Dear colleagues, 

As part of our ongoing efforts to enhance the security of our Microsoft 365 environment, we will be enabling the Idle Session Timeout feature across the tenant starting October 28, 2025. 

What’s changing 

Microsoft has announced the retirement of “Activity-Based Authentication Timeout” for Outlook on the web. This is being replaced by a more robust Idle Session Timeout for Microsoft 365, which offers broader protection across a wider range of Microsoft 365 web applications. 

What is Idle Session Timeout? 

Idle Session Timeout is a security feature that automatically signs users out of Microsoft 365 web apps after 9 hours of browser-based inactivity. This change is designed to reduce the risk of unauthorized access, particularly when devices are left unattended while still logged in. 

Key Points: 

• • The timeout policy applies to all web browsers except Microsoft Edge on Intune-managed desktops. It affects Microsoft 365 web applications such as Outlook Web App, SharePoint, OneDrive, Word, Excel, PowerPoint Online, Microsoft365.com, Admin Center, and others. 

• • Works on a per-browser session basis in all web browsers, except for Microsoft Edge on Intune Managed Devices which already have a 10-minute inactivity timeout set at the OS level. 

• • If your session remains inactive for 9 hours, you will receive a notification prompting you to stay signed in. If no action is taken, you will be automatically signed out and prompted to re-authenticate when you return. 

• • Actively using Microsoft 365 web apps will keep your session alive; only idle users will be affected. 

Implementing Idle Session Timeout helps protect university data and user accounts by ensuring that unattended browser sessions are not left open indefinitely. This is an important step in strengthening our overall information security posture. 

If you have any questions or concerns, please submit a ticket to the Enterprise Service Centre at (https://uoft.me/m365help). 

Kind regards,  

Enterprise Applications & Solutions Integration (EASI)  

Information Technology Services 

University of Toronto 

Dear colleagues,

Microsoft has announced that Microsoft Publisher will reach end of life in October 2026. After that time, Publisher will no longer be included in Microsoft 365 or supported in on-premises Office suites. 

What is changing 

Support for Microsoft Publisher, including the perpetual (on-premises) version, will end in October 2026. Until then, users can continue to access and use Publisher with its current functionality. After the retirement date, Publisher will no longer be available in Microsoft 365 subscriptions, and existing installations will not receive updates or technical support. 

Microsoft is exploring modern ways to address common Publisher use cases through other applications such as Microsoft Word, PowerPoint, and Designer. 

Who is affected 

• • All users of Microsoft Publisher. 

• • IT administrators supporting Microsoft 365 or Office LTSC 2021 deployments. 

Action required 

• • All users and departments using Publisher should begin planning to transition documents and workflows to alternative applications before October 2026. 

• • Microsoft recommends converting Publisher files to other formats (e.g., PDF or Word) before the retirement date – Transition Guidance. 

Timeline 

• • Until October 2026: Publisher remains available and supported. 

• • October 13, 2026: End of support for Microsoft Publisher (including Office LTSC 2021). Publisher will be removed from Microsoft 365 offerings.

If you have any further questions or concerns, please submit a ticket to the Enterprise Service Centre at https://uoft.me/m365help. 

Kind regards,
Enterprise Applications & Solutions Integration (EASI)
Information Technology Services, University of Toronto

Dear colleagues,  

Microsoft has officially announced that Project Online will retire on September 30, 2026. After this date, Project Web App (PWA) sites and related data will no longer be available. Project Online users must plan and complete migration before this deadline to avoid data loss. 

This change applies only to Project Online. It does not affect Project desktop or the upcoming Microsoft Planner, which will merge Planner, Project for the Web, and To Do, enhanced with AI-powered Copilot features. 

What is changing

Project Online, the classic project management tool built on SharePoint, is being retired. Microsoft is replacing it with modern, cloud-based tools such as the new Microsoft Planner.

Who is affected

SharePoint site owners, administrators, and IT teams responsible for managing Project Online or associated Project Web App (PWA) sites. 

Action required 

Complete migration and decommission Project Online before September 29, 2026. 

Timeline 

• • October 2025: Begin usage assessment and migration planning. 

• • September 30, 2026: Service retirement. Access to Project Online data permanently removed.  

Resources 

• • Export user data from Project Online – Microsoft Learn  

• • Project Online Retirement Announcement – Microsoft Tech Community  

If you have any further questions or concerns, please submit a ticket to the Enterprise Service Centre at (https://uoft.me/m365help). 

Kind regards,  

Enterprise Applications & Solutions Integration (EASI)  

Information Technology Services 

University of Toronto 

Dear colleagues,  

Microsoft Whiteboard storage is being migrated from Azure to OneDrive, with full deprecation of Azure storage by February 2026. Microsoft Whiteboard users must complete the migration to retain access. 

• • Any user who launches an eligible Whiteboard client (Windows app, Microsoft Teams desktop/web, or web app) will automatically initiate a non-blocking migration of their Azure-stored whiteboards to OneDrive. 

• • Once migration is complete, users will see their boards listed under OneDrive. Boards that fail to migrate will appear in a separate Not migrated section in the board picker. 

What you can do to prepare 

Actions for users: 

• • Open the Whiteboard app to check if migration has started. 

• • Allow migration to complete and validate board contents. 

• • If any issues are found, please report them within 90 days of migration completion. After this period, migrated Azure-stored boards will be permanently deleted. 

Learn more: Migration of Whiteboards from Azure to OneDrive

If you have any questions or concerns, please submit a ticket to the Enterprise Service Centre at (https://uoft.me/m365help). 

Kind regards,  

Enterprise Applications & Solutions Integration (EASI)  

Information Technology Services 

University of Toronto 

Dear colleagues,

Microsoft Teams is introducing a new protection feature that blocks messages containing weaponizable file types—such as executables—in chats and channels. This helps reduce the risk of malware and file-based attacks by preventing unsafe content from being shared. This message applies to Teams for Windows desktop, Teams for Mac desktop, Teams for the web, and Teams for iOS/Android.

Teams will block messages containing weaponizable file types (e.g., executables) in chats and channels to reduce malware risks. This feature starts is in general availability in November 2025 (on by default).

Once enabled, Teams will automatically block messages that include weaponizable file types. This applies to both internal and external conversations.

• • Recipients will see a notification that a message was blocked but cannot access the content.
  • Senders will receive a notification and can edit and resend the message without the unsafe file.

Kind regards,  

Enterprise Applications & Solutions Integration (EASI)

Information Technology Services , University of Toronto 

Dear colleagues,

Starting December 2, 2025, Microsoft Intune will also use Azure Front Door IP ranges for service connectivity. These addresses are tagged as AzureFrontDoor.MicrosoftSecurity. Units that manage firewalls, proxies, or outbound traffic rules must update configurations to ensure uninterrupted device and app management.

What is changing

• • Intune network endpoints will expand to include Azure Front Door ranges.

  • Existing Intune endpoints remain required. Do not remove them.

  • This change is part of Microsoft’s Secure Future Initiative to improve security alignment.

Who is affected

• • Units that restrict outbound traffic using firewalls, routers, proxies, VPNs, or network security groups.

  • All Intune-managed devices (mobile device management and app protection policies).

Action required

• • By December 1, 2025, update firewall rules to allow outbound traffic on port 443 for the AzureFrontDoor.MicrosoftSecurity service tag.

  • Alternatively, add the new IP ranges from the official JSON files (search for “AzureFrontDoor.MicrosoftSecurity”).

  • Keep existing Intune endpoints in place.

Timeline

• • Now: Review firewall allowlists and plan updates.

  • December 1, 2025: Deadline for updates.

  • December 2, 2025: Intune begins using new endpoints.

Details

Failure to update rules may cause:

• • Device login issues

  • Loss of connectivity with Intune

  • Disruption to apps like the Intune Company Portal or those protected by app protection policies

Support

• • For technical guidance, see Microsoft’s documentation below.

Learn more:

• • Message Center MC1147982: Update firewall configurations to include new Intune network endpoints

  • Intune network endpoints (Microsoft Learn)

  • Support tip: upcoming Intune network changes (Microsoft Tech Community)

Kind regards,  

Enterprise Applications & Solutions Integration (EASI)  

Information Technology Services 

University of Toronto