Purview News & Roadmap
Auto-curated from the Microsoft 365 Roadmap, filtered for Purview-related updates.
Microsoft Purview: Endpoint Data Loss Prevention: Add control to include or exclude Default file paths exclusions for Windows
Previously customers would have system files either included or excluded manually configured. With this feature there is now a capability to provide this by default and have the option of including or excluding those paths. This list is managed by Microsoft to ensure accuracy and ease of management.
Microsoft Purview: Insider Risk Management – Policy Recommendation Panel in IRM
Today, Insider Risk Management (IRM) provides policy-driven protection for data leaks, data theft, and risky AI usage. However, while policy-driven protections are powerful, customers may not always have clear visibility into where coverage can be optimized or expanded to address latent insider risk. IRM now provides guidance on what protections are missing or which policy configurations deliver the most incremental value, providing customers with more comprehensive coverage to mitigate their most critical insider risk.
Microsoft Purview: Endpoint Data Loss Prevention – Device Health Reporting Dashboard
This dashboard will allow admins to view the device health across all their devices to ensure the system is healthy and ready to receive policy updates and quickly identify devices that are not ready.
Microsoft Purview: DSPM – New Microsoft Purview Data Security Posture Management Experience
At Ignite, Microsoft is introducing a major evolution of Purview Data Security Posture Management (DSPM) to help organizations strengthen data security and confidently embrace AI. The new DSPM experience unifies visibility and control across traditional data and AI-driven environments, delivering outcome-based guided workflows that turn insights into actionable steps—so teams can prioritize risks and remediate faster. It brings AI observability, enhanced posture reporting, and intelligent Security Copilot agents to automate tasks like triage and policy management. Plus, Purview now extends coverage beyond Microsoft data with third-party signals from partners like BigID, Cyera, OneTrust, and Varonis, giving security teams a single, streamlined view of sensitive data across clouds and platforms. Together, these innovations make DSPM the central hub for managing data security posture in the era of AI. We are also extending Data Risk Assessments to Fabric and to item-level analysis with new remediation actions like bulk disabling of overshared SharePoint links.
Microsoft Purview: Data Loss Prevention – New Guided Experience to Diagnose and Resolve DLP Issues
We’re introducing a new guided diagnostics experience to help users understand why their DLP policies may not be behaving as expected. This experience provides a clear summary of why a DLP action was taken on a document, including which policies were triggered, the order of evaluation, and detailed insights into which conditions evaluated as true or false. For Microsoft 365 E5 customers, the experience also includes Copilot-powered insights and tailored recommendations to accelerate troubleshooting and policy optimization.
Microsoft Purview: Data Lifecycle Management – Increase in expansion limit for auto expanding archive beyond 1.5TB
Previously, auto expanding archive mailbox expansion was supported only up to 1.5 TB, after which mailboxes would become inoperative. Archive mailboxes can now automatically expand beyond the 1.5 TB limit, ensuring uninterrupted retention and enabling scalable archive growth as storage thresholds are reached. This capability will be offered as a consumption‑based feature for auto expanding archive beyond 1.5 TB and will be billed at $0.25 per GB per month (or $0.0082 per GB per day).
Microsoft Purview: Data Security Triage Agent in Data Loss Prevention - Reasoning Trace and Confidence Score for agent-triaged alerts
This feature introduces confidence scoring and reasoning trace explainability into the Data Security Triage Agent in DLP, addressing a critical trust gap reported across multiple customers. Today, without transparency into why the agent makes a decision or how confident it is, analysts are forced to fall back to manual review — completely negating the automation value. The feature will surface a reasoning trace alongside each agent decision and a confidence score, giving analysts a clear signal of how reliable the agent's output is. This provides SOC teams with an auditable, explainable output they can validate rather than blindly trust, enabling them to progressively increase reliance on automation over time.
Microsoft Purview: Information Protection – AI-powered intent for classifiers
AI-powered intent for classifiers: Microsoft Purview Information Protection will generate a human-readable semantic intent for custom Sensitive Information Types (SITs), helping customers better understand what their classifiers detect and refine them for higher accuracy and fewer false positives.
Microsoft Purview: Insider Risk Management – Viewing AI interaction messages for anonymized users in IRM
Customers can now access and review the underlying risky prompt and response interactions generated by users during AI usage, even when user anonymization is enabled within Insider Risk Management investigations. This capability ensures that anonymized investigation workflows do not limit visibility into the contextual AI activity associated with potential risk. This enables analysts to effectively investigate detailed AI interactions across the organization.
Microsoft Purview: Data Security Investigations – Introducing new custom examination
Data Security Investigations (DSI) is introducing the ability to create custom examination focus areas. This feature will empower admins to tailor examination to their specific needs depending on the type of investigation being performed and the information they are most concerned with. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
Microsoft Purview: Insider Risk Management-AI app selection for Generative AI apps indicators
Customers can precisely choose which AI app they should use to detect any of the Generative AI apps indicators. This is applicable to the following indicators: "Entering risky prompts in Copilot", "Receiving sensitive responses from Copilot", "Entering risky prompts in enterprise AI apps", and "Receiving sensitive responses from enterprise AI apps".
Microsoft Purview: Data Security Investigations – Proactive AI insight powered by Data Security Posture Management
Data Security Investigations now delivers proactive AI insights within the Data Security Posture Management (DSPM) experience. When DSPM identifies potential data exfiltration, DSI automatically analyzes the flagged content against risk dimensions like intellectual property, financial data, and credentials. Results are surfaced directly in DSPM, helping security teams identify sensitive data at risk before an incident occurs — and take action in DSI when deeper investigation is needed.
Microsoft Purview: Data Security Investigations – Investigation templates for common data security scenarios
We're adding pre-built search templates to Microsoft Purview Data Security Investigations. Templates provide pre-configured search queries for common data security scenarios, allowing investigators to scope an investigation in just a few clicks instead of manually building queries. Users select a template, provide minimal inputs (such as a user or site), and the search is configured and ready to run.
Microsoft Purview: Data Security Investigations – notification and improved search capabilities
We're introducing notification capabilities and search improvements to Microsoft Purview Data Security Investigations. Investigators will receive notifications when key investigation events occur, such as when AI jobs complete or when new data is added to scope. Search improvements include enhanced query building to more easily identify potentially impacted data
Microsoft Purview: Insider Risk Management - Microsoft Fabric, Cloud storage, cloud service activities as triggers
With this update, the indicators belonging to cloud storage apps (Box, Dropbox, Google Drive), cloud services (Azure, Amazon Web Services) and Microsoft Fabric (Power BI, Lakehouse) will be supported as triggers in Data leaks policy. With triggers, customers can define the conditions for bringing the user into the scope of a policy while the respective indicators are used to determine risk score.
Microsoft Purview: Endpoint Data Loss Prevention - Add support of hyperlinks in warn & block toast messages for Edge browser
With this feature, data officers can now complete their coverage story by now embedding hyperlinks within toast messages for the Edge browser. When this rule is triggered, the end user will see a toast with a customized title and message with a hyperlink. This feature is useful when organizations need to direct users to a specific resource or a repository for more specific instruction (e.g. internal policy SharePoint site).
Microsoft Purview: Endpoint Data Loss Prevention - Enforce DLP protection upon new content before its saved
Monitor or protect file with unsaved sensitive content from being printed or being moved to USB or network share.
Microsoft Purview: Endpoint Data Loss Prevention - Expand protection to Copilot + PC devices for Recall snapshots through custom policies
Microsoft Purview Endpoint data loss prevention is expanding coverage to Copilot + PCs initially to support Recall snapshots and determining whether policies exist to prevent capture of windows containing restricted sensitivity labels and Sensitive information types (SITs). Purview admins will author Endpoint DLP custom policies to integrate with Windows Copilot + PC Recall setup by Intune admins for Copilot + PC devices exclusively.
Microsoft Edge: Shadow AI
Currently admins can set Purview DLP policies to protect sensitive data from being sent to any Generative AI apps, users get blocked from sending their prompts to LLM when this is triggered and stops their workflow. This new add-on to the feature shows a new UI that will give users the option to be redirected to M365 Copilot which will open and navigate to this M365 Copilot tab and allow them to send the same prompt there.
Microsoft Purview: eDiscovery - review set limit increase
Review set limit per case is increased from 20 per case to 100 per case.
Microsoft Purview: Insider Risk Management- IRM alerts in XDR
With this feature, IRM alerts and other supporting data will be available in the following Microsoft Defender XDR experiences: 1. IRM alerts will be surfaced in unified alert and Incident queue in Microsoft Defender XDR. 2. IRM alerts, Indicators and enriched events will be available in Microsoft Defender XDR advanced hunting. Analysts can leverage KQL queries to identify potentially hidden risky patterns in data security related user activity. 3. IRM alert, Indicators and enriched events will be exposed through Graph API. This feature can be enabled through “Share data with Microsoft Defender XDR” within Microsoft Insider Risk Management settings IRM data in Microsoft Defender XDR does not honor anonymization. This is to enable effective correlation of IRM alerts with alerts from other solutions in Microsoft Defender XDR platform (such as Defender for Endpoint, Defender for Cloud apps, etc.).
Microsoft Purview: Data Loss Prevention – Block External Domain/User action in DLP for SharePoint/OneDrive
Block External Domain/User action in Microsoft Purview DLP for SharePoint and OneDrive, gives organizations stronger control over who can access sensitive files. With this enhancement, admins can configure DLP policies that block file access for specific external domains or individual users. This capability helps prevent unintended exposure by external users and supports enterprise compliance requirements.
Microsoft Purview: Purview in Microsoft Admin Center
AI and IT admins in Microsoft Admin Center can 1) gain visibility around oversharing risks and drive remediations 2) Understand how much of sensitive copilot interactions are protected and turn on Purview DLP for M365 Copilot right from there. Enables secure adoption of Copilot.
Microsoft Purview: Data Loss Prevention – Inline DLP for Prompts for Microsoft Foundry apps and agents
With Purview enabled in Microsoft Foundry, Purview admins can setup inline DLP policies to prompts on Foundry built apps and agents to ensure data loss prevention of sensitive data.
Microsoft Purview: Data Catalog – Migration tool in Unified Catalog to migrate classic glossary terms to Unified Catalog
Use the in-product migration tool in Unified Catalog to migrate classic glossary terms, associated term templates, and asset and column relationships to Unified Catalog
Microsoft Purview: Information Protection - Apply default SharePoint library labels to data at rest
Enables auto‑labeling of existing SharePoint files to match the default sensitivity label configured on their document library. This helps organizations close labeling gaps for data at rest and ensure consistent, secure‑by‑default protection across SharePoint libraries—without relying on manual user labeling.
Microsoft Purview: Data Loss Prevention - Apply default SharePoint library labels to data at rest
Introduce an AI-powered capability leveraging Microsoft Security Copilot to automatically generate natural language explanations of changes made to DLP policies after each update within Microsoft Purview. This feature will analyze policy version deltas (pre-update vs. post-update) and produce a structured, human-readable summary that clearly explains: What changed Where the change occurred (rule, condition, action, location, etc.) The impact of the change The potential enforcement implications The goal is to eliminate manual policy diff analysis, reduce configuration ambiguity, and improve governance transparency for compliance and security administrators.
Microsoft Purview: Data Loss Prevention– Enhanced content extraction and file type coverage for DLP on Mac devices
With this release, the file type coverage to scan, classify and protect sensitive content on Mac devices with
Microsoft Purview: Data Security Investigations – Introducing new personal data examination
Data Security Investigations (DSI) is introducing a new examination focus area concentrated on identifying personal data. The personal data examination will identify and extract various types of personal data from the selected items including but not limited to, names, addresses, bank account numbers, and more. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
Microsoft Purview: Data Loss Prevention – Reduce policy sync status SLA on the Purview UI from 2 hours to 30 mins
Admin should be able to see the Endpoint DLP policy sync status on the Purview portal within 30 mins.
Microsoft Purview: File Creation/Modification conditions in DLP for Sharepoint/OneDrive and AutoLabelling
File Creation and File Modification conditions in Microsoft Purview DLP for SharePoint and OneDrive and AutoLabelling will give organizations more precise control over DLP policy definition. These conditions allow admins to configure policies based on when the files were created or last modified, enabling policies that target newly created documents, recently edited files, or older content that may require stricter governance. With these new date-based predicates, Purview DLP delivers stronger lifecycle-aware protection, improved policy accuracy, and greater flexibility in securing data across SPOD.
Microsoft Purview: Endpoint Data Loss Prevention - Device Health Reporting Dashboard
This dashboard will allow admins to view the device health across all their devices to ensure the system is healthy and ready to receive policy updates and quickly identify devices that are not ready.
Microsoft Purview: Data Lifecycle Management - DLM Retention support Microsoft Teams call logs
Microsoft Teams stores call logs in several persistent locations, such as CDR logs. Currently, these logs are retained indefinitely. However, regulatory requirements in various countries specify maximum retention periods for calling-related logs. This discrepancy creates a compliance gap, as the existing retention practices may not meet regulatory obligations. Additionally, tenant administrators may prefer to retain data for longer periods to improve the user experience. Therefore, this solution would help organizations ensure that Microsoft Teams remains compliant with regulatory mandates while also supporting evolving product features and business needs.
Microsoft Purview: Data Lifecycle Management - Power Automate integration with records management
Initiate a Power Automate workflow when the item reaches the end of its retention period. For example, execute a complex disposition approval process or move the file to an archive.
Microsoft Purview: Endpoint Data Loss Prevention - Logged-in user details on the Purview device onboarding page
This update introduces logged-in user details (user email) on the device onboarding page for Windows devices bringing it in line with the experience for MacOS devices. Admins can now see which user is currently signed in on a device, making It faster to confirm ownership and troubleshoot issues.
Microsoft Purview: Endpoint Data Loss Prevention - Endpoint DLP Device Status API
Provides access to the same device health details currently available through the export function on the device onboarding page. With the new device status API, customers can pull device-level information directly into their own BI tools, dashboards, and workflows, eliminating manual exports and making it easier to automate reporting at scale.
Microsoft Purview: Data Loss Prevention - Unmanaged cloud app discovery and protection with Microsoft Purview and Palo Alto Prisma Access
Microsoft Purview network data security now integrates with Palo Alto Prisma Access, extending discovery and protection to network traffic. With this integration, new and existing Palo Alto Prisma Access customers can configure Microsoft Purview collection and data loss prevention policies to discover and protect sensitive data shared with unmanaged cloud apps via HTTP/HTTPS, using the same classifiers, sensitive information types, and sensitivity labels used in other Purview policies. This integration further enriches Purview Data Security Posture Management (DSPM), Insider Risk Management (IRM), enables data security & compliance for AI interactions, and more.
Microsoft Purview: Information Protection - Sensitivity label support in Engage
Organizations can now manually apply Purview Information Protection sensitivity labels in Engage. Allowing admins to create labels and configure label publishing policies to determine which users and groups can manually label content in Engage communities. End users in Engage will be able to then manually apply labels to communities and in turn classify and protect their sensitive data via privacy and external user access controls.
Microsoft Purview: eDiscovery - review set limit increase
Review set limit per case is increased from 20 per case to 100 per case.
Microsoft Purview: Data Loss Prevention - Data Security Triage Agent summaries and categorizations for DLP alerts will be made available in DLP Alerts in Microsoft Defender XDR
Data Security Triage Agent summaries and categorizations for DLP alerts will be made available in DLP Alerts in Microsoft Defender XDR.
Microsoft Purview: Information Protection - Exclude modern groups / include dynamic security groups support for sensitivity label policies
To provide more flexibility, admins can now exclude modern Microsoft 365 groups and scope sensitivity label policies to dynamic and non-mail enabled security groups—expanding policy targeting beyond individual users and mail enabled groups.
Microsoft Purview: Information Protection - Policy sync status for M365 Label publishing policies
Admins can now see the sync status of sensitivity label publishing policies directly in the Purview portal. This provides clear confirmation that label policy changes have been fully applied across Microsoft 365 workloads, reducing guesswork, speeding troubleshooting, and increasing confidence during large scale label deployments.
Microsoft Purview: Information Protection - Sensitivity label inheritance for Teams meeting artifacts
Teams meeting artifacts, including recordings, transcripts, and Loop notes, can now be configured to automatically inherit the sensitivity label from the meeting. This ensures content generated during meetings is consistently protected without requiring manual labeling, reducing risk and simplifying protection at scale.
Microsoft Purview: Endpoint Data Loss Prevention - Add support of hyperlinks in warn & block toast messages for Edge browser
With this feature, data officers can now complete their coverage story by now embedding hyperlinks within toast messages for the Edge browser. When this rule is triggered, the end user will see a toast with a customized title and message with a hyperlink. This feature is useful when organizations need to direct users to a specific resource or a repository for more specific instruction (e.g. internal policy SharePoint site).
Microsoft Purview: Data Loss Prevention – Enrich Defender alerts Graph API with DLP event data
Enhance current API infrastructure to provide easy and simple way for customers to export data to integrate with SIEM tools, create automated workflows and generate customizable reports. Today alert data is present in Graph API and DLP rule match event details are present in Management API. This work enriches the graph API with DLP event data to make correlation and integration easy for customers.
Microsoft Purview: Data Loss Prevention – File Quarantine Action in DLP for SharePoint/OneDrive
File Quarantine action in Microsoft Purview DLP for SharePoint and OneDrive, enables stronger, immediate protection for sensitive data. When a DLP policy is triggered, the File Quarantine action automatically moves the file to a restricted, admin‑controlled & defined quarantine location—instantly removing access for all users while preserving the file for review and investigation. This capability helps organizations contain data‑exposure risks, prevents further sharing or misuse, and delivers a powerful new layer of enforcement.
Microsoft Purview: Data Security Investigations – analyze files tied to audit log activities
Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from Unified Audit Log activity. In DSI, build your audit log query by specifying criteria such as time range, activities, users, and keywords. DSI then automatically pulls the associated files into the investigation (for example, UserA downloaded a file on 3/1/2026).
Microsoft Purview: Data Security Investigations – analyze files tied to endpoint DLP alerts
Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).
Microsoft Purview: Data Security Investigations – role-based access simplification
We are simplifying Data Security Investigations (DSI) roles following customer feedback and the continued integration with Data Security Posture Management (DSPM), Insider Risk Management (IRM), and Defender XDR. We added the Data Security Investigation Admin role to the Compliance Administrator role group. We added the Data Security Investigation Contributor role to the: Organization Management role group; Data Security Management role group; Insider Risk management role group.
Microsoft Purview: Data Loss Prevention– Unmanaged cloud app discovery and protection with Microsoft Purview and the Island Enterprise Browser
Microsoft Purview network data security now integrates with Island, extending protection to Island’s browser-based workflows at the point of user interaction. With this integration, new and existing Island customers can configure Microsoft Purview collection and data loss prevention policies to detect and protect data shared with unmanaged cloud apps through the Island Enterprise Browser, the Island Extension, and browser add ins via HTTP and HTTPS, using the same classifiers, sensitive information types, and sensitivity labels used in other Purview policies. Island provides visibility and control at the presentation layer, including typed and pasted input, file transfers, and extension activity, so data can be inspected before it ever leaves the browser. This integration further enriches Purview Data Security Posture Management (DSPM), Insider Risk Management (IRM) risk score, enables data security and compliance for AI interactions, and more.
Get weekly Purview updates
Roadmap changes, new features, and practical commentary. Delivered weekly.