Purview News & Roadmap
Auto-curated from the Microsoft 365 Roadmap, filtered for Purview-related updates.
Microsoft Purview: Insider Risk Management – Ability to create cases without content in IRM
Insider Risk Management is providing the ability to create a case without content. With this, we will introduce a new active case limit (2000). This new functionality will allow customers to create more cases particularly when content download is unnecessary. If a case is created without content download, content download can be initiated anytime the case is active pending available content download limits. There is no change to the active content download limit (100).
Microsoft Purview: Data Catalog – Advanced resource sets
Logical grouping of files with same schema and are under the same folder into a single file known as resource set. Using advanced resource set capability, customers can define pattern rules that will help group files based on custom patterns.
Microsoft Purview: Role Group changes in Purview
We are introducing a new Microsoft Purview RBAC role—Purview Agent Deployment—and adding it to various existing built in role groups used by analysts and admins across Purview. This change enables users who use built-in role analyst groups to deploy Security Copilot Agents in Purview without needing any additional roles. If your organization prefers to limit agent deployment permissions, you can create a custom role group that does not include the Purview Agent Deployment role and assign that custom role group to analysts who should not be able to deploy agents. This update does not change default data access or expand visibility into customer content. All other permissions within each role group remain unchanged. Analysts who are assigned to custom role groups will not be able to deploy agents unless the Purview Agent Deployment role is explicitly added to those custom groups. We recommend reviewing and updating your organization’s RBAC documentation, internal processes, or onboarding guides to reflect these change We recommend reviewing and updating your organization’s RBAC documentation, internal processes, or onboarding guides to reflect these changes.
Microsoft Purview: Information Protection-Content Explorer – Enhanced Tag (SIT, Labels) Filter at UI Layer
Introduces enhanced controls in Content Explorer’s UI, enabling scoped visibility and filtering of SIT and label data. This will help with content discoverability and governance.
Microsoft Purview: Data Security Posture Management for AI: Fabric integration in Data Risk Assessment
Within Purview's Data Security Posture Management (preview), Data Risk Assessment now supports scanning all Fabric workspaces for potentially overshared Fabric data (dashboards, reports, etc.). The new Fabric tab in Data Risk Assessment allows users to view default assessment results, create custom assessments for scoped Fabric workspaces, and take proactive actions to secure your Fabric data.
Microsoft Purview: Endpoint Data Loss Prevention- Source context based file protection for Endpoint
Protect file based on the website the file is downloaded or the app the file is created.
Microsoft Purview: Endpoint Data Loss Prevention- Show customized message or hyperlink for multiple file toast
With this feature when multiple files are involved in a DLP enforcement action, the policy tip will now show multiple files and their respective status.
Microsoft Purview: eDiscovery-Tenant level process report
The tenant‑level process report provides eDiscovery administrators and managers with a centralized view of eDiscovery processes running across cases in the tenant—or across the cases they have access to. It surfaces key details such as process type, status, duration, timestamps, and who initiated each process, enabling better operational oversight, faster issue triage, and clearer end‑to‑end visibility into eDiscovery activity.
Microsoft Purview: Endpoint Data Loss Prevention- Logged-in user details on the Purview device onboarding page
This update introduces logged-in user details (user email) on the device onboarding page for Windows devices bringing it in line with the experience for MacOS devices. Admins can now see which user is currently signed in on a device, making It faster to confirm ownership and troubleshoot issues.
Microsoft Purview: Data Loss Prevention- Adaptive Scopes for DLP for SharePoint
Adaptive Scope for SharePoint is a dynamic scoping capability in Microsoft Purview DLP that allows administrators to automatically target DLP policies to the right sites based on attributes such as site URL, site name, or custom site metadata. Unlike static scoping, which requires manually listing sites and maintaining them over time, adaptive scopes continuously evaluate site properties and auto‑include or exclude locations as they evolve. This enables scalable policy deployment, eliminates the 100‑site static policy limit, and delivers granular, and automated targeting.
Microsoft Purview: Data Loss Prevention- Additional Diagnostics for Data Loss Prevention and Information Protection
The below diagnostics will help users understand which sensitive information exist in their document and what labels applied and what policies have been triggered: DLP SharePoint Diagnostics DLP EXO Diagnostics Auto labeling diagnostics for SPO/ODB
Microsoft Purview: Insider Risk Management- Insider risk management for agents
As AI agents become deeply embedded in enterprise ecosystems, they are evolving beyond simple tools or workflows into a digital workforce. These agents can interpret intent, access and manipulate enterprise data, execute actions and even make real-time decisions. In many ways, they operate like human insiders only with machine-speed data processing capabilities. To govern and protect these agents effectively, Microsoft Purview Insider Risk Management is being expanded to agents, with specific indicators and insider risk score built for agents based on agentic activities.
Microsoft Purview: Information Protection-Email attachment Preview in Activity Explorer
We're enhancing Activity Explorer to provide greater visibility into sensitive data flagged in Exchange Online. Previously, only the message body was viewable, which limited insight into flagged content. With this update, admins will be able to preview email attachments directly within Activity Explorer—without needing to download the email.
Microsoft Purview: Endpoint DLP - Enhanced content extraction and file type coverage for DLP on Mac devices
With this release, the file type coverage to scan, classify and protect sensitive content on Mac devices with
Microsoft Purview: Data Lifecycle Management-Auto-Archive for Exchange Online
A new capability called Auto-Archiving for Exchange Online will enter public preview in November 2025 (currently under private preview for selected customers). When a user's mailbox utilization exceeds 95% of its quota and archive mailbox is present, this feature automatically moves the oldest items excluding those tagged with “Never Move to Archive” from the primary mailbox to the archive mailbox to prevent mail flow disruptions by keeping usage below the safe threshold of 95% of mailbox quota.
Microsoft Purview: Insider Risk Management-New quick policies to detect data theft from Microsoft Fabric & non-Microsoft 365 data sources
We are adding to Insider Risk Management a pre-configured quick policy template to detect data theft from Microsoft Fabric and non-Microsoft 365 data sources like Box, Dropbox, Google Drive, Azure and Amazon Web Services (AWS). This will enable admins to create scenario-specific policies, with little configurations needed, to get started faster. All scenario based quick policies can be found in the Policies page > Create Policies. Additional tuning post deployment to meet individual alert volume needs can be expected.
Microsoft Purview: Insider Risk Management-New Microsoft Fabric lakehouse risk indicators
With this update, Insider Risk Management extends its risk-detection capabilities to Microsoft Fabric lakehouses (in addition to Power BI which is supported today) by offering ready-to-use risk indicators based on user activities in Fabric lakehouses. Organizations can use these new indicators in data theft and data leaks policies.
Microsoft Purview: Data Security Investigations-Introducing new purge mitigation action
A new Data Security Investigations (DSI) mitigation action, purge, is now available to help admins quickly and efficiently delete sensitive or overshared content during investigations, within the product UX. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
Microsoft Purview: Data Loss Prevention-Alert Classification Property for DLP Alerts on Purview Portal
This feature introduces the ability to classify DLP alerts directly in the Purview portal. In addition to assigning a status, customers can now categorize alerts as True Positive, False Positive, or Benign Positive. This capability helps security teams better organize, track, and manage alerts, enabling more accurate reporting and efficient incident handling.
Microsoft Purview: Data Security Posture Management-Data Security Posture Agent in DSPM
The Data Security Posture Agent is designed to expand the capacity of data security admins as they proactively work to stay on top of a dynamic data and risk landscape within their organization. Its primary job is to help discover sensitive data across your data estate. This agent is designed to analyze and search documents, emails, and messages that match the natural-language discovery intent requested by the user and assess associated risks. By moving beyond traditional keyword and information-type analysis and harnessing the power of LLMs, this agent enables organizations to identify risks based on the actual purpose and context of the content and take appropriate action.
Microsoft Purview: Endpoint Data Loss Prevention-Endpoint DLP Device Status API
Provides access to the same device health details currently available through the export function on the device onboarding page. With the new device status API, customers can pull device-level information directly into their own BI tools, dashboards, and workflows, eliminating manual exports and making it easier to automate reporting at scale.
Microsoft Purview: Insider Risk Management-Insider risk management for agents
As AI agents become deeply embedded in enterprise ecosystems, they are evolving beyond simple tools or workflows into a digital workforce. These agents can interpret intent, access and manipulate enterprise data, execute actions and even make real-time decisions. In many ways, they operate like human insiders only with machine-speed data processing capabilities. To govern and protect these agents effectively, Microsoft Purview Insider Risk Management is being expanded to agents, with specific indicators and insider risk score built for agents based on agentic activities.
Microsoft Purview: Data Loss Prevention-Data Security Triage Agent in Data Loss Prevention
The Data Security Triage Agent creates an agent-managed alert queue that identifies and prioritizes the DLP and IRM alerts that pose the greatest risk to your organization. It delivers a summary and clear explanation for why each alert was prioritized, helping analysts focus on what matters most. For this GA release, we’re introducing expanded coverage (which also includes Endpoint DLP alerts as well as alerts that leverage Custom SITs (Sensitive Information Types)) and support for Entra Agent ID.
Microsoft Purview: Data Security Posture Agent is now available in preview
The Data Security Posture Agent is designed to expand the capacity of data security admins as they proactively work to stay on top of a dynamic data and risk landscape within their organization. Its primary job is to help discover sensitive data across your data estate. This agent is designed to analyze and search documents, emails, and messages that match the natural-language discovery intent requested by the user and assess associated risks. By moving beyond traditional keyword and information-type analysis and harnessing the power of LLMs, this agent enables organizations to identify risks based on the actual purpose and context of the content and take appropriate action.
Microsoft Purview: Data Security Triage agent in DLP is generally available worldwide
The Data Security Triage Agent creates an agent-managed alert queue that identifies and prioritizes the DLP and IRM alerts that pose the greatest risk to your organization. It delivers a summary and clear explanation for why each alert was prioritized, helping analysts focus on what matters most. For this GA release, we’re introducing expanded coverage (which also includes Endpoint DLP alerts as well as alerts that leverage Custom SITs (Sensitive Information Types)) and support for Entra Agent ID.
Microsoft Purview: DSPM data risk assessments: item-level investigation & remediation
Microsoft Purview Data risk assessments now support item-level investigation and remediation of SharePoint data. New insights like sensitivity label and sharing link information help users identify items at risk of oversharing. Users are empowered to remediate overshared items by resolving, notifying, applying a sensitivity label, or removing sharing links for selected item(s). This helps organizations proactively reduce data exposure, strengthen compliance posture, and ensure sensitive data are only accessible to the right people.
Microsoft Purview: Data Loss Prevention-UX improvements to the DLP Alerts in Purview Portal
We’re excited to announce UX improvements to the DLP Alerts Portal in Purview to help you triage incidents faster and more efficiently. What’s New: 1. Unified View: Events related to each alert are now available directly on the alerts page — no need to switch to new tab or drill down. 2. Faster Access: Access event details (e.g. Impacted assets) with just 1 click on the main alerts page itself, compared to 4 clicks earlier, reducing triage time significantly. 3. Enhanced Context: We've added 4 new columns - Location, DLP Rule name, DLP Policy name, Rule Action to display key alert and event attributes upfront — giving you more visibility at a glance. 4. Performance Boost: Cache improvements to ensure faster load times and a smoother experience. These updates are designed to streamline your workflow, reduce response times, and give you the context you need — all in a single, efficient view.
Microsoft Purview: Data Loss Prevention-User based alert aggregation
User-Based Aggregation consolidates DLP alerts by user identity i.e. a DLP rule violations, in a specified aggregation time window, of the same rule and single user will be aggregated into a single alert enabling quicker triage and remediation. Instead of reviewing alerts containing rule match events of multiple users, DLP admin can now analyze grouped DLP rule match events per user, gaining insights into repeated policy violations and anomalous behavior.
Microsoft Purview: Azure AI Foundry integration with Microsoft Purview for AI
Purview enablement in AI Foundry, allows Foundry admins to activate Microsoft Purview on their subscription. Once enabled, AI interaction data from all apps and agents flows into Purview for centralized compliance, governance, and posture management of AI data.
Microsoft Purview: Data Lifecycle Management-New cmdlet to remove retention from inactive mailboxes
Today, there is not a way to remove retention policies or labels (called a hold in Exchange) from items in inactive mailboxes in bulk. Now we are introducing a PowerShell cmdlet that enables retention policies or labels to be removed in bulk from these items. This removal will not affect legal holds.
Microsoft Purview: Compliance Manager-Purview Compliance Manager integration with Microsoft Foundry for automated mapping of AI regulations and evaluation of Compliance controls for Foundry Agents
This feature in Purview Compliance Manager shall enable customers to automatically access the compliance posture of Agents created in AI Foundry. Customers can map Agents being created in AI Foundry to compliance regulations and assessments in Purview Compliance Manager and get to know the compliance status and improvement actions to be innovative and compliant.
Microsoft Purview: Communication Compliance- Alert improvements
Communication Compliance is improving the capabilities and customization of policy alerts. Admins will be able to customize the alert frequency per policy as well as adjust the email alerts frequency and recipients within the policy creation wizard.
Microsoft Purview: Purview SDK embedded in Agent Framework SDK
Purview SDK embedded in Agent Framework SDK enables developers to seamlessly integrate enterprise-grade security, compliance, and governance into the AI agents they build. This integration enables automatic classification and protection of sensitive data, prevents data leaks and oversharing, and provides visibility and control for regulatory compliance—empowering organizations to confidently and securely adopt AI agents in complex environments.
Microsoft Purview: Information Protection-Email attachment Preview in Activity Explorer
We're enhancing Activity Explorer to provide greater visibility into sensitive data flagged in Exchange Online. Previously, only the message body was viewable, which limited insight into flagged content. With this update, admins will be able to preview email attachments directly within Activity Explorer—without needing to download the email.
Microsoft Purview: Information Protection-Azure AI Search honors Purview labels and policies
Azure AI Search now ingests Microsoft Purview sensitivity labels and enforces corresponding protection policies through built-in indexers (SharePoint, OneLake, Azure Blob, ADLS Gen2). This enables secure, policy-aligned search over enterprise data, enabling agentic RAG scenarios where only authorized documents are returned or sent to LLMs, preventing data oversharing and aligning with enterprise data protection standards.
Microsoft Purview: New Microsoft Purview Data Security Posture Management Experience
At Ignite, Microsoft is introducing a major evolution of Purview Data Security Posture Management (DSPM) to help organizations strengthen data security and confidently embrace AI. The new DSPM experience unifies visibility and control across traditional data and AI-driven environments, delivering outcome-based guided workflows that turn insights into actionable steps—so teams can prioritize risks and remediate faster. It brings AI observability, enhanced posture reporting, and intelligent Security Copilot agents to automate tasks like triage and policy management. Plus, Purview now extends coverage beyond Microsoft data with third-party signals from partners like BigID, Cyera, OneTrust, and Varonis, giving security teams a single, streamlined view of sensitive data across clouds and platforms. Together, these innovations make DSPM the central hub for managing data security posture in the era of AI. We are also extending Data Risk Assessments to Fabric and to item-level analysis with new remediation actions like bulk disabling of overshared SharePoint links.
Microsoft Purview: Data Loss Prevention- Admin units support for SharePoint Online
Delegate management and remediation authority for different people in different regions or organization units with role-based access control (RBAC). For example, German investigators should be able to investigate alerts and audit events for only German users. This update extends support to SharePoint for Microsoft 365.
Microsoft Purview: DSPM data risk assessments: item-level investigation & remediation
Microsoft Purview Data risk assessments now support item-level investigation and remediation of SharePoint data. Item-level insights like sensitivity label and sharing links created help users identify potentially overshared items. Users are empowered to remediate overshared items by resolving, notifying, applying a sensitivity label, or removing sharing links for selected item(s). This helps organizations proactively reduce data exposure, strengthen compliance posture, and ensure sensitive data are only accessible to the right people.
Microsoft Purview: Data Security Investigations – Introducing integration with Data Security Posture Management and deepening integration with Defender XDR, Insider Risk Management
Data Security Investigations (DSI) insights are now being incorporated into Data Security Posture Management to support the prevention of sensitive content exfiltration. Additionally, DSI integrations with Defender XDR and Insider Risk Management are being enhanced, reflecting customer feedback received during the Public Preview phase.
Microsoft Purview: Data Loss Prevention- Show remote machine information on File Copy to Remote Desktop
Admin should be able to see destination machine information when end-user copy a sensitive file to a remote machine through RDP.
Microsoft Purview: Data Loss Prevention- Actionable Email Notifications for Enhanced Incident Remediation
Microsoft Purview Data Loss Prevention end-user email notification is getting advanced incident remediation capabilities: actionable email notifications. This new feature allows end users to take remediation actions directly from their mailbox, streamlining the remediation process. The end users will be able take remediation actions on files on OneDrive and SharePoint that caused a policy match. Key actions now available in our email notifications include - stop sharing file, delete file, apply label, override the policy, report false positive and unable to take action.
Microsoft Purview: Endpoint Data Loss Prevention- Mac device and device group-based policy scoping support for Endpoint DLP
Currently you can create Purview Endpoint DLP policy and assign to specific users or user groups. This feature will allow you to create and assign policy based on both users and machines. You can use this feature to achieve different policies for same user on different Mac devices.
Microsoft Purview: Endpoint Data Loss Prevention- Show customized message or hyperlink for multiple file toast
With this feature when multiple files are involved in a DLP enforcement action, the policy tip will now show multiple files and their respective status.
Microsoft Purview: Insider Risk Management-Priority content support for Risky AI usage
With this update, Risky AI usage policy template will support priority content. Customers can define Sensitive Info Types (SITs), Trainable Classifiers, Sensitivity Labels as priority content, and get alerted only when the activity matches the selected priority content.
Microsoft Purview: Information Protection- New Summary Metrics in Content Explorer for Unscanned Files and Classification History Details
Enhance Content Explorer by introducing new summary metrics that provide better visibility into scanning and classification activities. This update will include: 1. Unscanned Files Summary Displays the count and percentage of files that have not been scanned for classification, helping admins identify gaps and take corrective action. 2. Classification History Insights Shows trends and details of classification changes over time, helping admins to discover the stale data in their organization
Microsoft Purview: Compliance Manager - AI Powered Regulatory Templates
This feature in Purview Compliance Manager shall enable customers to convert complex regulations from PDF documents to actionable controls and actions in multi cloud environment. Customers can use the converted regulatory templates to create assessments and identify compliance gaps, understand and implement controls to improve their compliance posture.
Microsoft Purview: Endpoint Data Loss Prevention- Always-on diagnostics for Windows endpoints (Phase 1)
This feature release ‘Always-on diagnostics’, captures critical diagnostic data from onboarded endpoint devices running on Windows OS for EDLP issue reporting. Comprehensive trace logs will be automatically recorded and stored locally on the devices, eliminating the need to reproduce issues when submitting investigation requests to Microsoft. It allows for the collection of detailed traces over extended periods (up to 90 days). While raising tickets to submit investigation requests to Microsoft regarding Microsoft Endpoint DLP, customers can share enhanced diagnostic information with Microsoft without needing to reproduce the exact scenario.
Microsoft Purview: Purview Information Protection | Classifier Simulation Mode (Health Monitoring)
Microsoft Purview introduces the Classifier Simulation Mode, the first phase of the broader Classifier Health Monitoring Platform. This capability enables you to test, analyze, and optimize custom classifiers on production data before publishing them, hence offering a reliable means of verifying the effectiveness of classifiers before committing them to live environments. Custom classifiers are powerful tools but can sometimes include inefficient regex patterns or overly broad logic, leading to Noisy classifier due to high matches, False positives and High scanning latency Simulation Mode mitigates these risks by allowing you to validate classifier quality and performance before publishing, helping ensure healthy, performant, and more precise classification outcomes.
Microsoft Purview compliance portal: Purview in Microsoft Admin Center
AI and IT admins in Microsoft Admin Center can 1) gain visibility around oversharing risks and drive remediations 2) Understand how much of sensitive copilot interactions are protected and turn on Purview DLP for M365 Copilot right from there. Enables secure adoption of Copilot.
Get weekly Purview updates
Roadmap changes, new features, and practical commentary. Delivered weekly.