Purview News & Roadmap
Auto-curated from the Microsoft 365 Roadmap, filtered for Purview and sorted by solution area so you can jump straight to what you work on.
Microsoft Purview: Information Protection - Rights Management connector – Certificate-based authentication
The Microsoft Rights Management (RMS) connector is moving from shared-secret authentication to certificate-based authentication, improving its security posture. With this update, administrators configure their own Microsoft Entra app registration and certificate, then use the new PowerShell module to configure the certificate for each workload (Connector, Exchange, SharePoint, and FCI). New PowerShell cmdlets handle certificate import, registry configuration, private-key permissions, and validation. As part of this change, the connector setup no longer provisions an Entra service principal or issues a shared secret on the customer's behalf. Customers should plan to register an Entra ID application and upload a certificate before installing or upgrading the connector.
Microsoft Purview: Data Loss Prevention - AI Powered Data Loss Prevention Policy Optimizer
DLP Policy Optimizer uses AI to analyze your organization’s DLP policies, rule structure, and activity signals to identify optimization opportunities that are difficult to detect manually. It highlights overlapping rules, redundant conditions, misconfigurations, and sources of excessive noise, and presents prioritized recommendations with supporting evidence and suggested actions. This enables you to reduce false positives and alert noise, improve policy precision, and simplify policy management with confidence.
Microsoft Purview: Data Loss Prevention - User Based Aggregation of DLP Alerts
Enable aggregation of DLP alerts based on common entities user even when multiple rules are matched. This feature should consolidate related alert events into a single alert object to: Reduce alert noise, simplify investigation workflows, enhance contextual understanding of violations.
Microsoft Purview: Insider Risk Management - Unified alert queue
We’re introducing a new unified alert triage experience in Insider Risk Management that brings agent‑driven insights directly into the standard Alerts queue. With this update, analysts can view agent categorizations alongside traditional alert filters and columns in a single, consolidated workflow. The updated alert details panel, enables faster investigation and action from the alerts list page by embedding agent insights directly into the alert experience. To support customer transition, the existing alert and agent triage experience will remain available for 60 days and can be accessed via the Alerts tabs under Users in the left navigation.
Microsoft Purview: Insider Risk Management - Expanding note capabilities across alerts & cases
We’re introducing a new collaboration capability in Insider Risk Management that enables analysts and investigators to add notes directly within alerts. With this feature, users can document investigation progress, share findings, and capture key context throughout the triage process. In addition to manually added notes, system‑generated notes will automatically record updates such as alert status changes or user assignments — helping teams maintain a clear and auditable investigation timeline. By centralizing investigation history directly within alerts, this update helps improve collaboration and ensures all stakeholders stay aligned throughout the investigation lifecycle. These note enhancements will also be made available in Cases.
Microsoft Purview: Insider Risk Management - Enhanced user profile in IRM alerts
We’re enhancing the User section within Insider Risk Management alerts to provide investigators with more contextual user profile and risk attributes directly within their workflow. With this update, analysts can now view key user details such as employee type, office location, start date, policy inclusion, priority user group status, and last working day—helping them build a more complete understanding of the user during investigations without navigating away from the alert experience. This feature will be available as part of the new alert workflow through the Alert Details panel. Additional user attributes will continue to be introduced over time, with pseudo‑anonymization honored to support privacy‑by‑design investigation practices.
Endpoint Data Loss Prevention — Endpoint DLP now supports a pre curated list of file extensions for the file extension condition
Endpoint DLP now includes a pre curated list of file extensions for the file extension condition. Previously, file extensions were entered as free form text, which could result in unsupported or non-scannable extensions being used. This could lead to gaps in protection and increase processing overhead on endpoints. With the pre curated list, you can select only supported file extensions. This helps improve policy reliability and reduces unnecessary processing on endpoints.
Microsoft Purview: Endpoint Data Loss Prevention – Ability to protect files stored in the excluded folders in Windows
Endpoint DLP now extends protection to files stored in commonly excluded Windows folders, including Temp and AppData. This helps improve coverage by detecting and protecting sensitive data in these locations.
Microsoft Purview: Endpoint Data Loss Prevention - Allow customer to scope JIT Audit to specific user or user group
Enable customers to include or exclude users/user groups from Just‑In‑Time (JIT) Audit, ensuring audits are generated only for the selected users or groups.
Microsoft Purview: Data Loss Prevention - Reduce policy sync status SLA on the Purview UI from 2 hours to 30 mins
Policy updates in Microsoft Purview now sync faster, reducing wait times from up to 2 hours to just 30 minutes, so your protections stay up to date and take effect more quickly across your organization.
Microsoft Purview: Information Protection – Auto-labeling Simulation Evaluation
The Simulation Grader helps admins understand and improve auto‑labeling accuracy before enforcing a policy. When enabled during simulation, matched items are evaluated by an AI-powered grader to determine whether each match is a true positive or false positive, along with an explanation of why the content matched. The results roll up into clear policy‑level accuracy insights and file‑level evaluation details, giving admins confidence to refine conditions, upgrade to smarter classifiers, and move policies to enforcement with greater trust.
Microsoft Purview: Data Lifecycle Management - Archive OneDrive and SharePoint files under retention
Retention based file archiving moves inactive content to low-cost storage, lowering costs with no compromise on Compliance, keeping data discoverable and making Copilot results highly relevant.
Microsoft Purview: Data Lifecycle Management - Insights and policy recommendations on sensitive M365 data for better Data Security and Compliance posture
Insights on sensitive M365 data (OneDrive and SharePoint) and recommendations on retention policies for customers to better govern their sensitive data.
Microsoft Purview: Data Lifecycle Management - DLM Meter Change
Data Lifecycle Management (DLM) billing will be based on the volume of data retained. For example, any number of non‑Microsoft 365 generative AI prompts and responses that collectively amount to 1 GB of retained data will be billed at $0.25 per GB per month (equivalent to ~$0.0082 per GB per day). In the updated model, DLM is billed based on the total volume of text messages managed by a DLM policy. Each non‑Microsoft 365 generative AI prompt and response is treated as an individual text message and is retained and deleted according to the configured Microsoft Purview retention settings. Billing is calculated on the managed text messages in storage, at a rate equivalent to $6 per one million text messages per month. Customer impact Customers will need to migrate from the legacy meter to the new meter. Based on current analysis, the overall cost impact is expected to be cost‑neutral or lower for customers under the new billing model.
Microsoft Purview: Data Loss Prevention - Count of Labelled Documents Condition
This release introduces a new condition for Exchange Online policies: “Count of labeled documents is greater than.” This condition evaluates the number of attachments in an email message that carry a matching sensitivity label. When the count exceeds a defined threshold, the DLP rule is triggered, and configured actions are applied. This capability enables detection of high-volume data exfiltration scenarios, where multiple sensitive files—individually low-risk—collectively represent a significant compliance or security risk. Existing conditions evaluate file content, but do not provide controls based on the volume of labeled attachments.
Microsoft Purview: Data Loss Prevention - Reusable Global List for Exchange Online
Reusable Lists centralize management of keywords, domains, and email addresses, eliminating duplication across rules and reducing the effort required to maintain large policies.
Microsoft Purview: Data Loss Prevention - Enriched Audit Data for Matched Rules
When DLP rules detect policy violations in Exchange Online, they generate audit records that administrators rely on for compliance monitoring, incident investigation, and policy tuning. Previously, these records only showed Sensitive Information Type matches. This feature aims to extend that to sender domain, subject keywords, attachment type, or recipient information. Now they will be visible in alerts and Activity Explorer providing data enrichment to the administrators.
Microsoft Purview: Endpoint Data Loss Prevention - Policy Sync & Device Health AI Skill
AI agent skill to detect and alert unhealthy policy sync and device configuration.
Microsoft Purview: Data Loss Prevention to restrict processing external emails in Microsoft 365 Copilot and Copilot Chat
We are expanding Microsoft Purview DLP for Microsoft 365 Copilot and Copilot Chat to safeguard risks from external emails. This real-time control helps organizations mitigate data risks by preventing Microsoft 365 Copilot and Chat from processing emails from senders external to your organization. This capability currently extends to Microsoft 365 Copilot and agents built in Copilot Studio that are published to Microsoft 365 Copilot.
Microsoft Purview: Role groups UI enhancements
The Role groups page in the Microsoft Purview compliance portal now allows admins to look up permissions by roles and memberships.
Microsoft Purview: Data Loss Prevention - Granular classification error controls (Exchange online)
Granular Protections for Exchange Online is available in public preview. This release gives administrators fine-grained control to create DLP policies based on specific classification or text extraction failure types — such as timeout, throttling and other scan errors — rather than one blanket policy for all failure conditions.
Microsoft Purview: Data Loss Prevention for Microsoft 365 Copilot to safeguard prompts for government clouds
We are expanding Microsoft Purview DLP for Microsoft 365 Copilot to safeguard prompts containing sensitive data. This real-time control helps organizations mitigate data leakage and oversharing risks by preventing Microsoft 365 Copilot and agents from returning a response when prompts contain sensitive data or using that sensitive data for grounding in Microsoft 365 or the web. This capability currently extends to Microsoft 365 Copilot and agents built in Copilot Studio that are published to Microsoft 365 Copilot.
Microsoft Purview: Information Protection- File Labeler and File Viewer for MacOS
This feature is bringing the Information Protection Filer Labeler and Viewer applications to the MacOS platform. Enabling customers to have the same capabilities available on Mac. Core functionality will be available with the exception of the Advanced label-based protection feature.
Microsoft Purview: Insider Risk Management – Reduce temporary file noise for Endpoint activities in IRM
When files are opened in Windows, the operating system, and applications (for example, Microsoft Office and browsers) can create, rename, and delete temporary files as part of normal behavior. The Endpoint client audits these activities, resulting in high-volume, low-signal events that appear as “noise” for Insider Risk Management (IRM) customers. While global exclusions exist (file type, keyword, file path, etc.), some temporary file naming patterns are not easily captured with the current exclusions, leaving customers without a practical way to reduce noise without over-excluding. This feature introduces built-in filtering for well-known temporary file name patterns so that Endpoint file operations are excluded from IRM activity explorer and scoring reducing noise allowing customers to focus on the most relevant alerts.
Microsoft Purview: eDiscovery – Enhancement of Loop and Copilot Pages in Review and Export
Improves eDiscovery workflows for Loop and Copilot pages by enabling full indexing of page content for keyword search within review sets and adding HTML format support for export from search.
Microsoft Purview: Data Lifecycle Management – Insights and policy recommendations on Microsoft Copilot and AI Apps interactions for better Data Security and Compliance posture
Provide insights on Copilots and AI Apps usage and recommend retention policies for customers to govern their Copilots and AI App interactions.
Microsoft Purview: Data Lifecycle Management – Hard delete capability for OneDrive and SharePoint through secure priority cleanup workflows
Ability to select hard delete configuration for a Priority cleanup policy for OneDrive and SharePoint content and skip recycle bins.
Microsoft Purview: Use sensitivity labels to block all connected experiences that analyze content in Word, Excel, and PowerPoint
In Word, Excel, and PowerPoint, the ‘Prevent some connected experiences that analyze content’ label setting now prevents files in these apps from being sent to all Microsoft connected experiences for analysis, rather than a subset of these connected experiences.
Microsoft Purview: Data Lifecycle Management – Archive OneDrive and SharePoint files under retention
Retention based file archiving moves inactive content to low-cost storage, lowering costs without compromising on Compliance - while keeping data discoverable and Copilot results highly relevant.
Microsoft Purview: Data Security Investigations – Introducing OCR support
Microsoft Purview Data Security Investigations (DSI) is extending our investigations by adding optical character recognition (OCR), extracting text from images and incorporating it into investigation data. This enables AI-powered deep content analysis to uncover data security risks that are often hidden within visual content.
Microsoft Purview: Endpoint Data Loss Prevention: Add control to include or exclude Default file paths exclusions for Windows
Previously customers would have system files either included or excluded manually configured. With this feature there is now a capability to provide this by default and have the option of including or excluding those paths. This list is managed by Microsoft to ensure accuracy and ease of management.
Microsoft Purview: Insider Risk Management – Policy Recommendation Panel in IRM
Today, Insider Risk Management (IRM) provides policy-driven protection for data leaks, data theft, and risky AI usage. However, while policy-driven protections are powerful, customers may not always have clear visibility into where coverage can be optimized or expanded to address latent insider risk. IRM now provides guidance on what protections are missing or which policy configurations deliver the most incremental value, providing customers with more comprehensive coverage to mitigate their most critical insider risk.
Microsoft Purview: Endpoint Data Loss Prevention – Device Health Reporting Dashboard
This dashboard will allow admins to view the device health across all their devices to ensure the system is healthy and ready to receive policy updates and quickly identify devices that are not ready.
Microsoft Purview: Data Loss Prevention – New Guided Experience to Diagnose and Resolve DLP Issues
We’re introducing a new guided diagnostics experience to help users understand why their DLP policies may not be behaving as expected. This experience provides a clear summary of why a DLP action was taken on a document, including which policies were triggered, the order of evaluation, and detailed insights into which conditions evaluated as true or false. For Microsoft 365 E5 customers, the experience also includes Copilot-powered insights and tailored recommendations to accelerate troubleshooting and policy optimization.
Microsoft Purview: DSPM – New Microsoft Purview Data Security Posture Management Experience
At Ignite, Microsoft is introducing a major evolution of Purview Data Security Posture Management (DSPM) to help organizations strengthen data security and confidently embrace AI. The new DSPM experience unifies visibility and control across traditional data and AI-driven environments, delivering outcome-based guided workflows that turn insights into actionable steps—so teams can prioritize risks and remediate faster. It brings AI observability, enhanced posture reporting, and intelligent Security Copilot agents to automate tasks like triage and policy management. Plus, Purview now extends coverage beyond Microsoft data with third-party signals from partners like BigID, Cyera, OneTrust, and Varonis, giving security teams a single, streamlined view of sensitive data across clouds and platforms. Together, these innovations make DSPM the central hub for managing data security posture in the era of AI. We are also extending Data Risk Assessments to Fabric and to item-level analysis with new remediation actions like bulk disabling of overshared SharePoint links.
Microsoft Purview: Data Security Triage Agent in Data Loss Prevention - Reasoning Trace and Confidence Score for agent-triaged alerts
This feature introduces confidence scoring and reasoning trace explainability into the Data Security Triage Agent in DLP, addressing a critical trust gap reported across multiple customers. Today, without transparency into why the agent makes a decision or how confident it is, analysts are forced to fall back to manual review — completely negating the automation value. The feature will surface a reasoning trace alongside each agent decision and a confidence score, giving analysts a clear signal of how reliable the agent's output is. This provides SOC teams with an auditable, explainable output they can validate rather than blindly trust, enabling them to progressively increase reliance on automation over time.
Microsoft Purview: Data Lifecycle Management – Increase in expansion limit for auto expanding archive beyond 1.5TB
Previously, auto expanding archive mailbox expansion was supported only up to 1.5 TB, after which mailboxes would become inoperative. Archive mailboxes can now automatically expand beyond the 1.5 TB limit, ensuring uninterrupted retention and enabling scalable archive growth as storage thresholds are reached. This capability will be offered as a consumption‑based feature for auto expanding archive beyond 1.5 TB and will be billed at $0.25 per GB per month (or $0.0082 per GB per day).
Microsoft Purview: Information Protection – AI-powered intent for classifiers
AI-powered intent for classifiers: Microsoft Purview Information Protection will generate a human-readable semantic intent for custom Sensitive Information Types (SITs), helping customers better understand what their classifiers detect and refine them for higher accuracy and fewer false positives.
Microsoft Purview: Insider Risk Management – Viewing AI interaction messages for anonymized users in IRM
Customers can now access and review the underlying risky prompt and response interactions generated by users during AI usage, even when user anonymization is enabled within Insider Risk Management investigations. This capability ensures that anonymized investigation workflows do not limit visibility into the contextual AI activity associated with potential risk. This enables analysts to effectively investigate detailed AI interactions across the organization.
Microsoft Purview: Data Security Investigations – Introducing new custom examination
Data Security Investigations (DSI) is introducing the ability to create custom examination focus areas. This feature will empower admins to tailor examination to their specific needs depending on the type of investigation being performed and the information they are most concerned with. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
Microsoft Purview: Insider Risk Management-AI app selection for Generative AI apps indicators
Customers can precisely choose which AI app they should use to detect any of the Generative AI apps indicators. This is applicable to the following indicators: "Entering risky prompts in Copilot", "Receiving sensitive responses from Copilot", "Entering risky prompts in enterprise AI apps", and "Receiving sensitive responses from enterprise AI apps".
Microsoft Purview: Data Security Investigations – notification and improved search capabilities
We're introducing notification capabilities and search improvements to Microsoft Purview Data Security Investigations. Investigators will receive notifications when key investigation events occur, such as when AI jobs complete or when new data is added to scope. Search improvements include enhanced query building to more easily identify potentially impacted data
Microsoft Purview: Data Security Investigations – Proactive AI insight powered by Data Security Posture Management
Data Security Investigations now delivers proactive AI insights within the Data Security Posture Management (DSPM) experience. When DSPM identifies potential data exfiltration, DSI automatically analyzes the flagged content against risk dimensions like intellectual property, financial data, and credentials. Results are surfaced directly in DSPM, helping security teams identify sensitive data at risk before an incident occurs — and take action in DSI when deeper investigation is needed.
Microsoft Purview: Data Security Investigations – Investigation templates for common data security scenarios
We're adding pre-built search templates to Microsoft Purview Data Security Investigations. Templates provide pre-configured search queries for common data security scenarios, allowing investigators to scope an investigation in just a few clicks instead of manually building queries. Users select a template, provide minimal inputs (such as a user or site), and the search is configured and ready to run.
Microsoft Purview: Insider Risk Management - Microsoft Fabric, Cloud storage, cloud service activities as triggers
With this update, the indicators belonging to cloud storage apps (Box, Dropbox, Google Drive), cloud services (Azure, Amazon Web Services) and Microsoft Fabric (Power BI, Lakehouse) will be supported as triggers in Data leaks policy. With triggers, customers can define the conditions for bringing the user into the scope of a policy while the respective indicators are used to determine risk score.
Microsoft Purview: Endpoint Data Loss Prevention - Enforce DLP protection upon new content before its saved
Monitor or protect file with unsaved sensitive content from being printed or being moved to USB or network share.
Microsoft Purview: Endpoint Data Loss Prevention - Expand protection to Copilot + PC devices for Recall snapshots through custom policies
Microsoft Purview Endpoint data loss prevention is expanding coverage to Copilot + PCs initially to support Recall snapshots and determining whether policies exist to prevent capture of windows containing restricted sensitivity labels and Sensitive information types (SITs). Purview admins will author Endpoint DLP custom policies to integrate with Windows Copilot + PC Recall setup by Intune admins for Copilot + PC devices exclusively.
Microsoft Purview: Endpoint Data Loss Prevention - Add support of hyperlinks in warn & block toast messages for Edge browser
With this feature, data officers can now complete their coverage story by now embedding hyperlinks within toast messages for the Edge browser. When this rule is triggered, the end user will see a toast with a customized title and message with a hyperlink. This feature is useful when organizations need to direct users to a specific resource or a repository for more specific instruction (e.g. internal policy SharePoint site).
Microsoft Edge: v.148 - Shadow AI
Currently admins can set Purview DLP policies to protect sensitive data from being sent to any Generative AI apps, users get blocked from sending their prompts to LLM when this is triggered and stops their workflow. This new add-on to the feature shows a new UI that will give users the option to be redirected to M365 Copilot which will open and navigate to this M365 Copilot tab and allow them to send the same prompt there.
Microsoft Purview: eDiscovery - review set limit increase
Review set limit per case is increased from 20 per case to 100 per case.