in Loop pages, Planner integration with Viva Goals, and iCalendar feeds for Planner tasks. Organizations leaning on these paths for notifications, planning integrations, or reporting will need to plan alternatives inside Planner, Teams, or third‑party tooling.
Microsoft is also retiring endpoint‑sensitive data alerting in the Microsoft Defender portal and consolidating that functionality into Microsoft Purview DLP instead. That continues the trend of making Purview the single home for data loss prevention, so security teams should ensure their DLP configuration and dashboards in Purview fully cover scenarios they previously watched in Defender.
On the identity and collaboration side, the custom greeting feature for Entra ID voice call MFA will be retired by February 28, 2026, ending the ability to play organization‑specific greetings for phone‑based MFA calls. In Microsoft Teams, the Designer bot and Designer banners will be removed by February 27, 2026, stripping out some of the lightweight creative helpers inside Teams channels and chats. Neither is a platform‑level change, but both could surprise end users if you don’t communicate ahead of time.
New features: Copilot APIs, Teams collaboration, and Purview upgrades
On the plus side, there are plenty of new features landing this month. Two new Microsoft Graph APIs for Copilot give admins and developers better visibility into Copilot agents and apps via catalog endpoints such as GET graph.microsoft.com/copilot/admin/catalog/packages and GET graph.microsoft.com/copilot/admin/catalog/packages/{id}. That helps organizations inventory and govern Copilot experiences across the tenant.
Teams is getting a new built‑in Teams External Collaboration Administrator role in the Teams admin center, designed to delegate external access management without handing out broad global admin rights. This role can manage external domain allow/deny lists and external access settings for federated domains, including via PowerShell, which should make it easier to split duties between collaboration admins and full‑tenant operators.
Microsoft is also moving toward a more unified external collaboration story in Teams. External collaboration settings for chats, calls, meetings, teams, and shared channels are being consolidated into a single configuration surface with three predefined modes—Open, Controlled, and Custom—so admins can quickly choose a collaboration posture and adjust from there. On top of that, Teams will soon let users chat with external contacts directly using their email addresses, even when those contacts don’t yet have a Teams account, further blurring the line between internal and external collaboration.
On the compliance and security front, Microsoft Purview Data Risk Assessments are adding item‑level investigations for SharePoint content, allowing admins to view sensitivity labels, sharing links, and overshared items, then take targeted remediation steps. Purview eDiscovery (Premium) is getting a new tenant‑level process report that centralizes monitoring of eDiscovery workflows across cases. And Insider Risk Management will ship new pre‑built templates focused on potential data theft scenarios, including those involving non‑Microsoft 365 data sources, helping organizations detect risky behavior beyond just email and OneDrive.
Meanwhile, Microsoft Defender XDR will begin turning on built‑in alert tuning rules to automatically process selected low‑severity and informational alerts from Microsoft Defender for Office 365. This is designed to reduce alert noise while preserving visibility into truly risky events, a welcome change for SOC teams drowning in low‑value alerts. Defender is also picking up tighter integration with Teams: security admins can now block external users directly from the Tenant Allow/Block List when they appear in risky Teams activity.
Enhancements: Authenticator, Entra roles, Loop, and branding
Several enhancements are less flashy but still important for day‑to‑day admin work.
The Microsoft Authenticator app is gaining jailbreak and root detection for Entra credentials on both iOS and Android, giving conditional access policies a stronger signal for blocking sign‑ins from compromised devices. This ties directly into Microsoft’s broader push for secure‑by‑default configurations across cloud identity.
Microsoft Purview admin roles are being mapped to new Microsoft Entra workload‑aware roles, including Purview Workload Content Reader, Writer, and Administrator. This aligns compliance and identity role models more tightly and gives organizations more granular options for assigning the right privileges to the right teams.
On the productivity side, Microsoft is expanding Loop workspace creation to users with Office 365 E1, E3, E5 and Microsoft 365 F1/F3 licenses, as long as they have OneDrive or SharePoint storage available. That opens up Loop beyond just premium SKU holders and will likely increase Loop’s footprint across frontline and information workers.
SharePoint admins, meanwhile, get centralized site branding management via PowerShell, including the ability to apply enterprise themes or enable/disable custom branding for specific sites from a central scriptable interface. That’s a welcome governance improvement for larger tenants that have struggled to maintain consistent branding at scale.
Functionality changes: Teams links, eDiscovery exports, and session revocation
Rounding things out, Microsoft is tweaking several existing behaviors you’ll want to note in your change calendar.
Teams meeting URLs are being simplified to a new, cleaner format (https://teams.microsoft.com/meet/<meeting_id>?p=<HashedPasscode>), which should make links easier to share and less error‑prone across different apps and devices. Exchange Online PowerShell will update the string format of some database‑related properties to reduce unnecessary data retrieval and improve consistency, which may affect scripts that parse those properties very strictly.
In Purview eDiscovery, export behavior is changing: from February 16, 2026, direct exports from eDiscovery cases are packaged into secure temporary containers that automatically expire after 14 days. On the same date, modern eDiscovery Content Search cases will no longer support review sets or case‑level data sources, nudging organizations toward newer eDiscovery workflows.
Finally, Microsoft Entra is replacing the “Revoke multifactor authentication sessions” option with a more comprehensive “Revoke sessions” action that invalidates all active user sessions regardless of how they authenticated. That gives security teams a stronger “panic button” when responding to account compromise or high‑risk sign‑ins.
One clear action item: legacy ActiveSync clients
Among everything landing in February, one change stands out as truly time‑sensitive: the cutoff of outdated Exchange ActiveSync clients in Exchange Online.
A December 2025 service message (MC1197103) and supporting documentation confirm that starting March 1, 2026, Exchange Online will block devices using EAS protocol versions below 16.1. Petri and other community sources stress that this mainly affects native mail clients on older devices; Outlook Mobile uses a different protocol and is not impacted. Admins are advised to run the Get-MobileDevice cmdlet to inventory devices, communicate with affected users, and move them to supported apps or updated OS versions ahead of the deadline.
Combined with mandatory MFA for admins and the new Extended Service Term model, that EAS enforcement makes February 2026 a genuine turning point: Microsoft 365 is becoming more secure and more predictable, but also less forgiving if your tenant is still running on old habits.
Check out the Microsoft 365 Roadmap for more features coming through soon.
Recent Posts You Might Like
- Microsoft 365 in January 2026: Exciting New AI Features, Copilot Upgrades, and What’s Changing for Your Organization
- Microsoft Patch Tuesday February 10, 2026: Big Windows 11 Security Fixes And New Features Land
- Thrilling Microsoft 365 December 2025 Update: Security, Cleanup, and Copilot Prep for 2026
- Microsoft 365 November 2025 Update: All The Unforeseen Changes, Upcoming Retirements, New Features, and Enterprise Licensing Shifts Explored
Discover more from Microsoft News Now
Subscribe to get the latest posts sent to your email.
