Purview News & Roadmap
Auto-curated from the Microsoft 365 Roadmap, filtered for Purview-related updates.
Microsoft Purview: Data Security Investigations – Introducing new personal data examination
Data Security Investigations (DSI) is introducing a new examination focus area concentrated on identifying personal data. The personal data examination will identify and extract various types of personal data from the selected items including but not limited to, names, addresses, bank account numbers, and more. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
Microsoft Purview: Data Loss Prevention – Reduce policy sync status SLA on the Purview UI from 2 hours to 30 mins
Admin should be able to see the Endpoint DLP policy sync status on the Purview portal within 30 mins.
Microsoft Purview: Endpoint Data Loss Prevention - Device Health Reporting Dashboard
This dashboard will allow admins to view the device health across all their devices to ensure the system is healthy and ready to receive policy updates and quickly identify devices that are not ready.
Microsoft Purview: Data Lifecycle Management - DLM Retention support Microsoft Teams call logs
Microsoft Teams stores call logs in several persistent locations, such as CDR logs. Currently, these logs are retained indefinitely. However, regulatory requirements in various countries specify maximum retention periods for calling-related logs. This discrepancy creates a compliance gap, as the existing retention practices may not meet regulatory obligations. Additionally, tenant administrators may prefer to retain data for longer periods to improve the user experience. Therefore, this solution would help organizations ensure that Microsoft Teams remains compliant with regulatory mandates while also supporting evolving product features and business needs.
Microsoft Purview: File Creation/Modification conditions in DLP for Sharepoint/OneDrive and AutoLabelling
File Creation and File Modification conditions in Microsoft Purview DLP for SharePoint and OneDrive and AutoLabelling will give organizations more precise control over DLP policy definition. These conditions allow admins to configure policies based on when the files were created or last modified, enabling policies that target newly created documents, recently edited files, or older content that may require stricter governance. With these new date-based predicates, Purview DLP delivers stronger lifecycle-aware protection, improved policy accuracy, and greater flexibility in securing data across SPOD.
Microsoft Purview: Data Lifecycle Management - Power Automate integration with records management
Initiate a Power Automate workflow when the item reaches the end of its retention period. For example, execute a complex disposition approval process or move the file to an archive.
Microsoft Purview: Endpoint Data Loss Prevention - Logged-in user details on the Purview device onboarding page
This update introduces logged-in user details (user email) on the device onboarding page for Windows devices bringing it in line with the experience for MacOS devices. Admins can now see which user is currently signed in on a device, making It faster to confirm ownership and troubleshoot issues.
Microsoft Purview: Endpoint Data Loss Prevention - Endpoint DLP Device Status API
Provides access to the same device health details currently available through the export function on the device onboarding page. With the new device status API, customers can pull device-level information directly into their own BI tools, dashboards, and workflows, eliminating manual exports and making it easier to automate reporting at scale.
Microsoft Purview: Data Loss Prevention - Unmanaged cloud app discovery and protection with Microsoft Purview and Palo Alto Prisma Access
Microsoft Purview network data security now integrates with Palo Alto Prisma Access, extending discovery and protection to network traffic. With this integration, new and existing Palo Alto Prisma Access customers can configure Microsoft Purview collection and data loss prevention policies to discover and protect sensitive data shared with unmanaged cloud apps via HTTP/HTTPS, using the same classifiers, sensitive information types, and sensitivity labels used in other Purview policies. This integration further enriches Purview Data Security Posture Management (DSPM), Insider Risk Management (IRM), enables data security & compliance for AI interactions, and more.
Microsoft Purview: Information Protection - Sensitivity label support in Engage
Organizations can now manually apply Purview Information Protection sensitivity labels in Engage. Allowing admins to create labels and configure label publishing policies to determine which users and groups can manually label content in Engage communities. End users in Engage will be able to then manually apply labels to communities and in turn classify and protect their sensitive data via privacy and external user access controls.
Microsoft Purview: Data Loss Prevention - Data Security Triage Agent summaries and categorizations for DLP alerts will be made available in DLP Alerts in Microsoft Defender XDR
Data Security Triage Agent summaries and categorizations for DLP alerts will be made available in DLP Alerts in Microsoft Defender XDR.
Microsoft Purview: eDiscovery - review set limit increase
Review set limit per case is increased from 20 per case to 100 per case.
Microsoft Purview: Information Protection - Exclude modern groups / include dynamic security groups support for sensitivity label policies
To provide more flexibility, admins can now exclude modern Microsoft 365 groups and scope sensitivity label policies to dynamic and non-mail enabled security groups—expanding policy targeting beyond individual users and mail enabled groups.
Microsoft Purview: Information Protection - Policy sync status for M365 Label publishing policies
Admins can now see the sync status of sensitivity label publishing policies directly in the Purview portal. This provides clear confirmation that label policy changes have been fully applied across Microsoft 365 workloads, reducing guesswork, speeding troubleshooting, and increasing confidence during large scale label deployments.
Microsoft Purview: Information Protection - Sensitivity label inheritance for Teams meeting artifacts
Teams meeting artifacts, including recordings, transcripts, and Loop notes, can now be configured to automatically inherit the sensitivity label from the meeting. This ensures content generated during meetings is consistently protected without requiring manual labeling, reducing risk and simplifying protection at scale.
Microsoft Purview: Endpoint Data Loss Prevention - Add support of hyperlinks in warn & block toast messages for Edge browser
With this feature, data officers can now complete their coverage story by now embedding hyperlinks within toast messages for the Edge browser. When this rule is triggered, the end user will see a toast with a customized title and message with a hyperlink. This feature is useful when organizations need to direct users to a specific resource or a repository for more specific instruction (e.g. internal policy SharePoint site).
Microsoft Purview: Data Loss Prevention – Enrich Defender alerts Graph API with DLP event data
Enhance current API infrastructure to provide easy and simple way for customers to export data to integrate with SIEM tools, create automated workflows and generate customizable reports. Today alert data is present in Graph API and DLP rule match event details are present in Management API. This work enriches the graph API with DLP event data to make correlation and integration easy for customers.
Microsoft Purview: Data Loss Prevention – File Quarantine Action in DLP for SharePoint/OneDrive
File Quarantine action in Microsoft Purview DLP for SharePoint and OneDrive, enables stronger, immediate protection for sensitive data. When a DLP policy is triggered, the File Quarantine action automatically moves the file to a restricted, admin‑controlled & defined quarantine location—instantly removing access for all users while preserving the file for review and investigation. This capability helps organizations contain data‑exposure risks, prevents further sharing or misuse, and delivers a powerful new layer of enforcement.
Microsoft Purview: Data Security Investigations – analyze files tied to audit log activities
Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from Unified Audit Log activity. In DSI, build your audit log query by specifying criteria such as time range, activities, users, and keywords. DSI then automatically pulls the associated files into the investigation (for example, UserA downloaded a file on 3/1/2026).
Microsoft Purview: Data Security Investigations – analyze files tied to endpoint DLP alerts
Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).
Microsoft Purview: Data Security Investigations – role-based access simplification
We are simplifying Data Security Investigations (DSI) roles following customer feedback and the continued integration with Data Security Posture Management (DSPM), Insider Risk Management (IRM), and Defender XDR. We added the Data Security Investigation Admin role to the Compliance Administrator role group. We added the Data Security Investigation Contributor role to the: Organization Management role group; Data Security Management role group; Insider Risk management role group.
Microsoft Purview: Data Loss Prevention– Unmanaged cloud app discovery and protection with Microsoft Purview and the Island Enterprise Browser
Microsoft Purview network data security now integrates with Island, extending protection to Island’s browser-based workflows at the point of user interaction. With this integration, new and existing Island customers can configure Microsoft Purview collection and data loss prevention policies to detect and protect data shared with unmanaged cloud apps through the Island Enterprise Browser, the Island Extension, and browser add ins via HTTP and HTTPS, using the same classifiers, sensitive information types, and sensitivity labels used in other Purview policies. Island provides visibility and control at the presentation layer, including typed and pasted input, file transfers, and extension activity, so data can be inspected before it ever leaves the browser. This integration further enriches Purview Data Security Posture Management (DSPM), Insider Risk Management (IRM) risk score, enables data security and compliance for AI interactions, and more.
Microsoft Purview: Data Lifecycle Management– Hard delete capability for OneDrive and SharePoint through secure priority cleanup workflows
Ability to select hard delete configuration for a Priority cleanup policy for OneDrive and SharePoint content and skip recycle bins.
Microsoft Purview: Credential Scanning in Data Security Posture Agent
We're expanding the Data Security Posture Agent with a new credential scanning capability. Discover exposed credentials and data security risks across scoped locations. Assign scanning tasks to the agent, track progress across stages, and take action on prioritized findings. The agent scans selected data locations, analyzing scoped files to detect credentials, such as Microsoft Entra user credentials, private keys, and API tokens. Each finding includes a risk score, AI-generated insights, confidence score, and credential category so you can review, confirm, and act from a single task board view.
Microsoft Purview: DSPM data risk assessments: item-level investigation & remediation
Microsoft Purview Data risk assessments now support item-level investigation and remediation of SharePoint data. New insights like sensitivity label and sharing link information help users identify items at risk of oversharing. Users are empowered to remediate overshared items by resolving, notifying, applying a sensitivity label, or removing sharing links for selected item(s). This helps organizations proactively reduce data exposure, strengthen compliance posture, and ensure sensitive data are only accessible to the right people.
Microsoft Purview: Information Protection– Override manually applied labels and Remove labels with Auto-labeling
New enhancements for SharePoint and OneDrive enable organizations to automatically override manually applied sensitivity labels and remove labels at scale on Word, Excel, PowerPoint, and PDF files. These capabilities help ensure data remains correctly classified as policies, labels, and business requirements evolve—reducing reliance on manual user updates and improving consistency for data at rest across Microsoft 365.
Microsoft Purview: Insider Risk Management – Pay-as-you-go model for Other Generative AI apps indicators
Other AI apps will move to pay-as-you-go model. Microsoft Copilot experiences indicators can still be used for free even without subscription. To continue using Other AI apps indicators, please link an Azure subscription to Microsoft Purview to enable billing. Insider Risk Management indicators transitioning to a pay-as-you-go pricing model: “Entering risky prompt in Other AI apps”. This indicator is present in Policy indicators-> Generative AI apps -> Other AI apps
Microsoft Purview: Data Security Investigations – Introducing new soft purge mitigation action
A new Data Security Investigations (DSI) mitigation action, soft purge, is now available to help admins quickly and efficiently soft-delete sensitive or overshared content during investigations. Content deleted using soft purge is retained until the deleted item retention period expires, allowing admins to have further control of their data. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
Microsoft Purview: Data Loss Prevention- Security Store now available within Purview DLP to browse, purchase, and enable partner integrations
Microsoft Security Store is now integrated into the Microsoft Purview DLP experience, giving admins an in‑product way to discover a curated set of integrations that extend Purview capabilities, including data security capabilities for the network. Purchasing and management are completed through Security Store, simplifying how organizations procure partner integrations.
Microsoft Purview: Data Loss Prevention- New policy configuration options available for inline network and Edge for Business policies
Admins can now scope Purview collection policies for unmanaged cloud apps based on the presence of sensitivity labels, enabling more precise discovery of sensitive activity across inline network traffic and the Edge for Business browser. Purview DLP policies also support "URL contains text" as a condition and exception, providing finer control over unmanaged cloud app usage across the network and Edge for Business, along with configurable email notifications to alert end users when activities are blocked.
Microsoft Purview: Data Loss Prevention- Data Loss Prevention to safeguard sensitive web search in Microsoft 356 Copilot and Copilot Chat
We are expanding Microsoft Purview DLP for Microsoft 365 Copilot and Copilot Chat to safeguard web searches containing sensitive data. This real-time control helps organizations mitigate data leakage and oversharing risks by preventing Microsoft 365 Copilot and agents from using sensitive data for external web search. This capability currently extends to Microsoft 365 Copilot and agents built in Copilot Studio that are published to Microsoft 365 Copilot.
Microsoft Purview: Insider Risk Management – Pay-as-you-go model for Other Generative AI apps indicators
Other AI apps will move to pay-as-you-go model. Microsoft Copilot experiences indicators can still be used for free even without subscription. To continue using Other AI apps indicators, please link an Azure subscription to Microsoft Purview to enable billing. Insider Risk Management indicators transitioning to a pay-as-you-go pricing model: “Entering risky prompt in Other AI apps”. This indicator is present in Policy indicators-> Generative AI apps -> Other AI apps
Microsoft Purview: eDiscovery- CMK (Customer managed key) for eDiscovery direct export
This release of eDiscovery features the implementation of customer-managed key (CMK) options, allowing users to manage their own encryption keys for the data included in the direct export workflow in eDiscovery, adding to the Microsoft-managed encryption already in place.
Microsoft Purview: Insider Risk Management- Data Security Triage Agent in IRM Enhancements
The Data Security Triage Agent in Insider Risk Management is deploying enhancements such as improved user risk and activity explorer pattern summaries to support improved investigation accuracy, context, and decision quality.
Microsoft Purview: Data Lifecycle Management- Azure PST Import
Azure PST Import is a migration method that enables PST files stored in Azure Blob Storage to be imported directly into Exchange Online mailboxes. It follows the standard two‑step Exchange Migration Service pattern: an initial analysis phase to validate and assess PST data, followed by execution of the actual migration. The process also involves creating a migration endpoint, running an analysis-only migration batch, using the analysis results to configure the final batch, and then starting the batch to import PST content into target mailboxes.
Microsoft Purview: Data Loss Prevention – Enhancements to Data Security Triage Agent
Adding below enhancements to Data Security Triage Agent in MS Purview - Metadata supported Custom Instructions (DLP only) : Earlier the agent only supported custom instructions which are related to content (E.g. Focus on alerts related to financial information). Now we also support instructions related to metadata. (E.g. Focus on alerts related to financial information for user Adam in last 20 days) - Consolidated Agent settings : Earlier we had seperate controls for deployment configuration and triggers. We are now merging them into a single view as the settings can be altered anytime and it becomes easier for admins and analysts to change them from single view. - Support for alerts with Non content contains condition (DLP only) : Till now we were showing alerts generated from non-content contains conditions as unsupported. (E.g. Condition = RecipientDomainIs matches and triggers alert, alert is unsupported). Now we are bringing the alerts into triage capability and determining categorization for them also - Agent Identity : Now the Triage agent can be deployed with Agent's own identity generated in Microsoft Entra. There won't be a need to have the agent run using the user's identity who was setting up the agent. This provides cleaner audit capabilities.
Microsoft Purview: Data Security Investigations – AI analysis enhancements
Data Security Investigations (DSI) now further enhances its AI analysis tools, including the ability to choose between a standard categorization for potential time and/or cost savings or a more advanced categorization to include AI-generated topics. Additionally, we are making the DSI workflow faster by automatically preparing data for AI analysis as it is being added to the investigation, saving critical investigation time.
Microsoft Purview: Data Loss Prevention – File Testing Against Sensitive Information Classifiers
A new feature will be introduced on the main Classification page, allowing users to test files against all available classifiers to identify the presence of sensitive information. Users will have the option to select a single classifier or run tests across all classifiers. This capability is designed to help users identify sensitive content within files and troubleshoot classification issues more efficiently.
Microsoft Purview: Data Loss Prevention – Export DLP and Label Policy Configurations
A new export functionality will be introduced in two locations: the Data Loss Prevention > Policies page and the Information Protection > Label publishing policies page. This feature will allow users to export their existing DLP configurations and label policies, including schema, as a downloadable ZIP file. The exported file can be attached to support tickets to accelerate troubleshooting.
Microsoft Purview: Data Loss Prevention to prevent Microsoft 365 Copilot processing content with sensitivity labels supports all storage locations
The Microsoft Purview Data Loss Prevention policy to restrict Microsoft 365 Copilot processing sensitive files in Word, Excel, and PowerPoint will now apply regardless of file storage location.
Microsoft Purview: Insider Risk Management – Ability to preview content in Insider Risk Management Alerts
Insider Risk Management is excited to announce the ability to preview content directly within an IRM alert without having to create a case. Users with appropriate permissions will be able to preview relevant files referenced directly within activity explorer in each alert.
Microsoft Purview: Data Loss Prevention – Enable DLP Diagnostics for All Roles with Purview DLP Policy Access
We’re updating permissions to ensure that all roles with access to view DLP policies in Microsoft Purview can also run diagnostics on those policies. This change enhances visibility and empowers authorized users to troubleshoot and validate policy behavior more effectively. The following roles will now have diagnostic access: Organization Configuration View-Only Configuration Compliance Admin Security Admin Security Reader DLP Compliance Management View-Only DLP Compliance Management Insider Risk Management Admin Information Protection Admin Information Protection Analyst Information Protection Investigator Data Security AI Admin
Microsoft Purview: Data Lifecycle Management - Hard delete capability for OneDrive and SharePoint through secure priority cleanup workflows
Admins will be able to select hard delete configuration while setting up a priority cleanup policy for OneDrive and SharePoint content and skip recycle bins.
Microsoft Purview: Role Group changes in Purview
We are introducing a new Microsoft Purview RBAC role—Purview Agent Deployment—and adding it to various existing built in role groups used by analysts and admins across Purview. This change enables users who use built-in role analyst groups to deploy Security Copilot Agents in Purview without needing any additional roles. If your organization prefers to limit agent deployment permissions, you can create a custom role group that does not include the Purview Agent Deployment role and assign that custom role group to analysts who should not be able to deploy agents. This update does not change default data access or expand visibility into customer content. All other permissions within each role group remain unchanged. Analysts who are assigned to custom role groups will not be able to deploy agents unless the Purview Agent Deployment role is explicitly added to those custom groups. We recommend reviewing and updating your organization’s RBAC documentation, internal processes, or onboarding guides to reflect these change We recommend reviewing and updating your organization’s RBAC documentation, internal processes, or onboarding guides to reflect these changes.
Microsoft Purview: Insider Risk Management – Ability to create cases without content in IRM
Insider Risk Management is providing the ability to create a case without content. With this, we will introduce a new active case limit (2000). This new functionality will allow customers to create more cases particularly when content download is unnecessary. If a case is created without content download, content download can be initiated anytime the case is active pending available content download limits. There is no change to the active content download limit (100).
Microsoft Purview: Data Catalog – Advanced resource sets
Logical grouping of files with same schema and are under the same folder into a single file known as resource set. Using advanced resource set capability, customers can define pattern rules that will help group files based on custom patterns.
Microsoft Purview: Information Protection-Content Explorer – Enhanced Tag (SIT, Labels) Filter at UI Layer
Introduces enhanced controls in Content Explorer’s UI, enabling scoped visibility and filtering of SIT and label data. This will help with content discoverability and governance.
Microsoft Purview: Data Security Posture Management for AI: Fabric integration in Data Risk Assessment
Within Purview's Data Security Posture Management (preview), Data Risk Assessment now supports scanning all Fabric workspaces for potentially overshared Fabric data (dashboards, reports, etc.). The new Fabric tab in Data Risk Assessment allows users to view default assessment results, create custom assessments for scoped Fabric workspaces, and take proactive actions to secure your Fabric data.
Microsoft Purview: Endpoint Data Loss Prevention- Show customized message or hyperlink for multiple file toast
With this feature when multiple files are involved in a DLP enforcement action, the policy tip will now show multiple files and their respective status.
Microsoft Purview: Endpoint Data Loss Prevention- Source context based file protection for Endpoint
Protect file based on the website the file is downloaded or the app the file is created.
Get weekly Purview updates
Roadmap changes, new features, and practical commentary. Delivered weekly.