January Microsoft 365 Changes Admins Should Know

New year, new Microsoft 365 changes! January is packed with 30+ impactful updates, including feature rollouts, retirements, and behavior changes that could affect your environment. Here’s what admins need to know as 2026 kicks off. 

In the Spotlight: 

Retirement of Activity-Based Authentication Timeout in OWA: The activity-based sign-out feature that logged users out after inactivity is being retired. Admins should switch to Idle session timeout to maintain similar session control. 
Auto-Archive for Exchange Online: Auto-Archiving is now generally available in Exchange Online. To prevent storage overruns, emails are automatically moved to your archive mailbox once you hit 96% quota, ensuring uninterrupted mail flow. 
Block External Users in Teams from Microsoft Defender: Security admins can now block external users and domains for Microsoft Teams directly from Microsoft Defender using the Tenant Allow/Block List.  
Trust DigiCert Global Root G2 for Microsoft Entra: Microsoft will migrate Microsoft Entra services to DigiCert Global Root G2 starting January 7, 2026. Organizations must trust the G2 root CA and remove any G1 pinning to avoid authentication failures. 
Retirement of IDCRL Authentication in SharePoint and OneDrive: Microsoft retires IDCRL authentication in SharePoint and OneDrive by January 30, 2026, blocking legacy sign-ins by default. Organizations should move to modern authentication (OpenID Connect and OAuth), with temporary re-enablement available until April 2026. 

Here’s a quick overview of what’s coming: 

Retirements: 5    
New Features: 11  
Enhancements: 5   
Functionality Changes: 3    
Action Required: 2 

Retirements: 

The opt-in toggle for Anthropic’s commercial terms in the Microsoft 365 admin center is being deprecated by Jan 7, 2026, as Anthropic becomes a default Microsoft subprocessor. 
The “When Sending a Message” Group Policy in Classic Outlook for Windows retires on Jan 13, 2026. Admins should migrate to the new granular policies to avoid configuration gaps. 
Extended support for Microsoft Advanced Threat Analytics (ATA) officially ends on January 13, 2026. 
Starting January 13, 2026, new App-V packages for Microsoft 365 Apps can no longer be created. Existing packages still work, but all new builds must shift to Click-to-Run model. 
The Technology Experience Score is retired from the Microsoft Adoption Score starting Jan 15, 2026. This cuts network, app health, and endpoint sub-scores, lowering the max score from 900 to 600. 

New Features: 

Microsoft Purview now lets admins delete sensitive or overshared content directly during Data Security Investigations to quickly reduce risk, while respecting existing DLP and retention policies. 
Outlook for Windows introduces Wait on Send for DLP, delaying email delivery until DLP checks complete. 
DLP policy tips are coming to Outlook for Mac, alerting users when sensitive data is detected and helping them resolve or override policy issues before sending emails. 
Microsoft Teams will support apps in private channels, allowing bots, tabs, and message extensions, with apps configured at the channel level rather than the team level. 
A new SharePoint Permissions report under Data Access Governance will track a user’s full site access, including direct or group-based permissions. 
SharePoint site analytics will include OneNote file usage, tracking unique viewers and trending content. 
Microsoft 365 will launch Copilot Readiness Packages to provide admins with guided assessments and secure deployment presets. 
A new pay-as-you-go experience in the Microsoft 365 admin center will centralize billing, budgets, and usage for Backup and Copilot. 
Insider Risk Management User Analytics in Purview will provide unified user activity summaries across DLP, Defender, and Communication Compliance. 
Microsoft Teams admin center improves meeting and call

troubleshooting with automatic issue detection, smarter search & filters, and Copilot-powered recommendations. 
Previously limited to users, cross-tenant synchronization in Microsoft Entra now supports security groups, enabling centralized group management and cross-tenant access 

Enhancements: 

Teams will shorten meeting URLs by using only a meeting ID and hashed passcode, with URLs expiring after 60 days for scheduled meetings and 8 hours for Meet Now meetings. 
Microsoft Teams is introducing a redesigned Workflows experience powered by Power Automate, with a modern UI, smarter templates, and natural language–based automation. 
Microsoft Purview Insider Risk Management will use OCR to detect sensitive data in images shared across SharePoint, Teams, and endpoints, helping identify potential data leaks. 
Purview Insider Risk Management limits will expand significantly: Variants per indicator: 3 → 10; Total variants: 100 → 400; Detection group items: 200 → 500. 
Microsoft Purview Communication Compliance enhances policy alert customization, allowing admins to set per-policy alert frequency, email alert frequency, and recipients directly during policy creation. 

Existing Functionality changes: 

Microsoft Defender for Identity introduces an opt-in automatic Windows event auditing feature for unified sensors (v3.x), auto-applying required auditing settings on sensors. 
Teams Desktop for Windows will run a new teams_modulehost.exe process to handle calling features separately from ms-teams.exe, improving isolation and reliability. 
Microsoft Teams will turn on message safety settings by default, including weaponizable file type protection, malicious URL protection, and reporting incorrect security detections. 

Action Needed: 

Starting Jan 5, 2026, Outlook for Android will require Android 10.0 or later to receive updates and security patches. Users should upgrade their OS to maintain ongoing support. 
Switch to *Schema.org* markup for reliable calendar event extraction, as the legacy method is unsupported and unreliable for the Events from email feature. 

Act now to stay ahead and ensure these updates don't impact you! 

https://redd.it/1q4itap
@r_systemadmin

No I can't call you, I'm busy AF

Seriously, why do people to that? You sent me an email with a problem. We can't troubleshoot this problem through email. I ask you to call the help desk so that someone who has more time than me can actually look at the issue. But noooooo you can't be assed to dial a 4 number extension, we have to call you...

ffs

https://redd.it/1q4mhyy
@r_systemadmin

Do you expect your frontline manager to be a Subject Matter Expert?

Is your boss the SME for the assortment of tech that your team administers? Do you expect them to be? Do you expect them to know how to at least do your job?

I imagine that the answer depends on the size of the organization and consequently the department and maybe even by industry.

https://redd.it/1q4qe4m
@r_systemadmin

Thickheaded Thursday - January 08, 2026

Howdy, /r/sysadmin!

It's that time of the week, Thickheaded Thursday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!

https://redd.it/1q77x5g
@r_systemadmin

Who's still working from home in 2026?

Out of curiosity, who is still WFH in 2026? Did your org make you come back into the office?

WFH here, usually 3 days a week give or take. Sometimes 4 depending on the week. Our office is pretty much empty; you might be lucky to run into a couple of people sometimes.

https://redd.it/1q7cbpb
@r_systemadmin

Dell price increases confirmed - schewwwww

I got a quote for (10) Dell Pro Plus 16-inch laptops on Dec. 14. The per-unit price was $1300.

Today, the exact same quote for the exact same specs is $1700 per-unit.

We all knew there were going to be price increases, but boy, it really slaps you in the face when it directly impacts you. This will definitely slow our computer and laptop purchasing. Our total equipment budget increased by about 1.5%, and these price increases are closer to 30%. There is no way we can eat our way out of this one.

I would go so far to say that this will force us to stretch from a 6-year replacement cycle to an 8-year cycle.

https://redd.it/1q7ikgd
@r_systemadmin

Windows Secure Boot UEFI Certificates Expiring June 2026

I've read a ton of KB articles and I'm still not 100% clear if I actually need to do anything.

Most environments are either machines are domain joined and updated via WSUS and controlled by GPO or they're Intune managed using Microsoft update.

But between reg keys, GPOs, firmware updates, Windows Updates, I'm not clear if I should be doing something specific or just keep installing the monthly cumulative/security updates and they'll take care of it?

On most machines setting AvailableUpdates to 0x5944 and then triggering the secure-boot-update scheduled job a couple of times seems to work but the documentation isn't great on whether this is what I have to do or if I'm just ensuring machines are updated now rather than, say, in a February or March Windows Update.

I've got these options available via GPO.

https://support.microsoft.com/en-gb/topic/group-policy-objects-gpo-method-of-secure-boot-for-windows-devices-with-it-managed-updates-65f716aa-2109-4c78-8b1f-036198dd5ce7

What are you doing about this please?

Jas

https://redd.it/1q7gsr6
@r_systemadmin

Who runs cables and does the terminations in your organization?

In addition to help desk, sys admin, engineer, project manager, cyber security officer, crib vending machine mechanic, facilities security admin, ERP support, SolidWorks expert, EDI support, audit and compliance enforcer, SQL DBA, web designer, and the many other hats that you have to wear, are you also running and terminating cables?

https://redd.it/1q7g2oi
@r_systemadmin

eFax charged me $115 to port out 1 number!

Wow, just got scewed porting number out of eFax. Highest port out fees of any organization by far. I will NEVER use or recommend thieves like these guys. Avoid eFax (aka Consensus Cloud Solutions, C2, jFax) or you will pay the price!

https://redd.it/1q7qj57
@r_systemadmin

All emails we send to Gmail are rejected as spam despite full compliance

This one is an ongoing issue for the past month. Essentially all emails sent to Gmail from our domain which is hosted on Microsoft 365 are being rejected with the error "550 5.7.350 Remote server returned message detected as spam -> 550 5.7.1 \[2a01:111:f403:c40e::1 19\] Gmail has detected that this message;is likely suspicious due to the very low reputation of the sending;domain." despite our domain's reputation showing as "High" in the old Postmaster Tools.

In the new Postmaster Tools the reason for rejection is shown as either "Email content is possibly spammy" or "Suspected spam", though test emails with simple text in their subject and body are also rejected.

The new Postmaster tools show full compliance in the "Compliance status" section and our DMARC reporting shows that Google's server accepts our email with full passes.

Logging a delivery report through the new Postmaster Tools gets the report closed within an hour with the reason given as "More traffic needed".

Does anyone have a suggestion on how we can get this resolved?

https://redd.it/1q7ztch
@r_systemadmin

SMB over QUIC

I do not see this topic come up much here.

Is anyone using SMB over QUIC, or use this to replace tradtional SMB file servers?

If so,
\-Any noticeable speed increases?
\-Stability

Any downsides?

https://redd.it/1q7x0iw
@r_systemadmin

Weekly 'I made a useful thing' Thread - January 09, 2026

There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.

We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!

In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.

https://redd.it/1q84dzf
@r_systemadmin

PowerDMARC or Suped Pros/cons?

Trying to dig into DMARC tools in 2026, rn im mainly looking at PowerDMARC and Suped (mostly for DMARC aggregation + SPF flattening)

Bonus points if either of them fit these:

\- Has good API integration

\- Makes report analysis somewhat bearable

\- Won't require thousands in a fiscal year just to afford it

While PDMARC has a lot of features and is price friendly, a colleague told me that it’s pretty ‘heavy’ to use day to day. Suped does look more streamlined and simplified which works out for me. Would love to hear some insights or if you have an alternative suggestion thanks

https://redd.it/1q85fd7
@r_systemadmin

Looking for a relatively inexpensive alternative to Word Mail Merge

I've recently joined a company who are sending out quarterly shareholder reports/updates by method of Word Mail Merge via email (Outlook). This might have been a good choice 10 or more years ago, but it's far too complex and antiquated to be using these days, imo.

Clearly an email marketing platform the likes of MailChimp or Brevo look promising, but I'd be interested to hear if anyone else recommends something different.

Just to clarify, we're a Microsoft shop.

https://redd.it/1q87eaf
@r_systemadmin

Sysprep on Server 2025

I just built a new VM template (VMWare) for Server 2025 Datacenter. Once I was done, I ran sysprep, chose OOBE from the drop down, checked generalize, and chose shutdown.

Today I went to deploy the template to a VM and discovered that there was a local admin password in place. I ran sysprep again and used the reboot option this time. Upon coming up, the local admin password is still present.

Did Microsoft change the way sysprep works in 2025?

I've reviewed the setupact.log file from c:\\windows\\system32\\sysprep\\panther and can't find anything obvious that said it failed. I do wonder what the return codes under the shsetup setup mean. Is a 2 a failure? Is a 0 a success?

Under SYSPRP ActionPlatform I am see that WINRE_Generalize was successful. Does that mean anything? I see several other generalize actions under that section were successful too.

I'm seeing 4 error lines in the setuperr.log file.
2026-01-09 07:47:23, Error SYSPRP BCD: BiUpdateEfiEntry failed c000000d

2026-01-09 07:47:23, Error SYSPRP BCD: BiExportBcdObjects failed c000000d

2026-01-09 07:47:23, Error SYSPRP BCD: BiExportStoreAlterationsToEfi failed c000000d

2026-01-09 07:47:23, Error SYSPRP BCD: Failed to export alterations to firmware. Status: c000000d



https://redd.it/1q882wl
@r_systemadmin

Exclaimer on Spamhaus List

Anyone else seeing NDRs due to Exclaimer IP on Spamhaus?

https://redd.it/1q8a3y0
@r_systemadmin

eDiscovery request for emails to be provided as PDFs

We are a small shop (15 employees) and have been fortunate enough to not have much dealings with subpoena's. However, we are dealing with one now.

The request seemed simple -- provide all emails between company X and your company between these two dates. Microsoft Purview makes this pretty straightforward, so I download the data as PST files and sent them to our attorney. It's around 1,000 emails.

Our attorney has requested to receive these emails as PDF files instead of PST files. I thought this was odd, but perhaps this is common?

I was able to use Purview to download the emails as individual MSG files, and cobbled together a python noscript to covert each MSG file into a PDF. Job done.

Is PDF the normal format that requests like this are fulfilled? Is there a tool available to make this process easier? I think we might have some similar request in the future.


EDIT -- Thank you everyone for all the replies! As usual this is a great sub to be a part of and I learn something from it everyday.

https://redd.it/1q8b6u9
@r_systemadmin

931AM East Coast Internet Issues

I'm having a few sites in Long Island NY all go offline at the same time in addition to a partner vpn tunnel out in Las Vegas. All at the same time. Other vpn's are just fine around the country. Anyone else seeing this?

https://redd.it/1q89she
@r_systemadmin

What are your thoughts on the AI Bubble timeline?

We’re obviously still in the growth stage (data centers yet to be built out) but at some point all the AI-optimizable industries will be saturated, and we’ll be left with some very high multiple of excess AI businesses and idle compute.

There’ll be a latent period where the major players BS their earnings and usage through (more) circular business deals, consolidation, and outright misrepresentations of user data to kick the can down the road.


And then we of course will be left with the collapse, and the bag being held by pension funds (via SPVs) and the general populous (via destroyed aquifers and sky high electricity prices).


My guess is 3-4 years.




https://redd.it/1q8dst4
@r_systemadmin

Am I Getting Fucked Friday, January 9th 2026.

Brought to you by r/sysadmin 'Trusted VAR': u/SquizzOC with Trusted Telecom Broker u/Each1Teach1x27 for Telecom and u/Necessary_Time in Canada

PMs are welcome to answer your questions any time, not just on Fridays.

This weekly thread is here for you to discuss vendor and carrier expectations, software questions, pricing, and quotes for network services, licensing, support, deployment, and hardware.  

Required Info for accurate answers:

* Part Number
* Manufacturer/vendor
* Service Type and Service Location
* Quantity (as applicable)

All questions are welcome regarding:

* Cloud Services - Security, configurations, deployment, management, consulting services, and migrations
* Server configs and quote answers
* Storage Vendor options, alternatives, details, and selection
* Software Licensing - This includes Microsoft CSPs
* Network infrastructure - overlay software, segmentation, routers, switches, load balancing, APs…
* Security - Access Management, firewalls, MFA, cloud DNS, layer 7 services, antivirus, email, DLP….
* User gear - Usually, you should buy the quote you have unless the quantity is +50 units
* POTS replacement lines
* Single site and multi-location connectivity – Dedicated internet access, Broadband, 5G LTE, Satellite, dark fiber, Ethernet services
* Voice services- SIP, UCaaS,

https://redd.it/1q8e4dx
@r_systemadmin