< Go Back
Blog

New Microsoft Updates: What You Need to Know, and What to Do Next

Microsoft continues to accelerate its roadmap across security, identity, and AI-powered productivity. While many updates arrive quietly, several recent changes represent more than incremental product evolution. They point to a clear direction: identity-first security, AI-driven work, and tighter governance across users, devices, and agents.

To help make sense of what’s changing – and what actually matters – we spoke with Daniel Morris, Director of Consulting Services at Ontinue, to walk through the Microsoft updates security and IT leaders should have on their radar right now.

Rather than rehashing Microsoft documentation, we focused on what these updates mean in practice and where organizations may need to pause, plan, or prepare.

Microsoft 365 E7 Signals a Shift Toward AI-Governed Security

One of the most significant developments is Microsoft’s introduction of the Microsoft 365 E7 (Frontier) license. At first glance, E7 looks like an expansion of E5. In reality, it reflects how Microsoft is redefining the foundation of secure, AI-enabled work.

E7 includes everything organizations already get with E5- Defender, Purview, and advanced security and compliance capabilities – but layers in three components that many enterprises have been purchasing separately: Microsoft 365 Copilot, the Microsoft Entra Suite (Global Secure Access), and agent governance capabilities designed to bring structure and oversight to AI agents operating within the tenant.

This matters because Microsoft is no longer treating AI assistants, access controls, or identity governance as standalone features. They’re becoming inseparable. As Daniel explained, organizations that plan to run Copilot broadly, or build custom and Security Copilot agents specific to their environment, will need clearer ways to control access, scope capabilities, and monitor behavior.

At $99 per user per month, the E7 license may feel like a jump, but for organizations already licensing E5 and adding Copilot on top, it can simplify both cost modeling and operational complexity. Microsoft’s forthcoming M365 license maps are expected to make these tradeoffs clearer, but the strategic takeaway is already evident. AI is now a licensed, governed capability, not an add-on experiment.

Passkeys Move from “Coming Soon” to Enforcement

For years, passkeys have been discussed as the future of authentication. Now that future is arriving quickly.

Microsoft is preparing to enforce synced passkeys starting in April, marking a meaningful step away from traditional password-based access. Unlike device-bound passkeys, which live on a single device, synced passkeys can be securely stored in password managers or cloud services and used across multiple devices.

For users who already rely on passkeys, this change may go largely unnoticed. For everyone else, it signals a broader shift in how identity security will be enforced going forward.

This isn’t just a usability upgrade. It’s a material security improvement that reduces exposure to phishing, credential reuse, and account takeover. For security teams, it’s also a reminder that passwordless isn’t theoretical anymore. Authentication policies, user education, and device readiness all need to be aligned before enforcement begins.

Microsoft Authenticator Raises the Bar on Device Trust

Alongside identity changes, Microsoft is tightening its stance on device integrity. Jailbreak and root detection has begun rolling out within Microsoft Authenticator and is now appearing across tenants.

Initially, users with jailbroken or rooted devices will receive warnings. Over time, those devices may be blocked entirely from accessing work or school accounts. Organizations will also have the ability to wipe affected devices to prevent corporate data exposure.

This applies not only to corporate-issued devices, but also to BYOD scenarios, an important distinction as mobile access continues to expand.

Microsoft’s goal here is straightforward: if a device can’t be trusted, neither can the identity using it.

For organizations with permissive mobile access policies, this update may surface issues that have quietly existed for years. It’s worth reviewing how mobile device trust is enforced today and whether current policies align with Microsoft’s new defaults.

You can read Microsoft’s full announcement on jailbreak and root detection in Authenticator here.

Copilot Evolves from Assistant to Action-Taker

Perhaps the most visible shift is happening inside Copilot itself.

With the introduction of Copilot Cowork, Microsoft is transforming Copilot from something that answers questions into something that can take action. Instead of simply responding to prompts, Copilot can now help manage tasks across Outlook, Teams, Excel, documents, meetings, and files, actively moving work forward based on user intent.

In practical terms, this means Copilot can draft emails, generate documents from templates, coordinate tasks, and automate routine workflows rather than waiting for explicit instructions each time.

This evolution is powered by WorkIQ and represents a meaningful step toward AI as a digital coworker, not just a productivity aid. Microsoft’s announcement provides a deep look into this shift.

However, greater autonomy also raises important governance questions. Daniel pointed out that Copilot can only act on what users already have access to, which makes permission hygiene more important than ever. Organizations should take this opportunity to revisit access controls, shared data sprawl, and visibility into how AI tools are being used.

Microsoft Purview’s DSPM for AI is one way to help manage and monitor this evolving landscape, particularly as AI agents and copilots become more tightly integrated into daily operations.

Cost Still Matters, Especially with Security Telemetry

As organizations adopt more Microsoft security capabilities, cost visibility remains a challenge, particularly with platforms like Microsoft Sentinel, where data ingestion can drive unexpected spend.

Whether driven by expanded telemetry, new detections, or AI-assisted workflows, understanding Sentinel cost implications before changes go live is critical. Tools like Ontinue’s Sentinel Cost Calculator can help teams estimate and model costs more effectively as environments evolve.

You can explore that calculator here.

The Bigger Picture

Taken together, these updates reinforce a clear message from Microsoft: security, identity, and AI are no longer separate conversations.

Licensing is being reshaped around AI governance. Authentication is becoming passwordless by default. Devices must prove trustworthiness. And Copilot is shifting from passive assistant to active participant in daily work.

None of this requires panic, but it does require awareness. Understanding these changes now gives organizations the opportunity to adopt them intentionally, rather than reactively.

If you’re evaluating how these updates affect your security posture, licensing strategy, or AI roadmap, Ontinue’s consulting and Cyber Advisor teams can help translate Microsoft’s roadmap into real-world operational decisions.

Sharing
Keywords

Related Articles

A person using a touchscreen tablet to enter login credentials, with a lock symbol on the screen. A smartphone displaying a verification prompt is nearby. This illustrates cyber criminals leveraging built-in Microsoft tools.
Blog
Built-in Threats: How Cybercriminals Are Turning Microsoft Tools Into Attack Vectors

Read More >
A man wearing glasses sits at a desk, thoughtfully holding a tablet. In the background, a laptop is visible, with soft lighting creating a modern office environment.
Webinar
Are You Ready for Copilot for Security

Watch Webinar >
A man dressed in a suit sitting in the back seat of a car, holding a smartphone and looking at the screen. The interior of the car is softly lit.
Blog
Cybersecurity Is a CFO-Level Priority: Key Takeaways from the CFO Cybersecurity Bootcamp

Read More >