Medallia Experience Cloud 2026 H1 2 (e697) release notes
Released starting 22 April 2026
For software requirements for Web and Mobile users, and for survey takers, see System Requirements.
Notices
Changes that affect functionality.
Sign-in by username & password is blocked by default
After January 2027, use of the login form — even for existing accounts — will require multi-factor authentication (MFA). Clients wishing to opt out of the MFA enforcement must engage their Medallia Sales contact to execute an "Insecure User Access" addendum to your software agreement. Please do so before January 2027 to ensure no impact on your program.
Additionally and beginning with this release, all new and existing accounts with a role that includes the Do Anything permission require either single sign-on (SSO) or MFA.
Email feed deprecation
JQuery support in Surveys deprecation
$(dom-selector).action() may not function correctly and could cause custom HTML to render improperly. jQuery is not available in instances not already using it. Auto Importer and passwords deprecation
Release highlights
New or improved features
Admin Suite
Medallia Experience Cloud now has performance improvements for specific Ranker scenarios, particularly when ranking auto-indexed or unit fields with high volume of distinct values (triggers above 100k). The optimizations are enabled on customer instances gradually based on existing performance metrics. If you are experiencing slow rankers (above 30s) that meet this conditions contact your Medallia representative to see if enabling this optimization could improve the experience.
Conversations
Default Conversation Throttle now has an account-level safeguard that limits how many Conversations can be sent in a row to the same phone number within a configurable time window. This prevents infinite “ping-pong” loops with auto-responders or answering machines — reducing accidental spam, controlling costs, and protecting customer trust.
Conversations now ensures that invitation messages are not delivered outside of configured Availability windows or on blackout dates, even after system recovery or message queuing delays.
Emails
Email configuration now has independent configurations for From, DKIM, and Return-Path domains to support complex enterprise branding and security requirements. The Authentication validations for SPF, DKIM, and DMARC have been updated to align with these individual fields, alongside the new ability to manage BIMI selectors at the domain level. Further, the UI now displays example DNS values to help administrators coordinate record updates with their IT teams before provisioning.
Integrations
Connectors now detects and issues a warning message — "Audio files and metadata should be placed in separate folders to avoid performance issues." — when audio and metadata files are placed in the same directory. Using the same directory for both can result in performance degradation when the connector has to search through all files, so it is recommended to use separate directories. Note that this is a warning message only: you may still place both files in the same directory, but doing so is not recommended.
When reactivating a connector after a period of dormancy, the Connector pulls data starting from 2 hours prior to the reactivation. Previously, the Connector could pull in very old data. The new option "On activation pull historical data" can override this new behavior to allow the Connector to pull in very old data.
Users with "Manage Importers" permissions can now download a data dictionary for any Auto Importer via the Importers App in Admin Suite. For Auto Importers linked to an Experience Program, these specifications are also included in the "Export Documentation" file downloaded from the Program Summary page. Admins use these files to maintain client-facing data dictionaries without manual effort.
Reporting
K-fields configured as part of a segment filter are now hidden from the Control Panel when the field’s Slug Availability set to “Export-only” in Classic Setup. Previously the field was visible, but the filter was not functional.
The time remaining for an Alert to transition to its next state is now shown in days when it exceeds 48 hours in reporting. This enhancement makes time-lines easier to understand at a glance, helping teams quickly assess urgency, prioritize more effectively, and stay ahead of what matters most.
Automatic impact tracking is now available for Action Plans created from the following modules:
- Dial
- Dial with dynamic goal
- Big number
- Grouped dials
Scores Snapshot has these new features:
- Configure multiple segments in a single module
- Extend Metric heatmapping to a Benchmark column
- Configure an independent heatmap for deltas
Action Plans triggered from or linked to a module now automatically carry over the module's data, giving you a clear, over-time view of the metrics linked to your plan so you can see the exact impact.
Security
All new Medallia Experience Cloud instances have a single and unified Default Password Policy across all instances.
- The new default password policy requires a minimum of 15 characters AND it removes the additional complexity restrictions (like special characters or uppercase). This modern approach follows NIST guidelines which prioritizes length over complexity.
- All users without explicit assigned policy will now use the default policy. If the current user password does not match the default policy, the account will be locked and the user requested to change their password.
- When the new default policy is enabled for an instance, the templates will not be available. Instead, the default policy can be used to create a new custom Password Policy that can be applied to a role.
- The UI now clarifies the behavior to indicate that not selecting a "No" policy for a role actually uses the new default policy.
- The UI now allows you to add default values as suggestions when creating new password policy.
- The login screen now includes a contact notice when using multi-factor authentication (MFA).
Inbound SSO API now allows admins to configure single sign-on settings from a central integration point. Admins use this API to consistently manage secure single sign-on configuration in Medallia Experience Cloud.
- The Audit Framework API now supports additional filtering options and simplified request handling. Users can filter exports by event name, instance URL, and node ID. In addition, the tenantName parameter is now optional and is automatically derived from the access token when omitted. Access to the API continues to require the appropriate audit permissions.
Bring Your Own Key (BYOK) in Experience Cloud now supports RSA OAEP padding for Field Encryption and Tenant Key Configuration. Supported OAEP hash and MGF1 combinations include SHA-1, SHA-256, SHA-384, and SHA-512. Legacy PKCS#1 v1.5 padding remains supported.
Speech
Speech can now optionally enforce PGP for all files (audio and metadata). When enabled, all files must be encrypted with the Medallia Speech PGP key or they all will not be processed. When disabled (default), unencrypted files are processed. Contact your Medallia Representative to enable forced encryption.
Music Detection, a new optional Speech feature, detects background noise and speakers and reduces the likelihood that their speech will be transcribed as though they are a speaker on the call. This is useful for noisy contact center environments that have background music or speakers, which can lead to unhelpful transcriptions of singing or speaking. Note, this feature reduces the sensitivity of transcription which can result in some missed speech from the actual speakers on the call, so test it before using it in a production system. This feature is enabled via the Connectors UI or Speech API.
Surveys
An error page now informs and guides survey takers whose browsers have enabled strict tracking prevention settings. Survey takers accessing survey links with strict tracking prevention settings in browsers like Microsoft Edge or Mozilla Firefox may have trouble loading their survey. Strict tracking prevention settings are not enabled by default and are not recommended by browsers as they can impact the performance of web pages. The recommendation to survey takers is to try a different browser or to disable the strict tracking prevention settings.
Date fields in Ask Now conditions now support 'Before' and 'After' operators.
Survey Builder has two new configuration options for the Video/Audio question type:
Recording & uploading: Choose how survey takers record their video/audio:
- Allow Recording Only (default): record their video/audio in the moment
- Allow Uploading Only: upload a video/audio file
- Allow Recording and Uploading: allow both in-the-moment and upload Speak to your Medallia account team to understand valid use cases for enabling upload. Enabling Lewd Video Detection is highly recommended when uploading is enabled.
Rear-Facing camera by default for video feedback:
- Use front-facing camera by default: the video question uses the survey taker's front-facing camera for easier video feedback.
- Use the rear-facing camera by default: for use cases like product reviews and quality assurance checks, when one is detected (e.g., on mobile devices). Users always have the option to flip their camera from the default setting.
Restriction: This feature is not available on Medallia GovCloud. For more information, contact your Medallia representative.Surveys are now more accessible and have mobile usability of dropdown components (language selection and both standard and searchable variants), including better keyboard behavior with assistive technologies, more reliable focus and navigation, fixed application of Design Builder-defined settings, and more reliable mobile interaction when virtual keyboards are open.
These updates include internal structural and styling adjustments to dropdown rendering and behavior. As such, implementations that rely on dropdown internals (for example, custom CSS/HTML blocks targeting specific classes, DOM hierarchy) may require review and adjustment to avoid unintended regressions.
Resolved issues
Admin Suite
In Topics List Comments Preview Side Panel, pagination is now disabled when on last page.
In the standard topic builder, changing the topic set selection now correctly refreshes the topic dropdown selection in duplicate rules modal.
The tooltip is now visible in compound topics on the Close button.
On the standard topic page, switching the view now clears the search term state in [Word Groups, User Features, Segments].
When editing on the topic rule page, the captured comment count now correctly displays when reloading the browser page.
Typing spaces while searching for word groups no longer temporarily freezes the UI.
Reporting
Getting default comment fields now respects data view permissions.
In the Table and Dial views of reports, all records are correctly masked when below the minimum sample size.
When listing specific users to assign to a report in edit mode, the list order is now last name, first name, then user name. Previously it was only by user name.
In the Metric Comparison module, rounding mode is now respected in chart tool tips, percentages, and Excel export.
Text Analytics
Comments on imported records now default to "English" language to make them eligible for Text Analytics processing. Previously, comments without a mapped language or when language autodetection was disabled were not eligible.
Important: Administrators are strongly advised to map a language for all imported records, as other Medallia features require this. In a future release, Experience Cloud will require a language be mapped or language autodetection to be enabled as part of the configuration.
