#Elements December 2025

Release Date for the Commercial Environment: December 7, 2025

Release Date for the U.S. Government Environment: December 14, 2025

#General Updates

• The following pooled subscriptions are now available in Elements.

  • Azure security management - Capacity (SaaS Infrastructure)

  • Azure security management - Capacity (CAP Gateway)

  • Azure security management - Units (CAP Gateway)

  • Cloud Backup for IaaS + PaaS - Capacity (SaaS Infrastructure)

  • Cloud Backup for IaaS + PaaS - Capacity (CAP Gateway)

  • Cloud Backup for IaaS + PaaS - Units (CAP Gateway)

  • Insights for Google

• The Command Center now includes four tabs: Administration, Operation, Security, and Optimization. These provide a centralized view to monitor customer growth, subscription status, user and device metrics, workspace activity, security risks, and storage optimization, with export and service management options for streamlined oversight.

• Enhanced permission controls are now available for premium services, enabling precise access restrictions to specific features and ensuring only authorized users (including partners and customers’ end users) can utilize them.

• Elements is now available in the South Africa North (Johannesburg) and Qatar Central (Doha) data centers.

#What’s New in Azure Security Management?

• An Overview dashboard is now available to display data protection coverage by backup and provide detected issue insights for Azure resources.

• Backup and restore for Azure SQL databases and Azure DevOps are now supported.

• Azure security management now supports the CAP Gateway backup mode.

• Backup profiles can now be configured to define key settings for backup jobs such as schedule and retention policies.

#What’s New in Baseline Management?

• Baseline management is now accessible to 21Vianet customers.

• A wider range of configurations is now supported.

• You can now compare a tenant's current configurations against predefined baselines, view detailed discrepancies, and export reports before applying baselines to the tenant.

#What’s New in Workspace Management?

• You can now leave a URL stub in the original location after a document is archived and destroyed. When users click the URL stub, they can be redirected to choose whether to restore or download the document.

• App authentication for Workspace Management can now be completed directly from the Manage data security posture window, streamlining the onboarding process and eliminating the need for additional authentication when adding new services.

• Comments added by data owners when flagging issues for help are now visible in the Review flagged issue window.

#What’s New in User Management?

• When adding a new tenant, you can now designate the tenant type: a cloud tenant or a hybrid tenant, and for a hybrid tenant, you can choose to manage only local users or both local users and cloud users.

• For a hybrid tenant, if you choose to focus exclusively on local user management, Elements now will automatically exclude cloud users from dashboards and lists, streamlining user management in hybrid environments.

• Pre-defined OU paths are now integrated into AD name profiles, eliminating the need to select an OU when creating local users and groups.

• A monthly license budgeting option is now available when partners set license budget, offering greater flexibility in planning and managing customer license budgets.

• MFA status checks now recognize enforcement via conditional access policies, improving accuracy in security reporting.

• A new risk detection rule Unsafe link accesses is now available under the Network security category of the Security analysis report.

• The local user creation wizard has been optimized, offering a simplified step-by-step process with clearer guidance.

• You can now configure dynamic membership rules for Microsoft 365 Groups, security groups, and distribution groups. A Membership column has been added to the page to display the membership type.

• Contact groups can now be managed as local contact groups or cloud contact groups.

• When creating a mailbox or application group, you can now select the environment type: Microsoft 365 tenant or on-premises environment.

• The Source field is now available on the user details page to indicate the user type.

• The text label Sign-in blocked has now been replaced with a universally recognizable lock icon.

• You can now resend invitations to guest users who may not have received or accepted the initial invite.

• The Department, Job title, and Location fields are now available on the guest user details page.

#What’s New in Device Management?

• Apps of the Windows app (Win32) and Line-of-business app types can now be created and managed via the Device management service.

• The app package file can be updated directly from the App details page for apps of the Windows app (Win32) and Line-of-business app types, enabling users to manage and edit application information and settings directly.

#What’s New in Marketplace?

• A tenant-level marketplace dashboard is now available for tracking monthly costs, pending requests, license automation activities, top subscription costs, and subscription renewal/expiration calendars of a specific tenant.

#What’s New in Workflows?

• The Send notification email action is now available for the User security is scanned trigger.

• The Unsafe link access workflow is now supported for taking actions on users who have accessed unsafe link.

#What’s New in Microsoft CSP Integration?

• Microsoft CSP integration now supports the User and device management service, and you can choose a tenant type for each tenant after adding them to the User and device management service.

#What’s New in Functional Roles?

• When creating a functional role, you can now select the environment type: Microsoft 365 tenant or on-premises environment.

• Compliance policies can now be applied to functional roles.

• Intune apps can now be assigned to functional roles.

• Configuration profiles can now be assigned to functional roles.

• An Owners tab has been added to the functional role details page.