Hi everyone, we use Cloud O365 and there is something related to security, where we have the cloud update without even our acceptation and we follow Microsoft massaging center just to be updated about the changes that Microsoft makes but we don't have the control for these kind of things.
See the massage that they sent for Microsoft to do update.
"In MC215678 (June 2020), we announced that Microsoft To Do would support list sharing between personal Microsoft accounts and work or school accounts. We paused the rollout to incorporate your feedback. We are pleased to announce we are moving forward with this feature.
Once available, this feature will be enabled by default if you have not customized the setting for your tenant."
As a security perspective sharing personal account with work account is not recommended and most of companies will not turn that on. They don't even classify their updates (regular update, emergency update, new feature ...ext.)
my question is what should i do?, is there any policy that could control these kind of things or should we have a written policy or procedure for it?
That's the reality of the cloud - you lose control. Keep an eye on the message center, roadmap, blogs, etc and stay informed on what Microsoft is doing. Then pray that they actually release some way to control new features, as often times they do not :)