Dear colleagues,  

Microsoft Whiteboard storage is being migrated from Azure to OneDrive, with full deprecation of Azure storage by February 2026. Microsoft Whiteboard users must complete the migration to retain access. 

• • Any user who launches an eligible Whiteboard client (Windows app, Microsoft Teams desktop/web, or web app) will automatically initiate a non-blocking migration of their Azure-stored whiteboards to OneDrive. 

• • Once migration is complete, users will see their boards listed under OneDrive. Boards that fail to migrate will appear in a separate Not migrated section in the board picker. 

What you can do to prepare 

Actions for users: 

• • Open the Whiteboard app to check if migration has started. 

• • Allow migration to complete and validate board contents. 

• • If any issues are found, please report them within 90 days of migration completion. After this period, migrated Azure-stored boards will be permanently deleted. 

Learn more: Migration of Whiteboards from Azure to OneDrive

If you have any questions or concerns, please submit a ticket to the Enterprise Service Centre at (https://uoft.me/m365help). 

Kind regards,  

Enterprise Applications & Solutions Integration (EASI)  

Information Technology Services 

University of Toronto 

Dear colleagues,

Microsoft Teams is introducing a new protection feature that blocks messages containing weaponizable file types—such as executables—in chats and channels. This helps reduce the risk of malware and file-based attacks by preventing unsafe content from being shared. This message applies to Teams for Windows desktop, Teams for Mac desktop, Teams for the web, and Teams for iOS/Android.

Teams will block messages containing weaponizable file types (e.g., executables) in chats and channels to reduce malware risks. This feature starts is in general availability in November 2025 (on by default).

Once enabled, Teams will automatically block messages that include weaponizable file types. This applies to both internal and external conversations.

• • Recipients will see a notification that a message was blocked but cannot access the content.
  • Senders will receive a notification and can edit and resend the message without the unsafe file.

Kind regards,  

Enterprise Applications & Solutions Integration (EASI)

Information Technology Services , University of Toronto 

Dear colleagues,

Starting December 2, 2025, Microsoft Intune will also use Azure Front Door IP ranges for service connectivity. These addresses are tagged as AzureFrontDoor.MicrosoftSecurity. Units that manage firewalls, proxies, or outbound traffic rules must update configurations to ensure uninterrupted device and app management.

What is changing

• • Intune network endpoints will expand to include Azure Front Door ranges.

  • Existing Intune endpoints remain required. Do not remove them.

  • This change is part of Microsoft’s Secure Future Initiative to improve security alignment.

Who is affected

• • Units that restrict outbound traffic using firewalls, routers, proxies, VPNs, or network security groups.

  • All Intune-managed devices (mobile device management and app protection policies).

Action required

• • By December 1, 2025, update firewall rules to allow outbound traffic on port 443 for the AzureFrontDoor.MicrosoftSecurity service tag.

  • Alternatively, add the new IP ranges from the official JSON files (search for “AzureFrontDoor.MicrosoftSecurity”).

  • Keep existing Intune endpoints in place.

Timeline

• • Now: Review firewall allowlists and plan updates.

  • December 1, 2025: Deadline for updates.

  • December 2, 2025: Intune begins using new endpoints.

Details

Failure to update rules may cause:

• • Device login issues

  • Loss of connectivity with Intune

  • Disruption to apps like the Intune Company Portal or those protected by app protection policies

Support

• • For technical guidance, see Microsoft’s documentation below.

Learn more:

• • Message Center MC1147982: Update firewall configurations to include new Intune network endpoints

  • Intune network endpoints (Microsoft Learn)

  • Support tip: upcoming Intune network changes (Microsoft Tech Community)

Kind regards,  

Enterprise Applications & Solutions Integration (EASI)  

Information Technology Services 

University of Toronto 

Dear colleagues,

The Outlook Lite app will be retired starting October 6, 2025. New installs will be blocked, and existing users will need to switch to the Outlook Mobile app within the retirement period.

What is changing

• • Starting October 6, 2025, the Outlook Lite app will no longer be available for new installation.

  • Existing users can continue using Outlook Lite for a limited time until full retirement is complete.

  • Microsoft is retiring Outlook Lite to focus development and support on the Outlook Mobile app, which offers enhanced functionality, security, and Microsoft 365 integration.

Who is affected
Anyone currently using the Outlook Lite app on Android devices.

Action required

Switch from Outlook Lite to Outlook Mobile before retirement is complete.

• • • Download Outlook Mobile from the Google Play Store.

    • Log in with your existing U of T credentials.

    • All your existing data (email, calendar, and files) will automatically appear in Outlook Mobile.

Timeline

• • • October 6, 2025: Outlook Lite blocks new installations.

    • Following months: Outlook Lite fully retires (exact date not yet announced).

Kind regards,  

Enterprise Applications & Solutions Integration (EASI)

Information Technology Services , University of Toronto 

Dear colleagues,

Microsoft will officially end support for Office 2016, Office 2019, Visio 2016/2019, Project 2016/2019, and related apps on October 14, 2025. After this date, these products will no longer receive updates, security patches, or technical assistance from Microsoft.

What is changing 

• • Office 2016 and Office 2019 suites and standalones will reach end of support on October 14, 2025. 

  • The same applies to Visio 2016/2019 and Project 2016/2019. 

  • Unsupported clients may not meet security and compliance requirements and may encounter service reliability issues. 

Action required 

Before October 14, 2025, you must: 

1. 1. Inventory devices still running Office 2016/2019, Visio 2016/2019, and Project 2016/2019. 

   2. Plan migration to Microsoft 365 Apps (preferred) or Office LTSC 2024 for offline use cases. 

   3. Test and validate business-critical workflows on the target version. 

   4. Deploy the updated Office suite to all affected devices.

Learn more

• • Microsoft Official End of Support Notice for Office 2016/2019

  • Upgrade Planning Guide: Office 2016/2019 to Microsoft 365 Apps

  • End of Support Resources and Security Risks 

If you have any further questions or concerns, please submit a ticket to the Enterprise Service Centre at (https://uoft.me/m365help). 

Dear colleagues,

Microsoft 365 will deprecate legacy TLS cipher suites lacking forward secrecy on October 20, 2025, supporting only specified TLS 1.3 and 1.2 cipher suites. Most modern devices will keep working. Old devices or apps that use outdated encryption may not be able to connect after October 20, 2025.

Recommendation:

• • Use a modern browser: Microsoft Edge, Google Chrome, Firefox, or Safari. Do not use Internet Explorer.
  • Keep your Microsoft 365 apps (Outlook, Word, Teams) up to date.
  • If a copier/scanner sends email, make sure it uses current security settings or contact your local IT support.

Potential impact:

Older devices or apps might show errors like “cannot connect securely” or “TLS/SSL error” and fail to connect to Microsoft 365 services.

Learn more:

• • Microsoft full announcement 
  • Server cipher suites and TLS requirements
  • Manage TLS and cipher suites in Windows Server
  • Exchange Online – set up and validate connectors
  • Exchange TLS configuration best practices

Kind regards,  

Enterprise Applications & Solutions Integration (EASI) 

Information Technology Services  

University of Toronto