Microsoft with three. Starting January 12, 2026, Microsoft Teams will automatically enhance its messaging security by default, blocking risky files and malicious links to protect against AI-driven threats. This significant shift aims to provide essential protections for organizations that have not yet bolstered their security defenses against increasingly sophisticated phishing and malware attacks. According to Microsoft, these changes will introduce three key safety features: automatic blocking of dangerous file types, real-time scanning of shared links for potential phishing threats, and a mechanism for users to report false positives. This proactive approach is designed to reduce the attack surface of Microsoft Teams, ensuring that even smaller organizations without dedicated security teams remain safeguarded. IT administrators will have the option to review and adjust these settings before the deadline, ensuring a smoother transition to the new security measures.
Microsoft has decided to cancel its plans to implement a daily limit of 2,000 external recipients for bulk email senders using Exchange Online. This decision follows significant customer feedback indicating that such a limit would create operational challenges, especially given the current limitations of bulk sending options. The initial plan, announced in April 2024, aimed to combat spam and restrict misuse of resources, but it has been retracted in favor of finding less disruptive solutions that still prioritize security. Current limits, including a recipient rate limit of 10,000 recipients and a tenant external recipient rate limit of 5,000 external recipients per day, will remain unchanged. This move aligns with similar efforts by Google to enhance email security against spam and phishing attacks.
Microsoft has acquired the Seattle-based startup Osmos to enhance its Microsoft Fabric platform with autonomous data engineering capabilities. This acquisition aims to automate data preparation and transformation, reducing the manual workload for IT teams. According to Bogdan Crivat, corporate vice president of Azure Data Analytics at Microsoft, many organizations struggle with data management, leading to inefficient resource use. Founded in 2019, Osmos raised $13 million in 2021 from investors such as Lightspeed Venture Partners and CRV. The integration of Osmos technology into Microsoft Fabric will provide tools that automate complex data workflows, allowing teams to focus on data analysis rather than preparation. This move positions Microsoft Fabric as a stronger competitor against Databricks in the automated data processing space.
Why do we care?
This is Microsoft drawing a very clear line about who decides—and who cleans up.
In Teams, Microsoft decided that waiting for admins to configure security was no longer acceptable. So now files get blocked and links get scanned whether you planned for it or not. That’s good for risk reduction—but when a client can’t send a file to a vendor five minutes before a deadline, they’re calling you, not Redmond.
Then look at Exchange. Microsoft tried to impose a blunt control, realized it would break real businesses, and backed off. That tells you something important: Microsoft will experiment with enforcement, but it will only retreat when the operational pain is undeniable.
Now layer in Fabric and Osmos. Data prep used to be a human judgment problem. Soon, it’s an automated one. When dashboards are wrong or compliance questions come up, MSPs won’t be able to point to a person who made the call—just a system that “optimized” the pipeline.
The harmful MSP behavior here is assuming automation equals less responsibility. It doesn’t. It changes the shape of responsibility. If you don’t explicitly manage expectations, document ownership, and price for the support burden that comes with platform-level automation, you end up eating the risk while Microsoft ships the defaults.
This matters now because Microsoft isn’t asking. It’s deciding. And MSPs that don’t adapt their role—from tool managers to governance and accountability partners—will find themselves blamed for decisions they never actually made.