Guardian 365 Monthly Bulletin: Major M365 Updates & Retirements – February 2026

Microsoft Purview DLM: Retirement of SharePoint online information management and in-place records management feature

What is changing?

Legacy SharePoint Online features – Information Management Policies, In-Place Records Management, and Document Deletion Policies – are being retired in April 2026.

What is the impact?

Beginning in April 2026, a gradual deprecation of these features will bring the following:

• These features will no longer be supported by Microsoft
• These settings/configurations may disappear from the M365 GUI
• Configurations will no longer be available via Graph/Powershell
• Backend services supporting these features may stop functioning

What needs to be prepared in advance?

Between now and April 2026, you have the flexibility to migrate your scenarios on your own
schedule. To prepare:

• Review current use of legacy features and confirm compliance goals
• Plan migration to Microsoft Purview Data Lifecycle Management and Purview Records
  Management
• Audit retention schedules for duplicates or outdated policies
• Confirm applicable licenses for Purview features
• Implement modern features and verify functionality using tools like Policy Lookup
• Communicate this change to your Data Lifecycle and Records Management teams

For detailed migration strategies and feature mapping, refer to: Migration strategies for moving to Microsoft Purview solutions.

Learn More: https://learn.microsoft.com/en-us/sharepoint/migration-strategies

Microsoft 365 admin center multifactor authentication enforcement

What is changing?

Starting February 9, 2026, all users signing into the Microsoft 365 Admin Center (admin.microsoft.com) will be required to leverage MFA for enhanced security.

What is the impact?

Administrators that have not yet configured multi-factor authentication through Azure/Entra may experience disruptions in their access to the M365 admin portal.

What needs to be prepared in advance?

Ensure that all your administrators have MFA configured in Entra ID. Conditional Access policies scoped to the Admin Portal can be used to assess current MFA coverage of admins and ensure no gaps.

Learn More: https://admin.cloud.microsoft/?ref=MessageCenter/:/messages/MC1215070

Microsoft Purview eDiscovery | Direct export expiration change

What is changing?

Starting February 16, 2026, direct export packages created from eDiscovery cases will expire after fourteen (14) days.

What is the impact?
Direct export packages created after February 16, 2026 will no longer be available after 14 days following their initial creation.

What needs to be prepared in advance?

Ensure all eDiscovery users and managers are aware of this change and update internal processes + documentation to reflect the new requirement to download direct export packages within fourteen days of their initial generation.

Learn More: https://admin.cloud.microsoft/?ref=MessageCenter/:/messages/MC1217141

Windows Deployment Services (WDS): Hands-free deployment hardening (Phase 1)

What is changing?

The Unattend.xml file that underlies the hands-free deployment feature of Windows Deployment Services (WDS) poses a vulnerability when it’s transmitted over an unauthenticated RPC channel. Starting with the January 2026 security update, you can explicitly disable it with the help of new Event Log alerts and registry key options. In April 2026, hands-free deployment will be disabled by default. After that date, it will no longer work unless explicitly overridden with registry settings.

What is the impact?

These hardening measures are meant to enhance security. If no action is taken (no registry key added) between January-April 2026, hands-free deployment will be blocked after the April 2026 security update.

What needs to be prepared in advance?

• Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdsServer\Providers\WdsImgSrv\Unattend
• DWORD name: AllowHandsFreeFunctionality
• Value data: 00000000

Retirement of Power BI Q&A

What is changing?

Power BI Q&A, the app’s legacy natural language assistant tool, will be retired by December 2026.

What is the impact?

Users leveraging the Q&A experiences will no longer be able to do so by the end of December 2026.

What needs to be prepared in advance?

Instruct users to begin leveraging Power BI Copilot, which offers improved capabilities over and above what was previously available within Power BI Q&A.

Learn More: https://admin.cloud.microsoft/?ref=MessageCenter/:/messages/MC1218421

Ask Microsoft Anything: Secure Boot – February 5

What is changing?

Mark your calendars for February 5, 2026. Windows engineering teams will be hosting a second Ask Microsoft Anything (AMA) on the Microsoft Tech Community to help you get the information you need about updating Secure Boot certificates on your Windows devices before they start expiring in June 2026. Experts will be on camera and in the chat to help you with update scenarios, inventorying your estate, formulating the right deployment plan for your organization, and more.

What is the impact?

This event will help you ensure that you don’t experience any disruptions due to the Secure Boot certificate updates that have been covered in this bulletin previously.

What needs to be prepared in advance?

Check out the event page here and sign up now.

Learn More: https://admin.cloud.microsoft/?ref=MessageCenter/:/messages/MC1219801

Retirement notice: MDE and XDR Advanced Hunting APIs retiring; migrate to Microsoft Graph Security API

What is changing?

Microsoft is retiring the Microsoft Defender for Endpoint (MDE) and Defender XDR Advanced Hunting APIs beginning in February 2026 and concluding in February 2027.

What is the impact?

Workflows, applications, and other API calls leveraging these endpoints will need to be migrated by January 31, 2027.

What needs to be prepared in advance?

Existing scripts, automations, and workflows that rely on the MDE and XDR Advanced Hunting APIs will need to be manually migrated to the Graph Security API.

Learn More: https://admin.cloud.microsoft/?ref=MessageCenter/:/messages/MC1220762

Microsoft Entra ID: Auto-enabling passkey profiles

What is changing?

Starting in March 2026, Entra ID will introduce passkey profiles and synced passkeys to General Availability.

What is the impact? 

Passkey profiles and the passkeyType property allows administrators to configure device-bound passkeys, synced passkeys, and to configure passkey configurations at the group-level. These changes allow administrators more granular control over the way that passkeys are permitted for end users and their registration experience.

What needs to be prepared in advance?

If you want a configuration different from the migration defaults, review the timeline above and opt in to passkey profiles before your tenant’s automatic enablement window begins.
Then configure the Default passkey profile’s passkeyType to your preferred values.

We also recommend:

• Review your registration campaign configuration, especially if its set to Microsoft-managed. If you want synced passkeys enabled in your tenant but do not in your registration campaign to target passkeys, you can:
  • Switch the registration campaign state to Enabled and continue targeting Microsoft Authenticator, or
  • Set the registration campaign state to Disabled.
• Update runbooks and help desk content so your help desk and end users understand any changes in passkey availability or behavior

Learn More: https://admin.cloud.microsoft/?ref=MessageCenter/:/messages/MC1221452