Most frontline device pilots stall at identity. Microsoft just published a practical guide to the assigned vs. shared device decision — and it has real consequences for Conditional Access, auditability, and shift-based workflows. Here’s the checklist that keeps your rollout from derailing.
Untitled
Microsoft retires the classic alert experience and agent/classic toggle in Purview Insider Risk Management on August 31, 2026. Here’s what changes, what ships, and what to do before the deadline.
Where IT Teams Can Actually Trust AI Agents in 2026
Microsoft’s 2026 Agent Confidence Index is useful if IT teams read it as a trust map, not a permission slip. Start with reversible work like reports, release notes, certificate monitoring, and stream summaries. Keep humans on production changes, schema migrations, and security decisions.
Intune Field Notes: MDOP Migration Deadlines and macOS Platform SSO Gotchas
Two Intune signals deserve client action this quarter: MDOP is now out of extended support, and Microsoft’s Platform SSO field notes show where Mac rollouts can break. MSPs should inventory legacy MDOP dependencies, prioritize MBAM replacement, and pilot Platform SSO before pushing it broadly.
Copilot Cowork Is GA — What MSPs Need to Watch Before Turning Agents Loose
Copilot Cowork is GA, but MSPs should treat it as an operations change, not just another Copilot feature. The work now is permissions, billing controls, agent identity, audit trails, and deciding which client workflows are safe enough for long-running agents.
Deploying Claude Desktop Behind Entra ID: The No-Backend Architecture MSPs Need
Claude Desktop ships with a shared API key in a local config file — no per-user identity, no MFA, no audit trail. For MSPs with regulated clients, that’s a non-starter. Microsoft just published an architecture that routes Claude Desktop through Entra ID and Azure API Management with zero custom backend code. Per-user identity, Conditional Access, auditable, and the config can be pushed via Intune. If your clients are asking for sanctioned AI desktop tools alongside their existing M365 stack, this closes a real governance gap.
Catching Silent MDE Gaps — Automate Defender Compliance Checks Across Azure VMs
Most MSPs can tell you which Azure VMs are running. Fewer can tell you which ones stopped sending Defender telemetry last week. A new Logic App automation from Microsoft closes that gap daily — and it is a compliance-monitoring service waiting to happen.
M365 Archive Gets File-Level Cold Storage — Cutting SharePoint Costs for MSP Clients
Stale files in SharePoint don’t just waste storage—they degrade Copilot’s answers by feeding it outdated content. Microsoft 365 Archive now supports file-level cold storage, and for MSPs, this is both a cost-control play and a Copilot-readiness service hiding in plain sight.
The Invisible Workforce Is Non-Human — Why MSPs Need NHI Governance Now
Most MSPs can’t answer which service principals are active in a client tenant, let alone which are over-privileged. Microsoft Defender now surfaces NHI inventory and governance—and that is a recurring-service opportunity hiding in plain sight.
Two Endpoint Changes MSPs Should Act On: Defender Linux Scans + Edge Release Cadence
Microsoft Defender for Linux now supports scheduled scans, and Edge Stable shifts to a two-week release cycle on August 27. MSPs need to make two configuration decisions now: close the Linux scan gap and choose the right Edge channel per client.
