Services
Summary
Starting mid-June 2026, Microsoft 365, Office 365, and EMS suites will receive enhanced security features like Microsoft Defender Plan 1, URL time-of-click protection, Intune improvements, and +50GB Exchange Online storage. Rollout completes by August 1, 2026, with new alerts and policy controls for admins.
Details
Introduction
As a part of the 2026 Microsoft 365 Packaging and Pricing Update, we're excited to share that the following features will begin to roll out to Microsoft 365, Office 365, and Enterprise Mobility and Security (EMS) suites in mid-June and are expected to be complete by August 1, 2026.
Refer to the licensing blog for feature availability by suite. Government and Commercial packaging changes are listed separately.
- Microsoft Defender for Office 365 Plan 1: Protection against advanced phishing and malware
- URL time-of-click protection: Scans URLs at time of click to prevent access to malicious websites
- Intune Remote Help: Secure remote support for devices
- Intune Advanced Analytics: Insights to improve user experience
- Intune Plan 2: Tunnel for MAM, FOTA, and specialty device management
- Intune Endpoint Privilege Management: Supports least-privilege access
- Microsoft Cloud PKI: Cloud-based certificate lifecycle management
- Intune Enterprise Application Management: Enterprise App Catalog of Win32 applications with preconfigured deployment settings.
- Exchange Online: +50GB email storage
Refer to list of service display names affected below:
| Display Name | Part Number |
|---|---|
| Microsoft 365 built-in email and collaboration security (URL time-to-click protection) | MDOLITE_ENTERPRISE |
| Microsoft Defender for Office 365 (Plan 1) | ATP_ENTERPRISE |
| Exchange Online Storage (50GB additional) | EXCHANGE_STORAGE_50GB |
| Remote Help | REMOTE_HELP |
| Microsoft Intune Advanced Analytics | Intune_AdvancedEA |
| Intune Plan 2 | INTUNE_P2 |
| Intune ServiceNow Integration | Intune_ServiceNow |
| Microsoft Tunnel for Mobile Application Management | Intune-MAMTunnel |
| Intune Enterprise Application Management | 3_PARTY_APP_PATCH |
| Intune Endpoint Privilege Management | Intune-EPM |
| Microsoft Cloud PKI | CLOUD_PKI |
When this will happen:
We will begin rolling out in mid-June 2026 and expect to complete by early August 2026.
How this affects your organization:
Who is affected:
- Refer to the licensing blog for feature availability by suite
- Organizations using Microsoft 365, Office 365, and EMS suites
- Microsoft 365 admins responsible for security and device management
- Users receiving enhanced protections and increased mailbox storage
What will happen:
For Microsoft Defender features:
- Built-in protection policy (Safe Links, Safe Attachments), anti-phishing protections, and URL time-of-click protection will be applied to all users by default
- Policies cannot be disabled but can be supplemented or overridden
- New alerts may appear in the Microsoft Defender portal
For Microsoft Intune features:
- Intune features are not configured by default
For Exchange Online:
- Exchange Online storage increases by +50GB
What you can do to prepare:
For Microsoft Defender features:
- Review the Built-in Protection policy in the Microsoft Defender portal.
- Add exclusions by user, group, or domain, if needed.
- Consider enabling standard or strict preset security policies.
- Review mail flow and configure enhanced filtering if using a third-party gateway.
For Microsoft Intune features:
Refer to the MS Learn documentation hyperlinked in the Intro section of this post.
Learn more:
- M365 Packaging and Pricing Update: Official Announcement Blog
- M365 Packaging and Pricing Update: Licensing Blog
- M365 Packaging and Pricing Update: Public FAQs
- Microsoft Defender for Office 365: Security Documentation
- Microsoft Defender for Office 365: Preset Security Policies Documentation
Compliance considerations:
| Area | Explanation |
|---|---|
| Does the change store new customer data? | Microsoft Defender and Intune features may generate and store additional security telemetry, alerts, and device analytics data as part of normal service operation. |
| Does the change alter how existing customer data is processed, stored, or accessed? | Microsoft Defender enhancements introduce additional scanning and analysis of email content and URLs, including time-of-click protection, increasing inspection of existing data for threat detection. |
| Does the change introduce or significantly modify AI/ML capabilities? | Microsoft Defender for Office 365 uses machine learning to detect phishing, malware, impersonation, and zero-day threats, and these capabilities are expanded through this rollout. |
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities? | New alert types and threat detection insights will appear in the Microsoft Defender portal, impacting security monitoring and reporting. |
| Does the change add any integration to 3rd party software products? | Intune ServiceNow integration is included. |
| Does the change include an admin control and can it be controlled through Entra ID group membership? | Admins can configure Defender and Intune policies and apply settings using user and group-based assignments. |