Purview News & Roadmap
Auto-curated from the Microsoft 365 Roadmap, filtered for Purview-related updates.
Microsoft Purview: Endpoint Data Loss Prevention - Add support of hyperlinks in warn & block toast messages for Edge browser
With this feature, data officers can now complete their coverage story by now embedding hyperlinks within toast messages for the Edge browser. When this rule is triggered, the end user will see a toast with a customized title and message with a hyperlink. This feature is useful when organizations need to direct users to a specific resource or a repository for more specific instruction (e.g. internal policy SharePoint site).
Microsoft Purview: Data Loss Prevention – Enrich Defender alerts Graph API with DLP event data
Enhance current API infrastructure to provide easy and simple way for customers to export data to integrate with SIEM tools, create automated workflows and generate customizable reports. Today alert data is present in Graph API and DLP rule match event details are present in Management API. This work enriches the graph API with DLP event data to make correlation and integration easy for customers.
Microsoft Purview: Data Loss Prevention – File Quarantine Action in DLP for SharePoint/OneDrive
File Quarantine action in Microsoft Purview DLP for SharePoint and OneDrive, enables stronger, immediate protection for sensitive data. When a DLP policy is triggered, the File Quarantine action automatically moves the file to a restricted, admin‑controlled & defined quarantine location—instantly removing access for all users while preserving the file for review and investigation. This capability helps organizations contain data‑exposure risks, prevents further sharing or misuse, and delivers a powerful new layer of enforcement.
Microsoft Purview: Data Security Investigations – analyze files tied to audit log activities
Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from Unified Audit Log activity. In DSI, build your audit log query by specifying criteria such as time range, activities, users, and keywords. DSI then automatically pulls the associated files into the investigation (for example, UserA downloaded a file on 3/1/2026).
Microsoft Purview: Data Security Investigations – analyze files tied to endpoint DLP alerts
Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).
Microsoft Purview: Data Security Investigations – role-based access simplification
We are simplifying Data Security Investigations (DSI) roles following customer feedback and the continued integration with Data Security Posture Management (DSPM), Insider Risk Management (IRM), and Defender XDR. We added the Data Security Investigation Admin role to the Compliance Administrator role group. We added the Data Security Investigation Contributor role to the: Organization Management role group; Data Security Management role group; Insider Risk management role group.
Microsoft Purview: Data Loss Prevention– Unmanaged cloud app discovery and protection with Microsoft Purview and the Island Enterprise Browser
Microsoft Purview network data security now integrates with Island, extending protection to Island’s browser-based workflows at the point of user interaction. With this integration, new and existing Island customers can configure Microsoft Purview collection and data loss prevention policies to detect and protect data shared with unmanaged cloud apps through the Island Enterprise Browser, the Island Extension, and browser add ins via HTTP and HTTPS, using the same classifiers, sensitive information types, and sensitivity labels used in other Purview policies. Island provides visibility and control at the presentation layer, including typed and pasted input, file transfers, and extension activity, so data can be inspected before it ever leaves the browser. This integration further enriches Purview Data Security Posture Management (DSPM), Insider Risk Management (IRM) risk score, enables data security and compliance for AI interactions, and more.
Microsoft Purview: Credential Scanning in Data Security Posture Agent
We're expanding the Data Security Posture Agent with a new credential scanning capability. Discover exposed credentials and data security risks across scoped locations. Assign scanning tasks to the agent, track progress across stages, and take action on prioritized findings. The agent scans selected data locations, analyzing scoped files to detect credentials, such as Microsoft Entra user credentials, private keys, and API tokens. Each finding includes a risk score, AI-generated insights, confidence score, and credential category so you can review, confirm, and act from a single task board view.
Microsoft Purview: Data Lifecycle Management– Hard delete capability for OneDrive and SharePoint through secure priority cleanup workflows
Ability to select hard delete configuration for a Priority cleanup policy for OneDrive and SharePoint content and skip recycle bins.
Microsoft Purview: DSPM data risk assessments: item-level investigation & remediation
Microsoft Purview Data risk assessments now support item-level investigation and remediation of SharePoint data. New insights like sensitivity label and sharing link information help users identify items at risk of oversharing. Users are empowered to remediate overshared items by resolving, notifying, applying a sensitivity label, or removing sharing links for selected item(s). This helps organizations proactively reduce data exposure, strengthen compliance posture, and ensure sensitive data are only accessible to the right people.
Microsoft Purview: Information Protection– Override manually applied labels and Remove labels with Auto-labeling
New enhancements for SharePoint and OneDrive enable organizations to automatically override manually applied sensitivity labels and remove labels at scale on Word, Excel, PowerPoint, and PDF files. These capabilities help ensure data remains correctly classified as policies, labels, and business requirements evolve—reducing reliance on manual user updates and improving consistency for data at rest across Microsoft 365.
Microsoft Purview: Insider Risk Management – Pay-as-you-go model for Other Generative AI apps indicators
Other AI apps will move to pay-as-you-go model. Microsoft Copilot experiences indicators can still be used for free even without subscription. To continue using Other AI apps indicators, please link an Azure subscription to Microsoft Purview to enable billing. Insider Risk Management indicators transitioning to a pay-as-you-go pricing model: “Entering risky prompt in Other AI apps”. This indicator is present in Policy indicators-> Generative AI apps -> Other AI apps
Microsoft Purview: Data Security Investigations – Introducing new soft purge mitigation action
A new Data Security Investigations (DSI) mitigation action, soft purge, is now available to help admins quickly and efficiently soft-delete sensitive or overshared content during investigations. Content deleted using soft purge is retained until the deleted item retention period expires, allowing admins to have further control of their data. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
Microsoft Purview: Data Loss Prevention- Security Store now available within Purview DLP to browse, purchase, and enable partner integrations
Security Store is now integrated into the Microsoft Purview DLP experience, giving admins an in-product way to discover, purchase, and enable a curated set of integrations that extend Purview capabilities, including data security capabilities for the network. This integration simplifies how organizations activate and manage partner integrations directly within Purview.
Microsoft Purview: Data Loss Prevention- New policy configuration options available for inline network and Edge for Business policies
Admins can now scope Purview collection policies for unmanaged cloud apps based on the presence of sensitivity labels, enabling more precise discovery of sensitive activity across inline network traffic and the Edge for Business browser. Purview DLP policies also support "URL contains text" as a condition and exception, providing finer control over unmanaged cloud app usage across the network and Edge for Business, along with configurable email notifications to alert end users when activities are blocked.
Microsoft Purview: Data Loss Prevention- Data Loss Prevention to safeguard sensitive web search in Microsoft 356 Copilot and Copilot Chat
We are expanding Microsoft Purview DLP for Microsoft 365 Copilot and Copilot Chat to safeguard web searches containing sensitive data. This real-time control helps organizations mitigate data leakage and oversharing risks by preventing Microsoft 365 Copilot and agents from using sensitive data for external web search. This capability currently extends to Microsoft 365 Copilot and agents built in Copilot Studio that are published to Microsoft 365 Copilot.
Microsoft Purview: Insider Risk Management – Pay-as-you-go model for Other Generative AI apps indicators
Other AI apps will move to pay-as-you-go model. Microsoft Copilot experiences indicators can still be used for free even without subscription. To continue using Other AI apps indicators, please link an Azure subscription to Microsoft Purview to enable billing. Insider Risk Management indicators transitioning to a pay-as-you-go pricing model: “Entering risky prompt in Other AI apps”. This indicator is present in Policy indicators-> Generative AI apps -> Other AI apps
Microsoft Purview: eDiscovery- CMK (Customer managed key) for eDiscovery direct export
This release of eDiscovery features the implementation of customer-managed key (CMK) options, allowing users to manage their own encryption keys for the data included in the direct export workflow in eDiscovery, adding to the Microsoft-managed encryption already in place.
Microsoft Purview: Insider Risk Management- Data Security Triage Agent in IRM Enhancements
The Data Security Triage Agent in Insider Risk Management is deploying enhancements such as improved user risk and activity explorer pattern summaries to support improved investigation accuracy, context, and decision quality.
Microsoft Purview: Data Lifecycle Management- Azure PST Import
Azure PST Import is a migration method that enables PST files stored in Azure Blob Storage to be imported directly into Exchange Online mailboxes. It follows the standard two‑step Exchange Migration Service pattern: an initial analysis phase to validate and assess PST data, followed by execution of the actual migration. The process also involves creating a migration endpoint, running an analysis-only migration batch, using the analysis results to configure the final batch, and then starting the batch to import PST content into target mailboxes.
Microsoft Purview: Data Loss Prevention – Enhancements to Data Security Triage Agent
Adding below enhancements to Data Security Triage Agent in MS Purview - Metadata supported Custom Instructions (DLP only) : Earlier the agent only supported custom instructions which are related to content (E.g. Focus on alerts related to financial information). Now we also support instructions related to metadata. (E.g. Focus on alerts related to financial information for user Adam in last 20 days) - Consolidated Agent settings : Earlier we had seperate controls for deployment configuration and triggers. We are now merging them into a single view as the settings can be altered anytime and it becomes easier for admins and analysts to change them from single view. - Support for alerts with Non content contains condition (DLP only) : Till now we were showing alerts generated from non-content contains conditions as unsupported. (E.g. Condition = RecipientDomainIs matches and triggers alert, alert is unsupported). Now we are bringing the alerts into triage capability and determining categorization for them also - Agent Identity : Now the Triage agent can be deployed with Agent's own identity generated in Microsoft Entra. There won't be a need to have the agent run using the user's identity who was setting up the agent. This provides cleaner audit capabilities.
Microsoft Purview: Data Security Investigations – AI analysis enhancements
Data Security Investigations (DSI) now further enhances its AI analysis tools, including the ability to choose between a standard categorization for potential time and/or cost savings or a more advanced categorization to include AI-generated topics. Additionally, we are making the DSI workflow faster by automatically preparing data for AI analysis as it is being added to the investigation, saving critical investigation time.
Microsoft Purview: Data Loss Prevention – File Testing Against Sensitive Information Classifiers
A new feature will be introduced on the main Classification page, allowing users to test files against all available classifiers to identify the presence of sensitive information. Users will have the option to select a single classifier or run tests across all classifiers. This capability is designed to help users identify sensitive content within files and troubleshoot classification issues more efficiently.
Microsoft Purview: Data Loss Prevention – Export DLP and Label Policy Configurations
A new export functionality will be introduced in two locations: the Data Loss Prevention > Policies page and the Information Protection > Label publishing policies page. This feature will allow users to export their existing DLP configurations and label policies, including schema, as a downloadable ZIP file. The exported file can be attached to support tickets to accelerate troubleshooting.
Microsoft Purview: Data Loss Prevention to prevent Microsoft 365 Copilot processing content with sensitivity labels supports all storage locations
The Microsoft Purview Data Loss Prevention policy to restrict Microsoft 365 Copilot processing sensitive files in Word, Excel, and PowerPoint will now apply regardless of file storage location.
Microsoft Purview: Insider Risk Management – Ability to preview content in Insider Risk Management Alerts
Insider Risk Management is excited to announce the ability to preview content directly within an IRM alert without having to create a case. Users with appropriate permissions will be able to preview relevant files referenced directly within activity explorer in each alert.
Microsoft Purview: Data Loss Prevention – Enable DLP Diagnostics for All Roles with Purview DLP Policy Access
We’re updating permissions to ensure that all roles with access to view DLP policies in Microsoft Purview can also run diagnostics on those policies. This change enhances visibility and empowers authorized users to troubleshoot and validate policy behavior more effectively. The following roles will now have diagnostic access: Organization Configuration View-Only Configuration Compliance Admin Security Admin Security Reader DLP Compliance Management View-Only DLP Compliance Management Insider Risk Management Admin Information Protection Admin Information Protection Analyst Information Protection Investigator Data Security AI Admin
Microsoft Purview: Data Lifecycle Management - Hard delete capability for OneDrive and SharePoint through secure priority cleanup workflows
Admins will be able to select hard delete configuration while setting up a priority cleanup policy for OneDrive and SharePoint content and skip recycle bins.
Microsoft Purview: Role Group changes in Purview
We are introducing a new Microsoft Purview RBAC role—Purview Agent Deployment—and adding it to various existing built in role groups used by analysts and admins across Purview. This change enables users who use built-in role analyst groups to deploy Security Copilot Agents in Purview without needing any additional roles. If your organization prefers to limit agent deployment permissions, you can create a custom role group that does not include the Purview Agent Deployment role and assign that custom role group to analysts who should not be able to deploy agents. This update does not change default data access or expand visibility into customer content. All other permissions within each role group remain unchanged. Analysts who are assigned to custom role groups will not be able to deploy agents unless the Purview Agent Deployment role is explicitly added to those custom groups. We recommend reviewing and updating your organization’s RBAC documentation, internal processes, or onboarding guides to reflect these change We recommend reviewing and updating your organization’s RBAC documentation, internal processes, or onboarding guides to reflect these changes.
Microsoft Purview: Insider Risk Management – Ability to create cases without content in IRM
Insider Risk Management is providing the ability to create a case without content. With this, we will introduce a new active case limit (2000). This new functionality will allow customers to create more cases particularly when content download is unnecessary. If a case is created without content download, content download can be initiated anytime the case is active pending available content download limits. There is no change to the active content download limit (100).
Microsoft Purview: Data Catalog – Advanced resource sets
Logical grouping of files with same schema and are under the same folder into a single file known as resource set. Using advanced resource set capability, customers can define pattern rules that will help group files based on custom patterns.
Microsoft Purview: Data Security Posture Management for AI: Fabric integration in Data Risk Assessment
Within Purview's Data Security Posture Management (preview), Data Risk Assessment now supports scanning all Fabric workspaces for potentially overshared Fabric data (dashboards, reports, etc.). The new Fabric tab in Data Risk Assessment allows users to view default assessment results, create custom assessments for scoped Fabric workspaces, and take proactive actions to secure your Fabric data.
Microsoft Purview: Information Protection-Content Explorer – Enhanced Tag (SIT, Labels) Filter at UI Layer
Introduces enhanced controls in Content Explorer’s UI, enabling scoped visibility and filtering of SIT and label data. This will help with content discoverability and governance.
Microsoft Purview: Endpoint Data Loss Prevention- Show customized message or hyperlink for multiple file toast
With this feature when multiple files are involved in a DLP enforcement action, the policy tip will now show multiple files and their respective status.
Microsoft Purview: Endpoint Data Loss Prevention- Source context based file protection for Endpoint
Protect file based on the website the file is downloaded or the app the file is created.
Microsoft Purview: eDiscovery-Tenant level process report
The tenant‑level process report provides eDiscovery administrators and managers with a centralized view of eDiscovery processes running across cases in the tenant—or across the cases they have access to. It surfaces key details such as process type, status, duration, timestamps, and who initiated each process, enabling better operational oversight, faster issue triage, and clearer end‑to‑end visibility into eDiscovery activity.
Microsoft Purview: Endpoint Data Loss Prevention- Logged-in user details on the Purview device onboarding page
This update introduces logged-in user details (user email) on the device onboarding page for Windows devices bringing it in line with the experience for MacOS devices. Admins can now see which user is currently signed in on a device, making It faster to confirm ownership and troubleshoot issues.
Microsoft Purview: Data Loss Prevention- Adaptive Scopes for DLP for SharePoint
Adaptive Scope for SharePoint is a dynamic scoping capability in Microsoft Purview DLP that allows administrators to automatically target DLP policies to the right sites based on attributes such as site URL, site name, or custom site metadata. Unlike static scoping, which requires manually listing sites and maintaining them over time, adaptive scopes continuously evaluate site properties and auto‑include or exclude locations as they evolve. This enables scalable policy deployment, eliminates the 100‑site static policy limit, and delivers granular, and automated targeting.
Microsoft Purview: Data Loss Prevention- Additional Diagnostics for Data Loss Prevention and Information Protection
The below diagnostics will help users understand which sensitive information exist in their document and what labels applied and what policies have been triggered: DLP SharePoint Diagnostics DLP EXO Diagnostics Auto labeling diagnostics for SPO/ODB
Microsoft Purview: Insider Risk Management- Insider risk management for agents
As AI agents become deeply embedded in enterprise ecosystems, they are evolving beyond simple tools or workflows into a digital workforce. These agents can interpret intent, access and manipulate enterprise data, execute actions and even make real-time decisions. In many ways, they operate like human insiders only with machine-speed data processing capabilities. To govern and protect these agents effectively, Microsoft Purview Insider Risk Management is being expanded to agents, with specific indicators and insider risk score built for agents based on agentic activities.
Microsoft Purview: Information Protection-Email attachment Preview in Activity Explorer
We're enhancing Activity Explorer to provide greater visibility into sensitive data flagged in Exchange Online. Previously, only the message body was viewable, which limited insight into flagged content. With this update, admins will be able to preview email attachments directly within Activity Explorer—without needing to download the email.
Microsoft Purview: Endpoint DLP - Enhanced content extraction and file type coverage for DLP on Mac devices
With this release, the file type coverage to scan, classify and protect sensitive content on Mac devices with
Microsoft Purview: Data Lifecycle Management-Auto-Archive for Exchange Online
A new capability called Auto-Archiving for Exchange Online will enter public preview in November 2025 (currently under private preview for selected customers). When a user's mailbox utilization exceeds 95% of its quota and archive mailbox is present, this feature automatically moves the oldest items excluding those tagged with “Never Move to Archive” from the primary mailbox to the archive mailbox to prevent mail flow disruptions by keeping usage below the safe threshold of 95% of mailbox quota.
Microsoft Purview: Insider Risk Management-New quick policies to detect data theft from Microsoft Fabric & non-Microsoft 365 data sources
We are adding to Insider Risk Management a pre-configured quick policy template to detect data theft from Microsoft Fabric and non-Microsoft 365 data sources like Box, Dropbox, Google Drive, Azure and Amazon Web Services (AWS). This will enable admins to create scenario-specific policies, with little configurations needed, to get started faster. All scenario based quick policies can be found in the Policies page > Create Policies. Additional tuning post deployment to meet individual alert volume needs can be expected.
Microsoft Purview: Insider Risk Management-New Microsoft Fabric lakehouse risk indicators
With this update, Insider Risk Management extends its risk-detection capabilities to Microsoft Fabric lakehouses (in addition to Power BI which is supported today) by offering ready-to-use risk indicators based on user activities in Fabric lakehouses. Organizations can use these new indicators in data theft and data leaks policies.
Microsoft Purview: Data Security Investigations-Introducing new purge mitigation action
A new Data Security Investigations (DSI) mitigation action, purge, is now available to help admins quickly and efficiently delete sensitive or overshared content during investigations, within the product UX. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
Microsoft Purview: Data Loss Prevention-Alert Classification Property for DLP Alerts on Purview Portal
This feature introduces the ability to classify DLP alerts directly in the Purview portal. In addition to assigning a status, customers can now categorize alerts as True Positive, False Positive, or Benign Positive. This capability helps security teams better organize, track, and manage alerts, enabling more accurate reporting and efficient incident handling.
Microsoft Purview: Data Security Posture Management-Data Security Posture Agent in DSPM
The Data Security Posture Agent is designed to expand the capacity of data security admins as they proactively work to stay on top of a dynamic data and risk landscape within their organization. Its primary job is to help discover sensitive data across your data estate. This agent is designed to analyze and search documents, emails, and messages that match the natural-language discovery intent requested by the user and assess associated risks. By moving beyond traditional keyword and information-type analysis and harnessing the power of LLMs, this agent enables organizations to identify risks based on the actual purpose and context of the content and take appropriate action.
Microsoft Purview: Endpoint Data Loss Prevention-Endpoint DLP Device Status API
Provides access to the same device health details currently available through the export function on the device onboarding page. With the new device status API, customers can pull device-level information directly into their own BI tools, dashboards, and workflows, eliminating manual exports and making it easier to automate reporting at scale.
Microsoft Purview: DSPM data risk assessments: item-level investigation & remediation
Microsoft Purview Data risk assessments now support item-level investigation and remediation of SharePoint data. New insights like sensitivity label and sharing link information help users identify items at risk of oversharing. Users are empowered to remediate overshared items by resolving, notifying, applying a sensitivity label, or removing sharing links for selected item(s). This helps organizations proactively reduce data exposure, strengthen compliance posture, and ensure sensitive data are only accessible to the right people. We are cancelling this Roadmap item as it is a duplicate. For future updates please refer to Roadmap ID 523202. We apologize for the inconvenience.
Get weekly Purview updates
Roadmap changes, new features, and practical commentary. Delivered weekly.