[1.8.0] - 2026-06-04

Added

• agent-framework-core: Add MCP-based skills discovery (McpSkillsSource) (#6169)
• agent-framework-core: Progressive tool exposure via FunctionInvocationContext (#6233)
• agent-framework-core: Add background agent support to harness agent (#6155)
• agent-framework-core: Add AgentFileStore and FileAccessProvider for file access operations (#6099)
• agent-framework-core: Coalesce code interpreter history chunks (#5801)
• agent-framework-core: Run sync tools off the event loop (#5773)
• agent-framework-bedrock: Implement native structured output support via Converse API (#6052)
• agent-framework-foundry: Add Foundry Adaptive Evals integration for rubric-generation (#6101)
• agent-framework-foundry: Add timeout parameter to FoundryAgent to fix ConnectTimeout on multi-turn conversations (#6263)
• agent-framework-mistral: Add Mistral AI embedding client package (#5480)
• agent-framework-a2a: Expose supported_protocol_bindings as configurable parameter (#6098)
• agent-framework-a2a: Set message_id on AgentResponseUpdate for message-bearing paths (#6163)
• agent-framework-foundry-hosting: Persist hosted MCP call/results as canonical mcp_call output (#6070)

Changed

• agent-framework-github-copilot: [BREAKING] Upgrade github-copilot-sdk to v1.0.0 (stable) (#6292)
• agent-framework-core: [BREAKING — experimental] Refactor Skill API to async resource and script lookup (#6135)
• agent-framework-github-copilot: Promote to release candidate (1.0.0rc1)
• agent-framework-declarative: Promote to release candidate (1.0.0rc1) (#6256)

Fixed

• agent-framework-core: Fix compaction message-id collisions and tool-loop summary persistence (#6299)
• agent-framework-core: Fix observability unsafe serialization of function-call arguments containing dataclass/framework objects (#6026)
• agent-framework-core: Consolidate MCP reliability fixes (#6145)
• agent-framework-core: Backfill chat span request model if unknown and response model is available (#6160)
• agent-framework-anthropic: Skip orphan anthropic thinking signatures (#5784)
• agent-framework-foundry: Fix FoundryAgent stripping model from PromptAgent requests (#5526)
• agent-framework-foundry-hosting: Fix toolbox consent flow in hosted agent (#6249)
• agent-framework-foundry-hosting: Drop hosted MCP calls when reasoning is stripped (#6210)
• agent-framework-openai: Fix OTLP HTTP base-endpoint losing /v1/{signal} auto-append (#5913)
• agent-framework-openai: Drop hosted MCP calls when reasoning is stripped (#6210)
• agent-framework-orchestrations: Fix spurious Magentic custom manager warning (#6261)
• agent-framework-azurefunctions: Fix integration test worker crashes on Py3.13 (#4260)

Original source

Release Summary

Feature Updates

Updates to passkey sync, Collections retirement, and Copilot Chat policy controls in Microsoft Edge.

Policy Updates

New and updated policies in Microsoft Edge.

Security

Stable channel security updates are listed here.

Announcement

• Migration to improved V2 architecture for Workspaces. Workspaces, introduced in Edge in 2022, allows users to create durable sets of tabs that can be saved and shared with others. In order to improve reliability and performance of this feature, the following changes are being made:
  • Migrating data for saved Workspaces from OneDrive/SharePoint to Edge Sync service
  • Removing the collaboration/share functionality of this feature
    For organizations who have disabled Sync through policy, the existing v1 Workspace data will still be migrated to the new architecture. New v2 Workspaces created after migration won't sync across devices and will remain local to each device. This update occurs on a progressive rollout beginning in Edge Stable v145 and will continue rolling out in Edge v149. For more information, see Getting started with Microsoft Edge Workspaces.

Feature Updates

• Passkey Sync for Enterprise Users. Microsoft Edge is introducing support for passkey synchronization for enterprise users, enabling secure, passwordless authentication across devices. Passkeys created in Edge can now be synced seamlessly, improving sign-in experience while maintaining strong security standards. Note: This is a controlled feature rollout. If you don't see this change, check back as we continue the rollout.
• Enterprise WebView2 runtime downgrade via DowngradeVersion policy. Administrators can temporarily roll back specific applications to a previous WebView2 Evergreen Runtime version (N-1 or N-2) using the new DowngradeVersion policy in msedgewebview2.admx. The Downgrade Version policy allows enterprises to mitigate critical regressions by specifying per-application exe-to-version mappings. The Edge Updater installs the target version side-by-side, and the WebView2 Loader redirects targeted apps accordingly.

Downgrades auto-expire with each new WebView2 release: apps pinned to N-1 remain on the same version (now becoming N-2) and will auto-update in the next release, while apps pinned to N-2 will revert to the current Evergreen version. The policy applies only to enterprise-managed devices (domain-joined or MDM-enrolled). For more information, see Microsoft Edge WebView2 Policy Documentation | Microsoft Learn.

• Collections retirement. Collections has been removed in this update. Users can no longer access or use the feature. To keep saved content, users can export it, or move all pages to Favorites before updating to Microsoft Edge Stable 149. For more information, see Organize your ideas with Collections in Microsoft Edge - Microsoft Support.
• Modern, unified, and updated Look and Feel. Microsoft Edge has updated the Look and Feel to give customers a unified experience across all of Microsoft AI surfaces including Copilot and Bing. This changes multiple elements of the UX such as spacing, corners, fonts, default colors, etc.
• Clarify choices surrounding third-party cookie settings. Language under Settings > Privacy, search, and services > Cookies are clarified to better describe the choices users have in managing third-party cookies.
• Custom primary password retirement. Users are no longer able to create a new custom primary password in Edge Settings edge://settings/autofill/passwords/settings. Any users who are still using a custom primary password will be automatically migrated to device authentication. Additionally, the PrimaryPasswordSetting policy will no longer support the WithCustomPrimaryPassword option. For more information, see Keep your saved passwords private in Microsoft Edge | Microsoft Support.
• Unifying Copilot Chat policy controls. The Microsoft365CopilotChatIconEnabled policy is the standard for configuring Copilot Chat. Previously, this behavior was controlled by blocking the Copilot extension, either explicitly or by using the * wildcard via the ExtensionSettings or ExtensionInstallBlockList policies. Extension and sidebar policies no longer affect the appearance or functionality of Copilot Chat. Copilot address bar suggestions were also tied to extension policy settings. Starting in Microsoft Edge version 149, admins can use the CopilotAddressBarSuggestionsEnabled policy to manage this behavior.
• Intune MAM Protected Downloads. The protected downloads feature for Intune MAM is now available for BYOD (Bring Your Own Device) devices, which aren't managed by a tenant.

Original source

Release Summary

Announcements

Announcements about Workspaces v2 migration and Microsoft 365 Copilot Chat in Microsoft Edge.

Feature Updates

Updates to Copilot New Tab Page, AI settings, autofill, and authentication in Microsoft Edge.

Policy Updates

New and updated policies in Microsoft Edge.

Security

Stable channel security updates are listed here.

Announcements

• Migration to improved V2 architecture for Workspaces. Workspaces, introduced in Edge in 2022, allows users to create durable sets of tabs that can be saved and shared with others. In order to improve reliability and performance of this feature, the following changes are being made:
  • Migrating data for saved Workspaces from OneDrive/SharePoint to Edge Sync service
  • Removing the collaboration/share functionality of this feature

For organizations who have disabled Sync through policy, the existing v1 Workspace data will still be migrated to the new architecture. New v2 Workspaces created after migration won't sync across devices and will remain local to each device. This update occurs on a progressive rollout beginning in Edge Stable v145 and will continue rolling out in Edge v148. For more information, see Getting started with Microsoft Edge Workspaces.

• Microsoft 365 Copilot Chat. The Edge internal container page that hosts compliant M365 Copilot chat in the sidebar has been updated. Blocking internal edge:// or chrome-untrusted:// URLs isn't recommended as this may lead to unexpected errors and will disable the Microsoft 365 Sidebar Copilot Chat experience. For more information, see Allowlist for Microsoft Edge endpoints.

Feature Updates

• M365 Copilot Search relevance using work browsing history. With admin approval, Microsoft Edge can now send selected work-related browsing history from third-party apps to Microsoft 365 Copilot to improve search result ranking. When a user searches on Microsoft 365 Copilot Search, M365 Copilot will also surface results from work browsing history when relevant, helping users find recently visited work pages faster. Admins can control availability of this feature using the ShareBrowsingHistoryWithCopilotSearchAllowed policy.
• Password affiliation service. Password autofill suggestions in Edge are currently based on top-level domain matching, which means the same credentials can be suggested on sites like account.microsoft.com and office.microsoft.com. With this feature, Edge groups related domains together across various desktop and mobile properties called affiliations. When a customer visits a URL, the Edge client will query the affiliations backend to obtain "affiliated groups" for that URL. The process involves sending a hash of the visited URLs to the service, which then returns a list of affiliated URLs and ensures that the relevant credentials will be displayed in the autofill suggestions across affiliated domains. Admins must use both the PasswordManagerEnabled and PrimaryPasswordSetting policies together to control access to this feature. Configuring both policies allow admins to ensure no passwords get saved, lookups for autofill are disabled and affiliation endpoint won't be queried.
• Copilot New Tab Page. Search, chat, and explore the web from one search box with Copilot suggested actions and curated work content to help your users get things done faster on the new, refreshed Copilot New Tab Page. Users can also view personalized news and activities. Admins can control availability to this feature using the CopilotNewTabPageEnabled policy. For more information, see Configure the Copilot new tab page.
• Shadow AI. Currently admins can set Purview DLP policies to protect sensitive data from being sent to any Generative AI apps, users get blocked from sending their prompts to LLM when this is triggered and stops their workflow. This new add-on to the feature shows a new UI that will give users the option to be redirected to M365 Copilot which will open and navigate to this M365 Copilot tab and allow them to send the same prompt there.
• Enhanced Autofill. For desktop users, Microsoft Edge can now autofill additional document types-including passports, driver's licenses, and other specialized forms-on top of your saved addresses. Note: This is a controlled feature rollout. If you don't see this feature, check back as we continue our rollout.
• Allow M365 authentication popups in work profiles. When users are signed in with a work account, some Microsoft 365 sites (for example, microsoft.com, cloud.microsoft, and microsoft365.com) may open authentication pop-up windows to Microsoft sign-in endpoints such as login.microsoftonline.com, login.live.com, or login.microsoft.com. These pop-ups are required to complete sign-in. Microsoft Edge now allows authentication pop-up windows from Microsoft first-party services by default. Admins can control availability to this feature using the M365AuthPopupsInWorkEnabled policy. Note: This is a controlled feature rollout. If you don't see this feature, check back as we continue our rollout.
• Updated AI settings page. Settings for Copilot features now are housed under one AI settings page to create a cohesive setting experience. Existing admin controls and policy configurations continue to apply.

Policy Updates

New policies

• CopilotAddressBarSuggestionsEnabled - Enable Copilot address bar suggestions
• CpuPerformanceTierOverride - Override for the CPU performance tier
• DataUrlInWebWorkerOpaqueOriginEnabled - Enable opaque origins for data URLs in Web Workers
• DefaultLocalFontsSetting - Default Local Fonts permission setting
• ForceForegroundPriorityForUrls - Force foreground priority for specific URLs
• LocalFontsAllowedForUrls - Allow Local Fonts permission on these sites
• LocalFontsBlockedForUrls - Block Local Fonts permission on these sites

Deprecated policies

• WalletDonationEnabled - Wallet Donation Enabled (deprecated)
• EdgeWalletEtreeEnabled - Edge Wallet E-Tree Enabled (deprecated)

Additional policy changes

• ForceForegroundPriorityForUrls - ForceForegroundPriorityForOrigins is renamed to ForceForegroundPriorityForUrls
• OnSecurityEventEnterpriseConnector - Add macOS platform support
• ProtectedContentIdentifiersAllowed - Remove macOS platform support

Note

For the latest web platform features and updates, see the Microsoft Edge 148 web platform release notes (May 2026).

Original source

Release Summary

Feature Updates

Browsing with Copilot Limited Public Preview is now open for admin signups in Microsoft Edge.

Fixes

Fixed various bugs and performance issues.

Security

Stable channel security updates are listed here.

Feature Updates

• Browsing with Copilot Public Preview now open for signups. We're excited to announce that the Limited Public Preview for browsing with Copilot in Edge for Business is now open for admin signups. Browsing with Copilot introduces agentic browsing to the enterprise, allowing Copilot to navigate websites, fill in information, and complete multi-step tasks on behalf of users. This helps employees offload repetitive browser work and move faster from information to action, all within a managed, secure environment. Admins can now request access to the preview in this form and start bringing Browsing with Copilot to their organization. For more information, see New in Edge for Business: AI for work, safe from day one - Microsoft Edge Blog.

Original source

Changes

afa7834 Updating dotnet package versions for 1.9 release (#6314)
c6951c2 Python: Add MCP-based skills discovery (McpSkillsSource) (#6169)
a982428 .NET: Bug fixes for AGUI hosting and workflows (#6311)
90a3e5d .NET: Add ILoggerFactory and IServiceProvider to HarnessAgent constructor (#6273) [ #6103 ]
49a6e43 Python: progressive tool exposure via FunctionInvocationContext (#6233) [ #3877 ]
6086a74 Python: Promote agent-framework-declarative package to RC (#6256)
fa8cfb7 Python: Fix FoundryAgent stripping model from PromptAgent requests (#5526) [ #5525 ]
6de4c24 .NET: Promote Workflows.Declarative packages to stable versions (#6254)
a5f355e Python: Fix OTLP HTTP base-endpoint losing /v1/{signal} auto-append (#5913)
0cf4892 .NET: Add Hosted-ToolboxMcpSkills sample (#6175)

See More

cdc4809 ci: harden Python test coverage workflow (#5982)
0432082 Python: Persist hosted MCP call/results as canonical mcp_call output (#6070)
05ebb96 fix: skip orphan anthropic thinking signatures (#5784)
c83a944 Fix open pr count check (#6255)
5d98bed Python: feat(bedrock): implement native structured output support via Converse API (#6052) [ #5966 ]
e0d0ad1 Python: feat(evals): Foundry Adaptive Evals integration (rubric-generation) (#6101)
f36096c Python: Fix core observability unsafe serialization of function-call arguments containing dataclass/framework objects (#6026) [ #5733 ]
03e14ca .NET: Update hosted agents (#6243)
b298113 .NET - Fix missing id on function_call_output in Foundry Hosting (#6246)
8091d05 Python: refresh dev dependencies and validate runtime bounds (#6238)
52a8045 Python: Add background agent support to harness agent (#6155)
78d175a Python: coalesce code interpreter history chunks (#5801)
b59a854 Fix integration test worker crashes in Azure Functions on Py3.13 (#4260)
8b0db48 Add community PR limit workflow (#6229)
5affc9c Python: Reorganize A2A samples and use package A2AExecutor (#6165)
edcc786 .NET: Preserve and propagate CreatedAt through workflows (#3930)
07a1e83 .NET: Forward Magentic participant replies to manager (#6156)
fa2a6af Bump Azure.AI.AgentServer.* packages and align Azure.Core/System.ClientModel (#6178)
11c8d89 .NET: Fix InvokeMcpTool approval path for declarative workflows (#6177)
6510d6e .NET: Quarantine flaky DevUI test (#6159)
dd9a4b6 Python: [A2A] Set message_id on AgentResponseUpdate for message-bearing paths (#6163) [ #5949 ]
e8ff541 Python: consolidate MCP reliability fixes (#6145)
d2d5384 Python: Add Mistral AI embedding client package (#5480)
1fccf16 feat: Remove [Experimental] tag from .NET Orchestrations (#6164)
8ed2159 .NET: Workflow Outputs Overhaul: Support Tagging, Filtering Agent Outputs (#6045)
b000a2c Python: Adding AgentFileStore and FileAccessProvider to support file access operations. (#6099)
0578f4c Backfill chat span request model if it's unknown and response model is avaliable (#6160)
e9a6063 Python A2A: Expose supported_protocol_bindings as configurable parameter (#6098) [ #6057 ]
d2f7993 .NET: feat: Update GroupChatManager semantics to match other Orchestration patterns (#6140)

This list of changes was auto generated.

Original source

Updates released between May 19, 2026, June 2, 2026

Microsoft 365 admin center

• Organizational Messages Usage‑based targeting is now generally available in the Microsoft 365 admin center! [Web]

  Organizational Messages now supports usage‑based targeting in addition to existing group‑based targeting capabilities. This enables admins to deliver Organizational Messages based on real user behavior and engagement patterns rather than static group membership.

  Roadmap ID: 503563

  Details:

  What changed: Admins can now target Organizational Messages using dynamic usage behaviors through Usage‑based targeting. This allows IT admins to drive Microsoft 365 Copilot adoption by reaching users based on actual product usage instead of relying only on pre‑configured groups or distribution lists. By leveraging dynamic, pre‑defined usage segments, admins can deliver timely and relevant guidance to the right users to improve awareness, engagement, and value realization from Copilot investments. The initial release includes two Action Segments focused on Copilot adoption:

  • Inactive Copilot Users for the past 28 days
  • Inactive Copilot Users in Teams for the past 30 days

  Why this matters:

  Business impact: Enables more precise and effective Copilot adoption campaigns by targeting users based on actual behavior, helping organizations improve engagement and maximize value from Copilot investments.

  Personal impact: Users receive more relevant and timely communications tailored to their usage patterns, helping them better discover and adopt Microsoft 365 Copilot capabilities.

• Organizational Messages now supports Email messages [Web]

  Organizational Messages in the Microsoft 365 Admin Center now supports email delivery in addition to other surfaces like the Windows Taskbar, Windows Spotlight, Windows Notification Center, and Teams Popovers. This gives admins another familiar communication channel while keeping messaging within one centralized workflow.

  Roadmap ID: 503562

  Details:

  What changed: Admins can now deliver Organizational Messages through email alongside existing OM surfaces including Windows Taskbar, Windows Spotlight, Windows Notification Center, and Teams Popovers. Adding email expands communication reach and simplifies change management workflows by reducing dependency on separate communication tools.

  The initial release includes 9 premade email templates available in 15 languages to help accelerate Microsoft 365 Copilot onboarding, awareness, and adoption:

  3 welcome email templates: Welcome to M365 Copilot, Welcome to Copilot Chat, and Welcome to Copilot Trial with onboarding guidance and helpful resources.

  6 weekly email templates for The Great M365 Copilot Journey, designed to increase awareness of Copilot features and capabilities and help users maximize the value of Copilot.

  A new insights tab dedicated to the Email surface is now available to help admins track and measure campaign engagement.

  Why: Adding email as a delivery surface helps organizations reach users through a familiar and widely used communication channel while enabling centralized campaign management within Organizational Messages.

  Try this:

  • Create an Organizational Message and select Email as the delivery method.
  • Use premade onboarding and adoption templates to accelerate Copilot rollout campaigns.
  • Leverage the weekly Great M365 Copilot Journey emails to drive continued Copilot engagement and feature awareness.
  • Monitor campaign effectiveness using the new Email insights tab.

  Why this matters:

  Business impact: Expands organizational communication reach, simplifies change communication workflows, and accelerates Microsoft 365 Copilot awareness, onboarding, and adoption through centralized campaign management.

  Personal impact: Helps users stay informed and adopt Microsoft 365 Copilot capabilities through timely onboarding guidance and engaging email experiences delivered in a familiar communication channel.

  Additional resources:

  Learn: Organizational messages in the Microsoft 365 admin center

Microsoft Copilot app

• Use Microsoft 365 Copilot in model‑driven apps (Work IQ) [Web]

  Users can now access Microsoft 365 Copilot directly inside model‑driven apps to get answers and take action without switching tools.

  Details:

  What changed: Copilot is now embedded in model‑driven apps, enabling users to ask questions, complete tasks, and access context‑aware insights.

  Why: Users lose time switching between apps and searching for information. Integrating Copilot reduces delays and improves task completion.

  Try this:

  • Ask Copilot to summarize a record or workflow.
  • Request help completing a task inside the app.
  • Use Copilot to find missing context before making a decision.

  Why this matters:

  Business impact: Improves app adoption and reduces operational friction.

  Personal impact: Helps users work faster with fewer interruptions.

  Additional resources:

  Learn: Add Microsoft 365 Copilot for app users in model-driven apps

Microsoft 365 Copilot Studio

• Add expected response for agent evaluation test cases [Web]

  Makers can now add expected responses to agent evaluation test cases manually or through file import.

  Details:

  What changed: Test cases now support expected responses and multiple grading methods, including Exact, Partial, Similarity, and Compare Meaning.

  Why: This helps makers evaluate agent quality more accurately and consistently.

  Try this:

  • Add expected responses to an existing test case.
  • Import a file containing multiple test cases.
  • Run an evaluation using different grading methods.

  Why this matters:

  Business impact: Improves agent reliability and testing accuracy.

  Personal impact: Makes it easier to validate agent behavior.

  Additional resources:

  Learn: Create a single response test set

Microsoft 365 Copilot Studio

• Grader Framework for Agent Evaluation [Web]

  The Grader Framework provides flexible evaluation options for agent responses using exact match, similarity, intent, and AI‑based metrics.

  Details:

  What changed: Makers can now use multiple grading approaches to evaluate agent performance with more transparency.

  Why: Different scenarios require different evaluation methods, and flexibility improves testing accuracy.

  Try this:

  • Evaluate an agent using similarity scoring.
  • Compare intent‑based grading with exact match.
  • Review detailed grading results to identify improvement areas.

  Why this matters:

  Business impact: Enhances quality assurance for AI agents.

  Personal impact: Helps makers understand how agents perform in real scenarios.

  Additional resources:

  Learn: Create a single response test set

Microsoft 365 Copilot extensibility

• Federated Copilot Connectors are now generally available [Web] 101838 Federated Copilot connectors are now generally available, enabling users to securely connect Microsoft 365 Copilot to supported third-party data sources and retrieve information in real time using the Model Context Protocol (MCP).

  Details:

  What changed: Federated Copilot connectors are now available across Microsoft 365 Chat, Researcher, and Agent Mode in Excel. Admins can discover, review, enable, disable, and manage Microsoft-published federated connectors from Microsoft Admin Center > Copilot > Connectors.

  Why: Organizations can extend Copilot with real-time access to external business data while maintaining centralized governance and administrative control.

  Try this:

  • Review available federated connectors in Microsoft Admin Center.
  • Use staged rollout to enable connectors for a subset of users or groups.
  • Evaluate connectors during the 7-day admin review period before end-user availability.
  • Disable connectors that do not align with organizational policies or compliance requirements.

  Why this matters:

  Business impact: Provides secure, governed access to external business data without requiring data ingestion, storage, or indexing in Microsoft 365.

  Personal impact: Users can connect approved third-party applications and access up-to-date information directly within Copilot experiences, helping them complete tasks more efficiently.

  Additional resources:

  Learn: Federated connectors overview

• Automate agent lifecycle management with policy-based rules [Windows, Web]

  Admins can now leverage rules to take large-scale agent management scenarios such as bulk installing first-party (1P) agents and reassigning ownerless agents to appropriate managers, enabling consistent governance and reducing operational overhead in enterprise environments.

  Roadmap ID: 481518

  Details:

  What changed: Admins can now use rules to manage two key scenarios: (1) bulk installation of first-party (1P) agents across all users in the organization, and (2) automatic reassignment of ownerless agents to the appropriate manager. Previously, these actions required manual intervention or scripting, making it difficult to manage at scale. With rules, these workflows can now be executed consistently and based on defined conditions.

  Why this matters:

  Business impact: Accelerates enterprise-wide agent adoption while ensuring every agent remains governed with a clear owner, reducing risk and operational gaps at scale.

  Personal impact: Eliminates manual effort for admins to deploy agents or track down ownership gaps, enabling more efficient and reliable management of agent environments.

Word

• Copilot can edit your document by default in Word [Web]

  The default chat experience with Copilot in Word now allows Copilot to directly edit your document. All changes made by Copilot are fully reviewable and reversible, and users can turn this experience off if needed

  Roadmap ID: 557673

  Details:

  What changed: Copilot is now able to edit documents by default in Word. This means Copilot can make direct edits to the document without requiring users to toggle editing on. Users can still turn this experience off if they prefer. All Copilot‑made changes remain trackable and reversible.

  Why: This update streamlines the editing workflow, reducing friction, and helping users complete writing tasks more efficiently.

  Try this:

  • Ask Copilot to rewrite a paragraph and watch the edits appear directly in the document.
  • Request formatting changes, such as adjusting headings or reorganizing sections.
  • Use Copilot to insert new content, then review the tracked changes.

  Why this matters:

  Business impact: Speeds up document creation and editing across teams.

  Personal impact: Makes writing and revising content more intuitive.

Original source

• Queues app on Teams mobile: This feature enables the "call queue management" feature on the go for you to stay connected and responsive. The Queues app on Mobile empowers on-the-go workers to manage customer engagements efficiently. Users can view queue status, opt in or out of queues, and access real-time metrics—all from their mobile device. With seamless integration, it ensures fast response, smooth call handling, and improved customer experience, anytime and anywhere.

• External Domains Anomalies Report: This feature, namely External Domains Anomalies Report helps admins proactively identify unusual or risky interactions with external organizations in Microsoft Teams. By analyzing communication trends and detecting sudden spikes, new domains, or abnormal engagement patterns, it provides early visibility into potential data-sharing or security risks. As external collaboration continues to grow, this report offers admins actionable insights to protect their tenants while maintaining productive cross-organization collaboration.

Original source

Welcome to the 1.123 release of Visual Studio Code. This release improves how you work with agents and the integrated browser.

• Larger context windows: Support for 1M context windows for Anthropic and OpenAI models.
• Session sync: Automatically sync your chat sessions across machines and search your coding history.
• Agents window: Open multiple agent sessions side-by-side to compare or review work in parallel.
• Research agent: Run deep research on a topic and get a thorough, well-cited Markdown report.
• Integrated browser updates: Favorite pages for quick access and more options to capture browser screenshots.

Make sure to join VS Code Live at Build 2026 on June 3!
Happy Coding!

Agents

Session sync and chronicle

Setting: chat.sessionSync.enabled

This setting is managed at the organization level. Contact your administrator to change it.

Your chat sessions now sync automatically to your GitHub account, giving you a personal, searchable history of your work across machines and workspaces.

Each session captures the conversation, the files you touched, repository context (repo, branch, timestamps), and any pull requests, issues, or commits referenced along the way.

With the new chronicle commands (/chronicle) in chat, you can put that history to work:

• Ask natural-language questions about past sessions
• Generate standup reports
• Get personalized productivity tips
• Search your coding history by topic, file, or PR

To enable session sync, turn on chat.sessionSync.enabled

This setting is managed at the organization level. Contact your administrator to change it.

. You can view the status of session sync in the Copilot status dashboard in the VS Code Status Bar.

For more details, see the Session Sync and Chronicle documentation.

Retry network-dependent commands in the sandbox

Setting: chat.agent.sandbox.retryWithAllowNetworkRequests

When a terminal command that is run by a local agent requires access to domains that are not configured as allowed domains, the command is automatically retried inside the sandbox with unrestricted network access. After that, if it still fails, it falls back to unsandboxed execution. This allows network-dependent operations such as git fetch to finish, while keeping filesystem protections in place.

Agents window (Preview)

The Agents window is a dedicated companion window optimized for exploring, iterating on, and reviewing agent sessions across projects and machines. This release, we focused on letting you work with multiple sessions side by side.

Multiple open sessions

You can now have more than one session open at the same time in the Agents window. In addition to the active session, open another session next to it by:

• Selecting Open to the Side in the context menu of a session in the sessions list.
• Dragging and dropping a session from the sessions list into the sessions view area.
• Holding Alt and selecting a session in the sessions list.

Even though multiple sessions can be visible at once, only one is the active session at any time. The Terminal, Files, and Changes views all operate on the currently active session, so switching the active session updates these views to reflect its state.

By default, selecting a session in the sessions list replaces the active session view with the selected one. To keep a session view from being replaced, pin it with the pin action in the top right of the view. Pinned session views are never replaced—selecting another session opens it in an unpinned view instead. If every session view is pinned, the selected session opens to the side.

Use the maximize action in the top right of a session view to expand it across all open session views, giving you a focused view of a single session without closing the others.

For more details, see the Agents window documentation.

Research agent (Preview)

Note: The research agent is currently in preview and available only in Copilot CLI (local) sessions in Insiders.

When you need to understand unfamiliar code, compare approaches, or learn how a library or API works, a quick chat answer isn't always enough. The research agent runs deep research on a topic and produces a thorough, well-cited Markdown report by gathering and synthesizing information from your codebase, relevant GitHub repositories, and the web.

The research agent is optimized for depth rather than speed and has read-only access, so it investigates and reports instead of changing your code. To run it, type /research followed by your topic in the chat input of a Copilot CLI (local) session.

For more details, see Run deep research with the research agent.

Language Models

1M context window for Anthropic and OpenAI models

VS Code now supports 1 million token context windows for compatible Anthropic and OpenAI models. This expanded context window enables you to work with significantly larger codebases and longer conversations without losing important context. The expanded context window is available when using supported models, such as Claude Opus 4.7 and GPT-5.5.

Note: Larger context windows may consume more tokens per interaction, which increases AI credits usage under usage-based billing.

Integrated Browser

Favorite pages

We've remodeled the address bar in the integrated browser into a more versatile experience where you can not only enter URLs but also favorite pages and easily access your favorites and open tabs.

To add a page to your favorites, select the star icon in the browser URL bar.

When you select the URL bar, you can see your list of favorite pages and open tabs.

More ways to capture screenshots

Setting: workbench.browser.experimentalUserTools.enabled

The previous release introduced Add Screenshot to Chat, which lets you attach a screenshot of the current browser viewport to chat as context. This is especially useful for UI-related tasks, such as debugging a layout issue.

This release, we added two related features:

• Add Area Screenshot to Chat: Take a screenshot of a rectangular area that you select, and add that screenshot as chat context.
• Add Full Page Screenshot to Chat (Experimental): Take a screenshot of the entire web page, even beyond what is shown in the current viewport, and add that screenshot as chat context. This experimental feature requires enabling the workbench.browser.experimentalUserTools.enabled setting.

Editor Experience

Delayed extension auto-updates

VS Code now applies a two-hour delay before automatically updating extensions to a newly published version. When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection against problematic or potentially compromised releases.

This never gets in your way, as you can still update any extension immediately at any time by using the Update button. While an update is waiting, the extension's details view explains why it hasn't updated yet and when the automatic update will happen.

Note: This delay does not apply to extensions from trusted publishers such as Microsoft, GitHub, and OpenAI. These extensions continue to update immediately.

Thank you

Contributions to our issue tracking:

• @gjsjohnmurray (John Murray)
• @RedCMD (RedCMD)
• @IllusionMH (Andrii Dieiev)
• @albertosantini (Alberto Santini)

Contributions to vscode:

• @aaronpowell (Aaron Powell): Add marketplace ref support for plugin marketplaces PR #317901
• @goingforstudying-ctrl: fix: add white-space: nowrap to browser-emulation-toolbar-label PR #318935
• @guomaggie: [Search Subagent] Handle context window limit exceeded error PR #316529
• @maruthang (Maruthan G): fix: combine URI flags to prevent Electron argument filtering on Windows PR #308150
• @oded-ist (Oded S): Fix read_cell_output incorrectly reporting all outputs as too large PR #318148
• @PenguinDOOM (Penguin): Fix BYOK invalid stateful marker retries PR #317292
• @rebornix (Peng Lyu): Add mobile multi-diff view PR #318081
• @SimonSiefke (Simon Siefke):
  • fix: memory leak extension actions PR #315054
  • fix: memory leak in ipc.electron.ts PR #317846
  • fix: memory leak in search results PR #282309
• @SLdragon (rentu): feat: add languageDiagnosticsService option for nes/inline completion provider PR #317678
• @Tyriar (Daniel Imms): fix: remove awaits inside Promise.race in shell integration test PR #319068

We really appreciate people trying our new features as soon as they are ready, so check back here often and learn what's new.

If you'd like to read release notes for previous VS Code versions, go to Updates on code.visualstudio.com.

Original source

What's Changed

• .NET: Persist ForeachExecutor iteration state across checkpoints by @peibekwe in #6051
• .NET: Remove responses experimental flag from FoundryAgent et.al. by @westey-m in #6121
• .NET: Add MCP-based skills support (skill-md type) by @semenshi in #6108
• .NET: [BREAKING] Remove Support for Code-Gen in Declarative Workflows by @peibekwe in #6095
• feat(a2a): add A2AAgentSession with reference_task_ids and input-required support by @giles17 in #5980
• .NET: Add Foundry Toolbox MCP skills discovery sample by @semenshi in #6134
• .NET: Fix render dupe and text input clear bugs, and improve guardrail error messaging by @westey-m in #6136
• .NET: Add missing projects to solution for release by @peibekwe in #6157
• .NET: Support ClaimsIdentity-based scoping of agent sessions by @lokitoth in #5696
• .NET: feat: Bring Handoff Orchestration to parity with Python by @lokitoth in #6138
• .NET: [Breaking] Refactor AgentFileSkillsSource for depth-based discovery and predicate filters by @semenshi in #6109
• .NET: Updating version for dotnet release 1.8.0 by @peibekwe in #6161

Full Changelog: dotnet-1.7.0...dotnet-1.8.0

Original source

What's Changed

• .NET: fix: populate MessageId from TaskStatusUpdateEvent in A2AAgent by @SergeyMenshykh in #6043
• .NET: Add Magentic Orchestration Sample by @Copilot in #5823
• .NET: Add MCP long-running task support for MCP client tools by @peibekwe in #5994
• .NET: HarnessConsole: Improve rendering perf / reduce flickering by @westey-m in #6014
• .NET: fix parallel tool call rendering in AGUI translation layer by @rogerbarreto in #6009
• .NET: Add Hosted-AgentSkills sample with Foundry Skills integration by @rogerbarreto in #6013
• .NET: [Breaking] Refactor AgentSkill API to async resource and script lookup by @SergeyMenshykh in #6030
• .NET: Adding shell tool project to release solution by @alliscode in #6092
• .NET: Updating version for dotnet release 1.7.0 by @alliscode in #6093

Full Changelog: dotnet-1.6.2...dotnet-1.7.0

Original source

What's Changed

• .NET: Add Executor RouteBuilder Unit Tests by @Copilot in #5824
• .NET: Harness console refactoring by @westey-m in #5811
• .NET: Add sample for invoking Foundry Toolbox tools from declarative workflows by @peibekwe in #5829
• .NET: Fix flaky InputWaiter_WaitForInputAsync_BlocksUntilSignaledAsync by @Copilot in #5835
• .NET: Add Workflow Builder Specialized Edge tests by @Copilot in #5826
• .NET: fix: allow naming handoff workflows by @he-yufeng in #5799
• .NET: Re-enable previously-flaky ObservabilityTests and WorkflowRunActivityStopTests by @Copilot in #5837
• .NET: Add Magentic E2E workflow coverage by @Copilot in #5833
• .NET: Add Hosted-MemoryAgent sample with isolation key plumbing (#5692) by @rogerbarreto in #5702
• .NET: add AgentSession StateBag edge case coverage by @challaravinath in #5838
• .NET: Fix bug in store-false helper to ensure addition rather than replacement by @westey-m in #5895
• .NET: Add observer for OpenAIWebSearch by @westey-m in #5894
• .NET: fix: avoid AGUI tool result message id collisions by @he-yufeng in #5800
• .NET: Adding default providers and tools to HarnessAgent by @westey-m in #5896
• .NET: Require TODO finish reason and rename SubAgents to BackgroundAgents by @westey-m in #5902
• .NET: Add otel file logging and switch samples to projects client with store=true by @westey-m in #5924
• .NET: Add ability to export/import sessions in harness console by @westey-m in #5920
• .NET: Bump Azure.AI.Projects to 2.1.0-beta.2 and add agent-endpoint AsAIAgent path by @rogerbarreto in #5899
• .NET: Delegate MCP ContentBlock to AIContent conversion to the MCP SDK by @peibekwe in #5903
• .NET: Harness Console: Add a factory option for creating custom sessions by @westey-m in #5951
• .NET: Harness code act skill sample by @westey-m in #5930
• .NET: Reduce re-rendering in harness console by @westey-m in #5953
• ci(python-setup): drop -U upgrade flag from uv sync by @eavanvalkenburg in #5961
• .NET: Add A2AAgentOptions and align A2AAgent constructors with ChatClientAgent pattern by @SergeyMenshykh in #5954
• CI: Pin third-party GitHub Actions to commit SHAs by @rogerbarreto in #5972
• .NET: Promote FoundryChatClient to public, add file/vector-store helpers and ToPromptAgentAsync converter by @rogerbarreto in #5940
• .NET: Add background agents support to HarnessAgent by @westey-m in #5977
• .NET: Add additional openai specific error observers and move them to openai project by @westey-m in #6004
• .NET: Add shell support to the HarnessAgent by @westey-m in #6005
• .NET: Surface x-ms-served-model header as ChatResponse.ModelId for Foundry agents by @rogerbarreto in #5979
• .NET: Fix declarative workflow regressions for hosted agents by @alliscode in #5905
• .NET: Updating versions for dotnet release 1.6.2 by @alliscode in #6019

Full Changelog: dotnet-1.6.1...dotnet-1.6.2

Original source

Today, Windows expands where Kerberos works—reducing the need for NT LAN Manager (NTLM) fallback with IAKerb and LocalKDC, coming to client and server public preview later this month for Windows Insiders in the Canary Channel. These capabilities extend Kerberos authentication to scenarios that previously required NTLM, helping organizations reduce their dependency on legacy protocols. For developers, this means more authentication flows can rely on modern, Kerberos-based identity (even in environments that previously required legacy protocols), reducing the need for application workarounds and helping ensure consistent behavior across managed and unmanaged environments.

With this release:

• IAKerb will be enabled by default
• LocalKDC will be disabled by default
• Both features will be configurable through registry keys

Note: For this public preview, configuration is exposed through registry settings so you can evaluate these capabilities in Insider environments. Management surfaces, such as Group Policies and MDM-based management, will be introduced as these capabilities mature.

Why this matters

For many organizations, moving away from NTLM is a security priority. But in practice, NTLM often remains in use because there are still real-world scenarios where traditional Kerberos cannot be used directly, such as:

• Devices that do not have direct line-of-sight to a domain controller
• Authentication flows involving local accounts
• Standalone or workgroup environments
• Network topologies where Kerberos reachability is limited

IAKerb and LocalKDC address many of these gaps (though not all) by extending Kerberos support, reducing reliance on NTLM fallback across customer environments.

What is IAKerb?

IAKerb (Initial and Pass-Through Authentication using Kerberos) enables Kerberos to work when the initiating device (Kerberos client) does not have direct connectivity to a domain controller. In a traditional Kerberos flow, the client must communicate directly with a domain controller to obtain the tickets needed for authentication. In some environments, that path is not available even though the client can still reach the target service. In those cases, IAKerb enables the target service to act as a proxy for the Kerberos exchange, allowing authentication to stay on a Kerberos-based path rather than falling back to NTLM.

This makes IAKerb especially useful in environments with:

• Network segmentation
• Restricted domain controller visibility
• Remote or cloud-connected access patterns
• Architectures where clients can reach services but not DCs directly

What is LocalKDC?

LocalKDC is a local Key Distribution Center implementation in Windows that enables Kerberos-based authentication for local account scenarios. Historically, local account authentication across machines has often depended on NTLM. LocalKDC helps close that gap by allowing Windows to use Kerberos semantics for local identity scenarios that would otherwise require legacy authentication. This is especially relevant for scenarios such as:

• Workgroup environments
• Standalone devices
• Local account access to remote resources
• Peer-to-peer or small-scale environments without domain infrastructure
• Administrative or file access scenarios where local identities are used

How these features fit together

IAKerb and LocalKDC address different but complementary gaps in Windows authentication, reducing reliance on NTLM across both enterprise and local identity scenarios.

• IAKerb is meant for enterprise and corporate environments, where domain credentials are used but Kerberos authentication cannot always complete because the client lacks direct line of sight to a domain controller. By allowing authentication to remain on a Kerberos-based path in these situations, IAKerb helps reduce NTLM usage for high-value corporate credentials. This is important because reducing the use of NTLM for enterprise credentials helps strengthen defenses against credential theft and relay-based attack paths, including forms of lateral movement that have historically relied on NTLM fallback.

• LocalKDC addresses a different class of scenarios: local and non-domain identities, including workgroup, standalone, and local account access patterns. In these cases, LocalKDC helps bring Kerberos-based protections to scenarios that traditionally depended on NTLM for local credentials.

Together, these capabilities extend Kerberos in two directions: domain-based enterprise credentials, and local and consumer-style account scenarios, further reducing the exposure to credential theft and relay-based attacks. This matters because, as part of a broader shift toward modern and enforced authentication, simply disabling older protocols is not enough. Organizations also need secure, reliable authentication that works consistently, without falling back to legacy protocols. These features help deliver that by providing modern, compatible alternatives that reflect how customers operate today.

Registry Configuration:

For this public preview, IAKerb and LocalKDC can be configured using registry settings under:

The supported values for this preview are:

• DisableIAKerb
• DisableLocalKDC

Set the value to:

• 0 to enable the feature
• 1 to disable the feature

Note: If a registry value is not present, Windows uses the default behavior for that release. In this preview, the defaults are:

• IAKerb: enabled by default (0)
• LocalKDC: disabled by default (1)

This gives you flexibility to evaluate the features in Insider environments while controlling rollout and validation according to your needs.

What you can do now

With this public preview, customers participating in the Canary Channel can test these capabilities in preview environments and validate the scenarios where NTLM is still commonly used. These features are designed to address important NTLM fallback scenarios but will not eliminate every remaining NTLM dependency in Windows environments; some scenarios may still require NTLM based on application behavior, infrastructure assumptions, or legacy dependencies. Our goal with this preview is to close some of the key gaps by extending Kerberos to more scenarios, while continuing broader work to reduce NTLM dependency across the platform over time. Once available, you can use this preview to help:

• Identify scenarios already covered by IAKerb or LocalKDC
• Validate those scenarios in controlled environments, and use the documented configuration options to control enablement during testing
• Understand where NTLM dependencies still remain using our enhanced NTLM Auditing
• Check for dependencies such as name resolution, SPN configuration, or legacy assumptions
• Prepare for future improvements that will address additional cases

We also recommend evaluating the following areas:

• Access to SMB shares
• Remote administration scenarios
• Environments with limited or no direct Domain Controller (DC) connectivity
• Workgroup or standalone device authentication
• Local account access patterns
• Scenarios being prepared for NTLM reduction or eventual NTLM blocking

This preview is an opportunity to validate application compatibility, infrastructure dependencies, and operational readiness before broader rollout decisions are made. Learn more about upcoming work in this space here: Advancing Windows security: Disabling NTLM by default - Windows IT Pro Blog.

Troubleshooting and Feedback

As you evaluate IAKerb and LocalKDC in preview environments, you may encounter scenarios where authentication behaves differently than expected. Windows provides built-in logging to help you understand what is happening and identify potential issues. These logs help you:

• Verify whether Kerberos authentication is being used
• Identify cases where IAKerb or LocalKDC is involved
• Detect failures or fallback conditions

You can also leverage NTLM operational logs to:

• Identify when NTLM is still being used
• Understand why fallback to NTLM is occurring
• Prioritize scenarios for further investigation

Reviewing these logs together can help you determine whether authentication is staying on a Kerberos path (via IAKerb or LocalKDC) or falling back to NTLM and why.

When to expect fallback behavior

Because this is a preview release, some scenarios may still fall back to NTLM due to:

• Application-specific dependencies
• Environmental configuration (e.g., name resolution or SPN issues)
• Interactions between domain accounts and local accounts on the same machine

IAKerb and LocalKDC are designed to address a subset of common NTLM fallback scenarios, and continued improvements are planned to expand coverage over time.

Share feedback and scenarios

If you encounter a scenario that does not behave as expected, or if you have a unique authentication flow you would like us to evaluate, we encourage you to contact us at [email protected].

Please include details such as:

• The scenario you are testing
• Expected vs. actual behavior
• Relevant event log entries (if available)

Your feedback is critical to helping us improve coverage and ensure these capabilities work reliably across real-world environments.

Securing today. Preparing for what’s next.

Security in Windows is built into the platform—continuously maintained and designed to evolve as threats change.

Learn more in the Windows Security book and Windows Server Security book or explore Windows 11, Windows Server, and Copilot+ PCs. For broader solutions, visit the Microsoft Security site, follow the Security blog, or connect with Microsoft Security on LinkedIn and @MSFTSecurity.

Original source

Microsoft Build 2026 marks a major shift in how developers build data experiences with AI agents. Today we're announcing two capabilities that bring agentic analytics to the forefront: Agent Skills for Power BI, which let developers prompt an AI agent to build and refine semantic models and reports, and Fabric Apps for Semantic Models, which enable AI agents to build and deploy Fabric-native web apps on semantic models. Both capabilities will accelerate the time it takes to go from raw data to a polished analytics solution with just natural language prompts.

Original source