The Message Center in Microsoft 365 is your organization’s window into upcoming feature releases, deprecations, policy updates, and service-impacting changes.
Microsoft use the Message Centre to give announcements across Microsoft 365, delivers them in a centralised feed, and lets admins stay ahead of changes that matter most to end users.
Many organisations are diligently reviewing their messages, not realising there are some messages they can't see, with no indication they are there.
Unknown to most, there is a specific type of Message Centre item that is hidden from the majority of administrators due to its sensitive nature. These restricted messages are only visible to users with the Global Administrator role or those assigned the Message Center Privacy Reader role.
Restricted messages typically deal with sensitive organizational data, user privacy, or regulatory commitments.
Microsoft gates visibility of these messages to ensure that only those with Global Administrator or Message Center Privacy Reader role can review and act on this information.
For instance:
Data Privacy Notices explain changes to Microsoft’s handling of customer data, updates to audit features, or new tools for GDPR compliance. These are visible only to global admins and privacy readers because they relate to data flows and legal obligations.
Customer Lockbox Requests require an admin’s approval before Microsoft support engineers can access tenant data. Notifications about these requests are reserved strictly for global admins to prevent unauthorized access.
Compliance and Security Updates, such as the rollout of new sensitivity labels or retention policies, may be marked as “admin impact” or “data privacy,” and shown only to authorized roles. These updates influence classification and data governance practices across the tenant.
Copilot and AI Data Handling Notices have emerged more recently as Microsoft expands AI services. Notifications about what content AI tools can access, exclusions from training, and privacy boundaries are often restricted for review by compliance stakeholders.
Microsoft 365 uses Azure Active Directory roles to gate keep visibility in the Message Center. Here’s a breakdown:
| Role | Access Level | Example Visibility |
|---|---|---|
| Global Administrator | Full | All message types, including GDPR notices and phishing alerts, data privacy updates, compliance changes, security advisories |
| Message Center Privacy Reader | High (privacy-sensitive) | All message types, including GDPR notices and phishing alerts, data privacy updates, compliance changes, security advisories |
| Message Center Reader | Standard | Feature roll-outs, deprecation notices, admin action reminders |
| Custom Roles (with specific privileges) | Variable | Tailored based on assigned message center privileges |
Message Center permissions can be changed on a user-by-user basis. The instructions below detail how to amend these privileges.
These changes take effect almost immediately. After the update, your selected admins will see the revised set of messages in the Microsoft 365 admin center.
ChangePilot is a change management workflow tool providing concise summaries, additional context, and an operational workflow to help organisations efficiently manage the evergreen nature of Microsoft 365.
When tenant-connection is enabled, ChangePilot collects each tenant's unique Message Center (read-only).
When it comes to restricted items, the Microsoft Graph API skeleton metadata includes category, published date, and a redacted summary
Below is an example of how restricted messages are displayed when delivered to an environment via ChangePilot Pro:
Message Title: Microsoft Forms Phishing Notification
Services: Exchange
Summary:
ChangePilot will alert in Microsoft Teams when high-impact notices arrive and mark the item as high admin impact for the customer team to review. Your organization still controls who sees sensitive full details in the admin center.
To try ChangePilot, free, for six weeks, you can sign up for a trial. Or, to understand how you can supercharge your Microsoft 365 change management process, contact us for a demo of ChangePilot Pro.