Roadmap, security and documentation changes captured for Microsoft Purview.
In developmentMicrosoft Purview
Adaptive Protection in Microsoft Purview helps you protect your organization’s data by integrating dynamic insider risk levels, determined by data related activities, with various policy engines to automatically moving users in and out of policies as their risk levels change over time. The integration with Data Lifecycle Management will automatically apply retention labels to preserve deleted emails and files based on a user’s insider risk level.
In developmentMicrosoft Purview
A new feature will be introduced on the main Classification page, allowing users to test files against all available classifiers to identify the presence of sensitive information. Users will have the option to select a single classifier or run tests across all classifiers. This capability is designed to help users identify sensitive content within files and troubleshoot classification issues more efficiently.
In developmentMicrosoft Purview
A new export functionality will be introduced in two locations: the Data Loss Prevention > Policies page and the Information Protection > Label publishing policies page. This feature will allow users to export their existing DLP configurations and label policies, including schema, as a downloadable ZIP file. The exported file can be attached to support tickets to accelerate troubleshooting.
In developmentMicrosoft Purview
Endpoint DLP support for FTP and SFTP enables organizations to monitor and protect sensitive data transferred from managed endpoints using FTP and SFTP, helping prevent unauthorized data exfiltration while maintaining visibility and control.
In developmentMicrosoft Purview
Ability to apply Retention labels and policies to items on OneDrive and SharePoint based on when the items were last accessed by an user.
In developmentMicrosoft Purview
Azure PST Import is a migration method that enables PST files stored in Azure Blob Storage to be imported directly into Exchange Online mailboxes. It follows the standard two‑step Exchange Migration Service pattern: an initial analysis phase to validate and assess PST data, followed by execution of the actual migration. The process also involves creating a migration endpoint, running an analysis-only migration batch, using the analysis results to configure the final batch, and then starting the batch to import PST content into target mailboxes.
In developmentMicrosoft Purview
This release of eDiscovery features the implementation of customer-managed key (CMK) options, allowing users to manage their own encryption keys for the data included in the direct export workflow in eDiscovery, adding to the Microsoft-managed encryption already in place.
In developmentMicrosoft Purview
The Data Security Triage Agent in Data Loss Prevention now offers a new sensitive data remediation function, which empowers organizations to proactively identify and remediate sensitive information—such as Social Security Numbers, passwords, and credit card data—across thousands of files stored in SharePoint or OneDrive locations, dramatically increasing the percentage of remediated files with sensitive information, resulting in reduced compliance risk. Seamlessly integrated with Microsoft Purview, this new agent function automatically detects file(s) with a Data Loss Prevention (DLP) policy match “Needs Attention” alerts and pushes a remediation notification to the end user who last modified the file guiding them to remove sensitive data through targeted Microsoft Teams messages. Its’ closed-loop workflow ensures that remediation progress is tracked and confirmed, giving admins real-time visibility and control via the Data Security Posture Management dashboard. By streamlining sensitive data cleanup and automating user engagement, this agent helps organizations achieve their remediation goals at scale. Let the Data Security Triage Agent handle the heavy lifting of pushing remediation requests directly to the end user, so Purview admins don't have to!
In developmentMicrosoft Purview
AI-powered visibility into DLP policy deployment across devices, helping admins track sync progress and understand enforcement coverage. They proactively identify impacted devices, explain root causes of sync failures, and guide admins with recommended actions to quickly diagnose and resolve issues.
In developmentMicrosoft Purview
The Advanced Review Set Explorer empowers reviewers to harness the power of real-time big data analytics on their review set data. This tool enhances data analysis by offering insights such as identifying top item types, spotting patterns, and trends within the review set. Reviewers can utilize powerful Kusto query constructs like complex filtering, pattern-based text extraction, and data format parsing to analyze and find key information specific to their case or organization. The results can then be visualized using various flexible charting solutions, providing a comprehensive understanding of the data's story.
In developmentMicrosoft Purview
Self-service diagnostics help identify common issues with case permissions, security filters, and policy status. The experience highlights potential misconfigurations and provides simple guidance to help customers understand and resolve them. This brings basic troubleshooting into the product and helps eDiscovery admins overcome common challenges.
In developmentMicrosoft Purview
The Microsoft Rights Management (RMS) connector is moving from shared-secret authentication to certificate-based authentication, improving its security posture. With this update, administrators configure their own Microsoft Entra app registration and certificate, then use the new PowerShell module to configure the certificate for each workload (Connector, Exchange, SharePoint, and FCI). New PowerShell cmdlets handle certificate import, registry configuration, private-key permissions, and validation. As part of this change, the connector setup no longer provisions an Entra service principal or issues a shared secret on the customer's behalf. Customers should plan to register an Entra ID application and upload a certificate before installing or upgrading the connector.
In developmentMicrosoft Purview
DLP Policy Optimizer uses AI to analyze your organization’s DLP policies, rule structure, and activity signals to identify optimization opportunities that are difficult to detect manually. It highlights overlapping rules, redundant conditions, misconfigurations, and sources of excessive noise, and presents prioritized recommendations with supporting evidence and suggested actions. This enables you to reduce false positives and alert noise, improve policy precision, and simplify policy management with confidence.
In developmentMicrosoft Purview
Enable aggregation of DLP alerts based on common entities user even when multiple rules are matched. This feature should consolidate related alert events into a single alert object to: Reduce alert noise, simplify investigation workflows, enhance contextual understanding of violations.
In developmentMicrosoft Purview
We’re introducing a new unified alert triage experience in Insider Risk Management that brings agent‑driven insights directly into the standard Alerts queue. With this update, analysts can view agent categorizations alongside traditional alert filters and columns in a single, consolidated workflow. The updated alert details panel, enables faster investigation and action from the alerts list page by embedding agent insights directly into the alert experience. To support customer transition, the existing alert and agent triage experience will remain available for 60 days and can be accessed via the Alerts tabs under Users in the left navigation. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
We’re introducing a new collaboration capability in Insider Risk Management that enables analysts and investigators to add notes directly within alerts. With this feature, users can document investigation progress, share findings, and capture key context throughout the triage process. In addition to manually added notes, system‑generated notes will automatically record updates such as alert status changes or user assignments — helping teams maintain a clear and auditable investigation timeline. By centralizing investigation history directly within alerts, this update helps improve collaboration and ensures all stakeholders stay aligned throughout the investigation lifecycle. These note enhancements will also be made available in Cases. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
We’re enhancing the User section within Insider Risk Management alerts to provide investigators with more contextual user profile and risk attributes directly within their workflow. With this update, analysts can now view key user details such as employee type, office location, start date, policy inclusion, priority user group status, and last working day—helping them build a more complete understanding of the user during investigations without navigating away from the alert experience. This feature will be available as part of the new alert workflow through the Alert Details panel. Additional user attributes will continue to be introduced over time, with pseudo‑anonymization honored to support privacy‑by‑design investigation practices. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
Endpoint DLP now includes a pre curated list of file extensions for the file extension condition. Previously, file extensions were entered as free form text, which could result in unsupported or non-scannable extensions being used. This could lead to gaps in protection and increase processing overhead on endpoints. With the pre curated list, you can select only supported file extensions. This helps improve policy reliability and reduces unnecessary processing on endpoints.
In developmentMicrosoft Purview
Endpoint DLP now extends protection to files stored in commonly excluded Windows folders, including Temp and AppData. This helps improve coverage by detecting and protecting sensitive data in these locations.
In developmentMicrosoft Purview
Enable customers to include or exclude users/user groups from Just‑In‑Time (JIT) Audit, ensuring audits are generated only for the selected users or groups.
In developmentMicrosoft Purview
Policy updates in Microsoft Purview now sync faster, reducing wait times from up to 2 hours to just 30 minutes, so your protections stay up to date and take effect more quickly across your organization.
In developmentMicrosoft Purview
The Simulation Grader helps admins understand and improve auto‑labeling accuracy before enforcing a policy. When enabled during simulation, matched items are evaluated by an AI-powered grader to determine whether each match is a true positive or false positive, along with an explanation of why the content matched. The results roll up into clear policy‑level accuracy insights and file‑level evaluation details, giving admins confidence to refine conditions, upgrade to smarter classifiers, and move policies to enforcement with greater trust.
In developmentMicrosoft Purview
Retention based file archiving moves inactive content to low-cost storage, lowering costs with no compromise on Compliance, keeping data discoverable and making Copilot results highly relevant.
In developmentMicrosoft Purview
Insights on sensitive M365 data (OneDrive and SharePoint) and recommendations on retention policies for customers to better govern their sensitive data.
In developmentMicrosoft Purview
This release introduces a new condition for Exchange Online policies: “Count of labeled documents is greater than.” This condition evaluates the number of attachments in an email message that carry a matching sensitivity label. When the count exceeds a defined threshold, the DLP rule is triggered, and configured actions are applied. This capability enables detection of high-volume data exfiltration scenarios, where multiple sensitive files—individually low-risk—collectively represent a significant compliance or security risk. Existing conditions evaluate file content, but do not provide controls based on the volume of labeled attachments.
In developmentMicrosoft Purview
Data Lifecycle Management (DLM) billing will be based on the volume of data retained. For example, any number of non‑Microsoft 365 generative AI prompts and responses that collectively amount to 1 GB of retained data will be billed at $0.25 per GB per month (equivalent to ~$0.0082 per GB per day). In the updated model, DLM is billed based on the total volume of text messages managed by a DLM policy. Each non‑Microsoft 365 generative AI prompt and response is treated as an individual text message and is retained and deleted according to the configured Microsoft Purview retention settings. Billing is calculated on the managed text messages in storage, at a rate equivalent to $6 per one million text messages per month. Customer impact Customers will need to migrate from the legacy meter to the new meter. Based on current analysis, the overall cost impact is expected to be cost‑neutral or lower for customers under the new billing model.
In developmentMicrosoft Purview
Reusable Lists centralize management of keywords, domains, and email addresses, eliminating duplication across rules and reducing the effort required to maintain large policies.
In developmentMicrosoft Purview
When DLP rules detect policy violations in Exchange Online, they generate audit records that administrators rely on for compliance monitoring, incident investigation, and policy tuning. Previously, these records only showed Sensitive Information Type matches. This feature aims to extend that to sender domain, subject keywords, attachment type, or recipient information. Now they will be visible in alerts and Activity Explorer providing data enrichment to the administrators.
In developmentMicrosoft Purview
AI agent skill to detect and alert unhealthy policy sync and device configuration.
In developmentMicrosoft Purview
We are expanding Microsoft Purview DLP for Microsoft 365 Copilot and Copilot Chat to safeguard risks from external emails. This real-time control helps organizations mitigate data risks by preventing Microsoft 365 Copilot and Chat from processing emails from senders external to your organization. This capability currently extends to Microsoft 365 Copilot and agents built in Copilot Studio that are published to Microsoft 365 Copilot.
In developmentMicrosoft Purview
The Role groups page in the Microsoft Purview compliance portal now allows admins to look up permissions by roles and memberships.
In developmentMicrosoft Purview
Granular Protections for Exchange Online is available in public preview. This release gives administrators fine-grained control to create DLP policies based on specific classification or text extraction failure types — such as timeout, throttling and other scan errors — rather than one blanket policy for all failure conditions.
In developmentMicrosoft Purview
We are expanding Microsoft Purview DLP for Microsoft 365 Copilot to safeguard prompts containing sensitive data. This real-time control helps organizations mitigate data leakage and oversharing risks by preventing Microsoft 365 Copilot and agents from returning a response when prompts contain sensitive data or using that sensitive data for grounding in Microsoft 365 or the web. This capability currently extends to Microsoft 365 Copilot and agents built in Copilot Studio that are published to Microsoft 365 Copilot.
In developmentMicrosoft Purview
This feature is bringing the Information Protection Filer Labeler and Viewer applications to the MacOS platform. Enabling customers to have the same capabilities available on Mac. Core functionality will be available with the exception of the Advanced label-based protection feature.
In developmentMicrosoft Purview
When files are opened in Windows, the operating system, and applications (for example, Microsoft Office and browsers) can create, rename, and delete temporary files as part of normal behavior. The Endpoint client audits these activities, resulting in high-volume, low-signal events that appear as “noise” for Insider Risk Management (IRM) customers. While global exclusions exist (file type, keyword, file path, etc.), some temporary file naming patterns are not easily captured with the current exclusions, leaving customers without a practical way to reduce noise without over-excluding. This feature introduces built-in filtering for well-known temporary file name patterns so that Endpoint file operations are excluded from IRM activity explorer and scoring reducing noise allowing customers to focus on the most relevant alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Rolling outMicrosoft Purview
Improves eDiscovery workflows for Loop and Copilot pages by enabling full indexing of page content for keyword search within review sets and adding HTML format support for export from search.
In developmentExcelPowerPointWord
In Word, Excel, and PowerPoint, the ‘Prevent some connected experiences that analyze content’ label setting now prevents files in these apps from being sent to all Microsoft connected experiences for analysis, rather than a subset of these connected experiences.
In developmentMicrosoft Purview
Provide insights on Copilots and AI Apps usage and recommend retention policies for customers to govern their Copilots and AI App interactions.
In developmentMicrosoft Purview
Retention based file archiving moves inactive content to low-cost storage, lowering costs without compromising on Compliance - while keeping data discoverable and Copilot results highly relevant.
In developmentMicrosoft Purview
Ability to select hard delete configuration for a Priority cleanup policy for OneDrive and SharePoint content and skip recycle bins.
In developmentMicrosoft Purview
Microsoft Purview Data Security Investigations (DSI) is extending our investigations by adding optical character recognition (OCR), extracting text from images and incorporating it into investigation data. This enables AI-powered deep content analysis to uncover data security risks that are often hidden within visual content.
In developmentMicrosoft Purview
Previously customers would have system files either included or excluded manually configured. With this feature there is now a capability to provide this by default and have the option of including or excluding those paths. This list is managed by Microsoft to ensure accuracy and ease of management.
In developmentMicrosoft Purview
Today, Insider Risk Management (IRM) provides policy-driven protection for data leaks, data theft, and risky AI usage. However, while policy-driven protections are powerful, customers may not always have clear visibility into where coverage can be optimized or expanded to address latent insider risk.
IRM now provides guidance on what protections are missing or which policy configurations deliver the most incremental value, providing customers with more comprehensive coverage to mitigate their most critical insider risk.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
This dashboard will allow admins to view the device health across all their devices to ensure the system is healthy and ready to receive policy updates and quickly identify devices that are not ready.
In developmentMicrosoft Purview
At Ignite, Microsoft is introducing a major evolution of Purview Data Security Posture Management (DSPM) to help organizations strengthen data security and confidently embrace AI. The new DSPM experience unifies visibility and control across traditional data and AI-driven environments, delivering outcome-based guided workflows that turn insights into actionable steps—so teams can prioritize risks and remediate faster. It brings AI observability, enhanced posture reporting, and intelligent Security Copilot agents to automate tasks like triage and policy management. Plus, Purview now extends coverage beyond Microsoft data with third-party signals from partners like BigID, Cyera, OneTrust, and Varonis, giving security teams a single, streamlined view of sensitive data across clouds and platforms. Together, these innovations make DSPM the central hub for managing data security posture in the era of AI. We are also extending Data Risk Assessments to Fabric and to item-level analysis with new remediation actions like bulk disabling of overshared SharePoint links.
In developmentMicrosoft Purview
We’re introducing a new guided diagnostics experience to help users understand why their DLP policies may not be behaving as expected. This experience provides a clear summary of why a DLP action was taken on a document, including which policies were triggered, the order of evaluation, and detailed insights into which conditions evaluated as true or false.
For Microsoft 365 E5 customers, the experience also includes Copilot-powered insights and tailored recommendations to accelerate troubleshooting and policy optimization.
In developmentMicrosoft Purview
Previously, auto expanding archive mailbox expansion was supported only up to 1.5 TB, after which mailboxes would become inoperative. Archive mailboxes can now automatically expand beyond the 1.5 TB limit, ensuring uninterrupted retention and enabling scalable archive growth as storage thresholds are reached. This capability will be offered as a consumption‑based feature for auto expanding archive beyond 1.5 TB and will be billed at $0.25 per GB per month (or $0.0082 per GB per day).
In developmentMicrosoft Purview
This feature introduces confidence scoring and reasoning trace explainability into the Data Security Triage Agent in DLP, addressing a critical trust gap reported across multiple customers. Today, without transparency into why the agent makes a decision or how confident it is, analysts are forced to fall back to manual review — completely negating the automation value. The feature will surface a reasoning trace alongside each agent decision and a confidence score, giving analysts a clear signal of how reliable the agent's output is. This provides SOC teams with an auditable, explainable output they can validate rather than blindly trust, enabling them to progressively increase reliance on automation over time.
In developmentMicrosoft Purview
AI-powered intent for classifiers: Microsoft Purview Information Protection will generate a human-readable semantic intent for custom Sensitive Information Types (SITs), helping customers better understand what their classifiers detect and refine them for higher accuracy and fewer false positives.
LaunchedMicrosoft Purview
Customers can now access and review the underlying risky prompt and response interactions generated by users during AI usage, even when user anonymization is enabled within Insider Risk Management investigations. This capability ensures that anonymized investigation workflows do not limit visibility into the contextual AI activity associated with potential risk. This enables analysts to effectively investigate detailed AI interactions across the organization. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Rolling outMicrosoft Purview
Data Security Investigations (DSI) is introducing the ability to create custom examination focus areas. This feature will empower admins to tailor examination to their specific needs depending on the type of investigation being performed and the information they are most concerned with. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
LaunchedMicrosoft Purview
Customers can precisely choose which AI app they should use to detect any of the Generative AI apps indicators. This is applicable to the following indicators: "Entering risky prompts in Copilot", "Receiving sensitive responses from Copilot", "Entering risky prompts in enterprise AI apps", and "Receiving sensitive responses from enterprise AI apps". Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
Data Security Investigations now delivers proactive AI insights within the Data Security Posture Management (DSPM) experience. When DSPM identifies potential data exfiltration, DSI automatically analyzes the flagged content against risk dimensions like intellectual property, financial data, and credentials. Results are surfaced directly in DSPM, helping security teams identify sensitive data at risk before an incident occurs — and take action in DSI when deeper investigation is needed.
LaunchedMicrosoft Purview
We're adding pre-built search templates to Microsoft Purview Data Security Investigations. Templates provide pre-configured search queries for common data security scenarios, allowing investigators to scope an investigation in just a few clicks instead of manually building queries. Users select a template, provide minimal inputs (such as a user or site), and the search is configured and ready to run.
Rolling outMicrosoft Purview
We're introducing notification capabilities and search improvements to Microsoft Purview Data Security Investigations. Investigators will receive notifications when key investigation events occur, such as when AI jobs complete or when new data is added to scope. Search improvements include enhanced query building to more easily identify potentially impacted data
In developmentMicrosoft Purview
With this update, the indicators belonging to cloud storage apps (Box, Dropbox, Google Drive), cloud services (Azure, Amazon Web Services) and Microsoft Fabric (Power BI, Lakehouse) will be supported as triggers in Data leaks policy. With triggers, customers can define the conditions for bringing the user into the scope of a policy while the respective indicators are used to determine risk score.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Rolling outMicrosoft Purview
With this feature, data officers can now complete their coverage story by now embedding hyperlinks within toast messages for the Edge browser. When this rule is triggered, the end user will see a toast with a customized title and message with a hyperlink. This feature is useful when organizations need to direct users to a specific resource or a repository for more specific instruction (e.g. internal policy SharePoint site).
Rolling outMicrosoft Purview
Monitor or protect file with unsaved sensitive content from being printed or being moved to USB or network share.
Rolling outMicrosoft Purview
Microsoft Purview Endpoint data loss prevention is expanding coverage to Copilot + PCs initially to support Recall snapshots and determining whether policies exist to prevent capture of windows containing restricted sensitivity labels and Sensitive information types (SITs). Purview admins will author Endpoint DLP custom policies to integrate with Windows Copilot + PC Recall setup by Intune admins for Copilot + PC devices exclusively.
LaunchedMicrosoft EdgeMicrosoft Copilot (Microsoft 365)Microsoft Purview
Currently admins can set Purview DLP policies to protect sensitive data from being sent to any Generative AI apps, users get blocked from sending their prompts to LLM when this is triggered and stops their workflow. This new add-on to the feature shows a new UI that will give users the option to be redirected to M365 Copilot which will open and navigate to this M365 Copilot tab and allow them to send the same prompt there.
LaunchedMicrosoft Purview
Review set limit per case is increased from 20 per case to 100 per case.
In developmentMicrosoft Purview
With this feature, IRM alerts and other supporting data will be available in the following Microsoft Defender XDR experiences:
1. IRM alerts will be surfaced in unified alert and Incident queue in Microsoft Defender XDR.
2. IRM alerts, Indicators and enriched events will be available in Microsoft Defender XDR advanced hunting. Analysts can leverage KQL queries to identify potentially hidden risky patterns in data security related user activity.
3. IRM alert, Indicators and enriched events will be exposed through Graph API.
This feature can be enabled through “Share data with Microsoft Defender XDR” within Microsoft Insider Risk Management settings
IRM data in Microsoft Defender XDR does not honor anonymization. This is to enable effective correlation of IRM alerts with alerts from other solutions in Microsoft Defender XDR platform (such as Defender for Endpoint, Defender for Cloud apps, etc.).
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
AI and IT admins in Microsoft Admin Center can 1) gain visibility around oversharing risks and drive remediations 2) Understand how much of sensitive copilot interactions are protected and turn on Purview DLP for M365 Copilot right from there. Enables secure adoption of Copilot.
In developmentMicrosoft Purview
With Purview enabled in Microsoft Foundry, Purview admins can setup inline DLP policies to prompts on Foundry built apps and agents to ensure data loss prevention of sensitive data.
In developmentMicrosoft Purview
Block External Domain/User action in Microsoft Purview DLP for SharePoint and OneDrive, gives organizations stronger control over who can access sensitive files. With this enhancement, admins can configure DLP policies that block file access for specific external domains or individual users. This capability helps prevent unintended exposure by external users and supports enterprise compliance requirements.
In developmentMicrosoft Purview
Use the in-product migration tool in Unified Catalog to migrate classic glossary terms, associated term templates, and asset and column relationships to Unified Catalog
In developmentMicrosoft Purview
Introduce an AI-powered capability leveraging Microsoft Security Copilot to automatically generate natural language explanations of changes made to DLP policies after each update within Microsoft Purview. This feature will analyze policy version deltas (pre-update vs. post-update) and produce a structured, human-readable summary that clearly explains: What changed Where the change occurred (rule, condition, action, location, etc.) The impact of the change The potential enforcement implications The goal is to eliminate manual policy diff analysis, reduce configuration ambiguity, and improve governance transparency for compliance and security administrators.
In developmentMicrosoft Purview
Enables auto‑labeling of existing SharePoint files to match the default sensitivity label configured on their document library. This helps organizations close labeling gaps for data at rest and ensure consistent, secure‑by‑default protection across SharePoint libraries—without relying on manual user labeling.
LaunchedMicrosoft Purview
With this release, the file type coverage to scan, classify and protect sensitive content on Mac devices with Microsoft Purview Data Loss Prevention policies will increase from current ~40 file types to 100+ file types. This release will make the coverage of file types on endpoint consistent with other locations such as Exchange, SharePoint and OneDrive. This will also include other enhancements like detecting label from pfile, detecting sensitive content in metadata, and detecting sensitive content in PDF forms.
LaunchedMicrosoft Purview
Data Security Investigations (DSI) is introducing a new examination focus area concentrated on identifying personal data. The personal data examination will identify and extract various types of personal data from the selected items including but not limited to, names, addresses, bank account numbers, and more. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
In developmentMicrosoft Purview
Admin should be able to see the Endpoint DLP policy sync status on the Purview portal within 30 mins.
LaunchedMicrosoft Purview
This dashboard will allow admins to view the device health across all their devices to ensure the system is healthy and ready to receive policy updates and quickly identify devices that are not ready.
LaunchedMicrosoft Purview
Microsoft Teams stores call logs in several persistent locations, such as CDR logs. Currently, these logs are retained indefinitely. However, regulatory requirements in various countries specify maximum retention periods for calling-related logs. This discrepancy creates a compliance gap, as the existing retention practices may not meet regulatory obligations.
Additionally, tenant administrators may prefer to retain data for longer periods to improve the user experience. Therefore, this solution would help organizations ensure that Microsoft Teams remains compliant with regulatory mandates while also supporting evolving product features and business needs.
LaunchedMicrosoft Purview
File Creation and File Modification conditions in Microsoft Purview DLP for SharePoint and OneDrive and AutoLabelling will give organizations more precise control over DLP policy definition. These conditions allow admins to configure policies based on when the files were created or last modified, enabling policies that target newly created documents, recently edited files, or older content that may require stricter governance. With these new date-based predicates, Purview DLP delivers stronger lifecycle-aware protection, improved policy accuracy, and greater flexibility in securing data across SPOD.
In developmentMicrosoft Purview
Initiate a Power Automate workflow when the item reaches the end of its retention period. For example, execute a complex disposition approval process or move the file to an archive.
LaunchedMicrosoft Purview
This update introduces logged-in user details (user email) on the device onboarding page for Windows devices bringing it in line with the experience for MacOS devices. Admins can now see which user is currently signed in on a device, making It faster to confirm ownership and troubleshoot issues.
LaunchedMicrosoft Purview
Provides access to the same device health details currently available through the export function on the device onboarding page. With the new device status API, customers can pull device-level information directly into their own BI tools, dashboards, and workflows, eliminating manual exports and making it easier to automate reporting at scale.
In developmentMicrosoft Purview
Microsoft Purview network data security now integrates with Palo Alto Prisma Access, extending discovery and protection to network traffic. With this integration, new and existing Palo Alto Prisma Access customers can configure Microsoft Purview collection and data loss prevention policies to discover and protect sensitive data shared with unmanaged cloud apps via HTTP/HTTPS, using the same classifiers, sensitive information types, and sensitivity labels used in other Purview policies. This integration further enriches Purview Data Security Posture Management (DSPM), Insider Risk Management (IRM), enables data security & compliance for AI interactions, and more.
In developmentMicrosoft Purview
Organizations can now manually apply Purview Information Protection sensitivity labels in Engage. Allowing admins to create labels and configure label publishing policies to determine which users and groups can manually label content in Engage communities. End users in Engage will be able to then manually apply labels to communities and in turn classify and protect their sensitive data via privacy and external user access controls.
In developmentMicrosoft Purview
Data Security Triage Agent summaries and categorizations for DLP alerts will be made available in DLP Alerts in Microsoft Defender XDR.
LaunchedMicrosoft Purview
Review set limit per case is increased from 20 per case to 100 per case.
In developmentMicrosoft Purview
Admins can now see the sync status of sensitivity label publishing policies directly in the Purview portal. This provides clear confirmation that label policy changes have been fully applied across Microsoft 365 workloads, reducing guesswork, speeding troubleshooting, and increasing confidence during large scale label deployments.
In developmentMicrosoft Purview
Teams meeting artifacts, including recordings, transcripts, and Loop notes, can now be configured to automatically inherit the sensitivity label from the meeting. This ensures content generated during meetings is consistently protected without requiring manual labeling, reducing risk and simplifying protection at scale.
In developmentMicrosoft Purview
To provide more flexibility, admins can now exclude modern Microsoft 365 groups and scope sensitivity label policies to dynamic and non-mail enabled security groups—expanding policy targeting beyond individual users and mail enabled groups.
LaunchedMicrosoft Purview
With this feature, data officers can now complete their coverage story by now embedding hyperlinks within toast messages for the Edge browser. When this rule is triggered, the end user will see a toast with a customized title and message with a hyperlink. This feature is useful when organizations need to direct users to a specific resource or a repository for more specific instruction (e.g. internal policy SharePoint site).
In developmentMicrosoft Purview
Enhance current API infrastructure to provide easy and simple way for customers to export data to integrate with SIEM tools, create automated workflows and generate customizable reports. Today alert data is present in Graph API and DLP rule match event details are present in Management API. This work enriches the graph API with DLP event data to make correlation and integration easy for customers.
LaunchedMicrosoft Purview
Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from Unified Audit Log activity. In DSI, build your audit log query by specifying criteria such as time range, activities, users, and keywords. DSI then automatically pulls the associated files into the investigation (for example, UserA downloaded a file on 3/1/2026).
In developmentMicrosoft Purview
Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).
LaunchedMicrosoft Purview
We are simplifying Data Security Investigations (DSI) roles following customer feedback and the continued integration with Data Security Posture Management (DSPM), Insider Risk Management (IRM), and Defender XDR. We added the Data Security Investigation Admin role to the Compliance Administrator role group. We added the Data Security Investigation Contributor role to the: Organization Management role group; Data Security Management role group; Insider Risk management role group.
In developmentMicrosoft Purview
File Quarantine action in Microsoft Purview DLP for SharePoint and OneDrive, enables stronger, immediate protection for sensitive data. When a DLP policy is triggered, the File Quarantine action automatically moves the file to a restricted, admin‑controlled & defined quarantine location—instantly removing access for all users while preserving the file for review and investigation. This capability helps organizations contain data‑exposure risks, prevents further sharing or misuse, and delivers a powerful new layer of enforcement.
In developmentMicrosoft Purview
Microsoft Purview network data security now integrates with Island, extending protection to Island’s browser-based workflows at the point of user interaction. With this integration, new and existing Island customers can configure Microsoft Purview collection and data loss prevention policies to detect and protect data shared with unmanaged cloud apps through the Island Enterprise Browser, the Island Extension, and browser add ins via HTTP and HTTPS, using the same classifiers, sensitive information types, and sensitivity labels used in other Purview policies. Island provides visibility and control at the presentation layer, including typed and pasted input, file transfers, and extension activity, so data can be inspected before it ever leaves the browser. This integration further enriches Purview Data Security Posture Management (DSPM), Insider Risk Management (IRM) risk score, enables data security and compliance for AI interactions, and more.
In developmentMicrosoft Purview
We're expanding the Data Security Posture Agent with a new credential scanning capability. Discover exposed credentials and data security risks across scoped locations. Assign scanning tasks to the agent, track progress across stages, and take action on prioritized findings. The agent scans selected data locations, analyzing scoped files to detect credentials, such as Microsoft Entra user credentials, private keys, and API tokens. Each finding includes a risk score, AI-generated insights, confidence score, and credential category so you can review, confirm, and act from a single task board view.
In developmentMicrosoft Purview
Ability to select hard delete configuration for a Priority cleanup policy for OneDrive and SharePoint content and skip recycle bins.
LaunchedMicrosoft Purview
Microsoft Purview Data risk assessments now support item-level investigation and remediation of SharePoint data. New insights like sensitivity label and sharing link information help users identify items at risk of oversharing. Users are empowered to remediate overshared items by resolving, notifying, applying a sensitivity label, or removing sharing links for selected item(s). This helps organizations proactively reduce data exposure, strengthen compliance posture, and ensure sensitive data are only accessible to the right people.
LaunchedMicrosoft Purview
New enhancements for SharePoint and OneDrive enable organizations to automatically override manually applied sensitivity labels and remove labels at scale on Word, Excel, PowerPoint, and PDF files. These capabilities help ensure data remains correctly classified as policies, labels, and business requirements evolve—reducing reliance on manual user updates and improving consistency for data at rest across Microsoft 365.
In developmentMicrosoft Purview
Other AI apps will move to pay-as-you-go model. Microsoft Copilot experiences indicators can still be used for free even without subscription. To continue using Other AI apps indicators, please link an Azure subscription to Microsoft Purview to enable billing. Insider Risk Management indicators transitioning to a pay-as-you-go pricing model: “Entering risky prompt in Other AI apps”. This indicator is present in Policy indicators-> Generative AI apps -> Other AI apps Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
A new Data Security Investigations (DSI) mitigation action, soft purge, is now available to help admins quickly and efficiently soft-delete sensitive or overshared content during investigations. Content deleted using soft purge is retained until the deleted item retention period expires, allowing admins to have further control of their data. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
LaunchedMicrosoft Purview
Microsoft Security Store is now integrated into the Microsoft Purview DLP experience, giving admins an in‑product way to discover a curated set of integrations that extend Purview capabilities, including data security capabilities for the network. Purchasing and management are completed through Security Store, simplifying how organizations procure partner integrations.
LaunchedMicrosoft Purview
Admins can now scope Purview collection policies for unmanaged cloud apps based on the presence of sensitivity labels, enabling more precise discovery of sensitive activity across inline network traffic and the Edge for Business browser. Purview DLP policies also support "URL contains text" as a condition and exception, providing finer control over unmanaged cloud app usage across the network and Edge for Business, along with configurable email notifications to alert end users when activities are blocked.
LaunchedMicrosoft Purview
We are expanding Microsoft Purview DLP for Microsoft 365 Copilot and Copilot Chat to safeguard web searches containing sensitive data. This real-time control helps organizations mitigate data leakage and oversharing risks by preventing Microsoft 365 Copilot and agents from using sensitive data for external web search. This capability currently extends to Microsoft 365 Copilot and agents built in Copilot Studio that are published to Microsoft 365 Copilot.
In developmentMicrosoft Purview
This release of eDiscovery features the implementation of customer-managed key (CMK) options, allowing users to manage their own encryption keys for the data included in the direct export workflow in eDiscovery, adding to the Microsoft-managed encryption already in place.
LaunchedMicrosoft Purview
Other AI apps will move to pay-as-you-go model. Microsoft Copilot experiences indicators can still be used for free even without subscription. To continue using Other AI apps indicators, please link an Azure subscription to Microsoft Purview to enable billing.
Insider Risk Management indicators transitioning to a pay-as-you-go pricing model: “Entering risky prompt in Other AI apps”. This indicator is present in Policy indicators-> Generative AI apps -> Other AI apps
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
The Data Security Triage Agent in Insider Risk Management is deploying enhancements such as improved user risk and activity explorer pattern summaries to support improved investigation accuracy, context, and decision quality.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
Azure PST Import is a migration method that enables PST files stored in Azure Blob Storage to be imported directly into Exchange Online mailboxes. It follows the standard two‑step Exchange Migration Service pattern: an initial analysis phase to validate and assess PST data, followed by execution of the actual migration. The process also involves creating a migration endpoint, running an analysis-only migration batch, using the analysis results to configure the final batch, and then starting the batch to import PST content into target mailboxes.
LaunchedMicrosoft Purview
Adding below enhancements to Data Security Triage Agent in MS Purview - Metadata supported Custom Instructions (DLP only) : Earlier the agent only supported custom instructions which are related to content (E.g. Focus on alerts related to financial information). Now we also support instructions related to metadata. (E.g. Focus on alerts related to financial information for user Adam in last 20 days) - Consolidated Agent settings : Earlier we had seperate controls for deployment configuration and triggers. We are now merging them into a single view as the settings can be altered anytime and it becomes easier for admins and analysts to change them from single view. - Support for alerts with Non content contains condition (DLP only) : Till now we were showing alerts generated from non-content contains conditions as unsupported. (E.g. Condition = RecipientDomainIs matches and triggers alert, alert is unsupported). Now we are bringing the alerts into triage capability and determining categorization for them also - Agent Identity : Now the Triage agent can be deployed with Agent's own identity generated in Microsoft Entra. There won't be a need to have the agent run using the user's identity who was setting up the agent. This provides cleaner audit capabilities.
Rolling outMicrosoft Purview
Data Security Investigations (DSI) now further enhances its AI analysis tools, including the ability to choose between a standard categorization for potential time and/or cost savings or a more advanced categorization to include AI-generated topics. Additionally, we are making the DSI workflow faster by automatically preparing data for AI analysis as it is being added to the investigation, saving critical investigation time.
LaunchedMicrosoft Purview
A new feature will be introduced on the main Classification page, allowing users to test files against all available classifiers to identify the presence of sensitive information. Users will have the option to select a single classifier or run tests across all classifiers. This capability is designed to help users identify sensitive content within files and troubleshoot classification issues more efficiently.
LaunchedMicrosoft Purview
A new export functionality will be introduced in two locations: the Data Loss Prevention > Policies page and the Information Protection > Label publishing policies page. This feature will allow users to export their existing DLP configurations and label policies, including schema, as a downloadable ZIP file. The exported file can be attached to support tickets to accelerate troubleshooting.
Rolling outExcelMicrosoft 365PowerPoint
The Microsoft Purview Data Loss Prevention policy to restrict Microsoft 365 Copilot processing sensitive files in Word, Excel, and PowerPoint will now apply regardless of file storage location.
LaunchedMicrosoft Purview
We’re updating permissions to ensure that all roles with access to view DLP policies in Microsoft Purview can also run diagnostics on those policies. This change enhances visibility and empowers authorized users to troubleshoot and validate policy behavior more effectively.
The following roles will now have diagnostic access:
Organization Configuration
View-Only Configuration
Compliance Admin
Security Admin
Security Reader
DLP Compliance Management
View-Only DLP Compliance Management
Insider Risk Management Admin
Information Protection Admin
Information Protection Analyst
Information Protection Investigator
Data Security AI Admin
In developmentMicrosoft Purview
Insider Risk Management is excited to announce the ability to preview content directly within an IRM alert without having to create a case. Users with appropriate permissions will be able to preview relevant files referenced directly within activity explorer in each alert.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
Admins will be able to select hard delete configuration while setting up a priority cleanup policy for OneDrive and SharePoint content and skip recycle bins.
LaunchedMicrosoft Purview
Insider Risk Management is providing the ability to create a case without content. With this, we will introduce a new active case limit (2000). This new functionality will allow customers to create more cases particularly when content download is unnecessary. If a case is created without content download, content download can be initiated anytime the case is active pending available content download limits. There is no change to the active content download limit (100).
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
Logical grouping of files with same schema and are under the same folder into a single file known as resource set. Using advanced resource set capability, customers can define pattern rules that will help group files based on custom patterns.
LaunchedMicrosoft Purview
We are introducing a new Microsoft Purview RBAC role—Purview Agent Deployment—and adding it to various existing built in role groups used by analysts and admins across Purview. This change enables users who use built-in role analyst groups to deploy Security Copilot Agents in Purview without needing any additional roles. If your organization prefers to limit agent deployment permissions, you can create a custom role group that does not include the Purview Agent Deployment role and assign that custom role group to analysts who should not be able to deploy agents. This update does not change default data access or expand visibility into customer content. All other permissions within each role group remain unchanged. Analysts who are assigned to custom role groups will not be able to deploy agents unless the Purview Agent Deployment role is explicitly added to those custom groups. We recommend reviewing and updating your organization’s RBAC documentation, internal processes, or onboarding guides to reflect these change We recommend reviewing and updating your organization’s RBAC documentation, internal processes, or onboarding guides to reflect these changes.
Rolling outMicrosoft Purview
Introduces enhanced controls in Content Explorer’s UI, enabling scoped visibility and filtering of SIT and label data. This will help with content discoverability and governance.
LaunchedMicrosoft Purview
Within Purview's Data Security Posture Management (preview), Data Risk Assessment now supports scanning all Fabric workspaces for potentially overshared Fabric data (dashboards, reports, etc.). The new Fabric tab in Data Risk Assessment allows users to view default assessment results, create custom assessments for scoped Fabric workspaces, and take proactive actions to secure your Fabric data.
In developmentMicrosoft Purview
Protect file based on the website the file is downloaded or the app the file is created.
LaunchedMicrosoft Purview
With this feature when multiple files are involved in a DLP enforcement action, the policy tip will now show multiple files and their respective status.
LaunchedMicrosoft Purview
The tenant‑level process report provides eDiscovery administrators and managers with a centralized view of eDiscovery processes running across cases in the tenant—or across the cases they have access to. It surfaces key details such as process type, status, duration, timestamps, and who initiated each process, enabling better operational oversight, faster issue triage, and clearer end‑to‑end visibility into eDiscovery activity.
In developmentMicrosoft Purview
This update introduces logged-in user details (user email) on the device onboarding page for Windows devices bringing it in line with the experience for MacOS devices. Admins can now see which user is currently signed in on a device, making It faster to confirm ownership and troubleshoot issues.
In developmentMicrosoft Purview
Adaptive Scope for SharePoint is a dynamic scoping capability in Microsoft Purview DLP that allows administrators to automatically target DLP policies to the right sites based on attributes such as site URL, site name, or custom site metadata. Unlike static scoping, which requires manually listing sites and maintaining them over time, adaptive scopes continuously evaluate site properties and auto‑include or exclude locations as they evolve. This enables scalable policy deployment, eliminates the 100‑site static policy limit, and delivers granular, and automated targeting.
LaunchedMicrosoft Purview
The below diagnostics will help users understand which sensitive information exist in their document and what labels applied and what policies have been triggered: DLP SharePoint Diagnostics DLP EXO Diagnostics Auto labeling diagnostics for SPO/ODB
In developmentMicrosoft Purview
As AI agents become deeply embedded in enterprise ecosystems, they are evolving beyond simple tools or workflows into a digital workforce. These agents can interpret intent, access and manipulate enterprise data, execute actions and even make real-time decisions. In many ways, they operate like human insiders only with machine-speed data processing capabilities.
To govern and protect these agents effectively, Microsoft Purview Insider Risk Management is being expanded to agents, with specific indicators and insider risk score built for agents based on agentic activities.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
We're enhancing Activity Explorer to provide greater visibility into sensitive data flagged in Exchange Online. Previously, only the message body was viewable, which limited insight into flagged content. With this update, admins will be able to preview email attachments directly within Activity Explorer—without needing to download the email.
LaunchedMicrosoft Purview
With this release, the file type coverage to scan, classify and protect sensitive content on Mac devices with Microsoft Purview Data Loss Prevention policies will increase from current ~40 file types to 100+ file types.��This release will make the coverage of file types on endpoint consistent with other locations such as Exchange, SharePoint and OneDrive.
In developmentMicrosoft Purview
A new capability called Auto-Archiving for Exchange Online will enter public preview in November 2025 (currently under private preview for selected customers). When a user's mailbox utilization exceeds 95% of its quota and archive mailbox is present, this feature automatically moves the oldest items excluding those tagged with “Never Move to Archive” from the primary mailbox to the archive mailbox to prevent mail flow disruptions by keeping usage below the safe threshold of 95% of mailbox quota.
LaunchedMicrosoft Purview
We are adding to Insider Risk Management a pre-configured quick policy template to detect data theft from Microsoft Fabric and non-Microsoft 365 data sources like Box, Dropbox, Google Drive, Azure and Amazon Web Services (AWS). This will enable admins to create scenario-specific policies, with little configurations needed, to get started faster. All scenario based quick policies can be found in the Policies page > Create Policies. Additional tuning post deployment to meet individual alert volume needs can be expected. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
With this update, Insider Risk Management extends its risk-detection capabilities to Microsoft Fabric lakehouses (in addition to Power BI which is supported today) by offering ready-to-use risk indicators based on user activities in Fabric lakehouses. Organizations can use these new indicators in data theft and data leaks policies. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
A new Data Security Investigations (DSI) mitigation action, purge, is now available to help admins quickly and efficiently delete sensitive or overshared content during investigations, within the product UX. This addition works alongside DSI’s AI-powered content analysis features, such as categorization, AI search, and examination for risk, which help surface data security risks buried in data.
LaunchedMicrosoft Purview
This feature introduces the ability to classify DLP alerts directly in the Purview portal. In addition to assigning a status, customers can now categorize alerts as True Positive, False Positive, or Benign Positive. This capability helps security teams better organize, track, and manage alerts, enabling more accurate reporting and efficient incident handling.
Rolling outMicrosoft Purview
The Data Security Posture Agent is designed to expand the capacity of data security admins as they proactively work to stay on top of a dynamic data and risk landscape within their organization. Its primary job is to help discover sensitive data across your data estate. This agent is designed to analyze and search documents, emails, and messages that match the natural-language discovery intent requested by the user and assess associated risks. By moving beyond traditional keyword and information-type analysis and harnessing the power of LLMs, this agent enables organizations to identify risks based on the actual purpose and context of the content and take appropriate action.
LaunchedMicrosoft Purview
Provides access to the same device health details currently available through the export function on the device onboarding page. With the new device status API, customers can pull device-level information directly into their own BI tools, dashboards, and workflows, eliminating manual exports and making it easier to automate reporting at scale.
LaunchedMicrosoft Purview
The Data Security Triage Agent creates an agent-managed alert queue that identifies and prioritizes the DLP and IRM alerts that pose the greatest risk to your organization. It delivers a summary and clear explanation for why each alert was prioritized, helping analysts focus on what matters most.
For this GA release, we’re introducing expanded coverage (which also includes Endpoint DLP alerts as well as alerts that leverage Custom SITs (Sensitive Information Types)) and support for Entra Agent ID.
LaunchedMicrosoft Purview
The Data Security Triage Agent creates an agent-managed alert queue that identifies and prioritizes the DLP and IRM alerts that pose the greatest risk to your organization. It delivers a summary and clear explanation for why each alert was prioritized, helping analysts focus on what matters most.
For this GA release, we’re introducing expanded coverage (which also includes Endpoint DLP alerts as well as alerts that leverage Custom SITs (Sensitive Information Types)) and support for Entra Agent ID.
In developmentMicrosoft Purview
As AI agents become deeply embedded in enterprise ecosystems, they are evolving beyond simple tools or workflows into a digital workforce. These agents can interpret intent, access and manipulate enterprise data, execute actions and even make real-time decisions. In many ways, they operate like human insiders only with machine-speed data processing capabilities. To govern and protect these agents effectively, Microsoft Purview Insider Risk Management is being expanded to agents, with specific indicators and insider risk score built for agents based on agentic activities. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. Updated January 30: This feature is still in development with a planned release of April 2026. We apologize for the inconvenience.
LaunchedMicrosoft Purview
User-Based Aggregation consolidates DLP alerts by user identity i.e. a DLP rule violations, in a specified aggregation time window, of the same rule and single user will be aggregated into a single alert enabling quicker triage and remediation. Instead of reviewing alerts containing rule match events of multiple users, DLP admin can now analyze grouped DLP rule match events per user, gaining insights into repeated policy violations and anomalous behavior.
LaunchedMicrosoft Purview
We’re excited to announce UX improvements to the DLP Alerts Portal in Purview to help you triage incidents faster and more efficiently. What’s New: 1. Unified View: Events related to each alert are now available directly on the alerts page — no need to switch to new tab or drill down. 2. Faster Access: Access event details (e.g. Impacted assets) with just 1 click on the main alerts page itself, compared to 4 clicks earlier, reducing triage time significantly. 3. Enhanced Context: We've added 4 new columns - Location, DLP Rule name, DLP Policy name, Rule Action to display key alert and event attributes upfront — giving you more visibility at a glance. 4. Performance Boost: Cache improvements to ensure faster load times and a smoother experience. These updates are designed to streamline your workflow, reduce response times, and give you the context you need — all in a single, efficient view.
Rolling outMicrosoft Purview
Purview enablement in AI Foundry, allows Foundry admins to activate Microsoft Purview on their subscription. Once enabled, AI interaction data from all apps and agents flows into Purview for centralized compliance, governance, and posture management of AI data.
LaunchedMicrosoft Purview
Today, there is not a way to remove retention policies or labels (called a hold in Exchange) from items in inactive mailboxes in bulk. Now we are introducing a PowerShell cmdlet that enables retention policies or labels to be removed in bulk from these items. This removal will not affect legal holds.
In developmentMicrosoft Purview
This feature in Purview Compliance Manager shall enable customers to automatically access the compliance posture of Agents created in AI Foundry. Customers can map Agents being created in AI Foundry to compliance regulations and assessments in Purview Compliance Manager and get to know the compliance status and improvement actions to be innovative and compliant.
In developmentMicrosoft Purview
Communication Compliance is improving the capabilities and customization of policy alerts. Admins will be able to customize the alert frequency per policy as well as adjust the email alerts frequency and recipients within the policy creation wizard.
Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory compliance violations (for example SEC or FINRA), such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to ensure user-level privacy.
In developmentMicrosoft Purview
Purview SDK embedded in Agent Framework SDK enables developers to seamlessly integrate enterprise-grade security, compliance, and governance into the AI agents they build. This integration enables automatic classification and protection of sensitive data, prevents data leaks and oversharing, and provides visibility and control for regulatory compliance—empowering organizations to confidently and securely adopt AI agents in complex environments.
In developmentMicrosoft Purview
Azure AI Search now ingests Microsoft Purview sensitivity labels and enforces corresponding protection policies through built-in indexers (SharePoint, OneLake, Azure Blob, ADLS Gen2). This enables secure, policy-aligned search over enterprise data, enabling agentic RAG scenarios where only authorized documents are returned or sent to LLMs, preventing data oversharing and aligning with enterprise data protection standards.
LaunchedMicrosoft Purview
At Ignite, Microsoft is introducing a major evolution of Purview Data Security Posture Management (DSPM) to help organizations strengthen data security and confidently embrace AI. The new DSPM experience unifies visibility and control across traditional data and AI-driven environments, delivering outcome-based guided workflows that turn insights into actionable steps—so teams can prioritize risks and remediate faster. It brings AI observability, enhanced posture reporting, and intelligent Security Copilot agents to automate tasks like triage and policy management. Plus, Purview now extends coverage beyond Microsoft data with third-party signals from partners like BigID, Cyera, OneTrust, and Varonis, giving security teams a single, streamlined view of sensitive data across clouds and platforms. Together, these innovations make DSPM the central hub for managing data security posture in the era of AI. We are also extending Data Risk Assessments to Fabric and to item-level analysis with new remediation actions like bulk disabling of overshared SharePoint links.
LaunchedMicrosoft Purview
We're enhancing Activity Explorer to provide greater visibility into sensitive data flagged in Exchange Online. Previously, only the message body was viewable, which limited insight into flagged content. With this update, admins will be able to preview email attachments directly within Activity Explorer—without needing to download the email.
LaunchedMicrosoft Purview
Delegate management and remediation authority for different people in different regions or organization units with role-based access control (RBAC). For example, German investigators should be able to investigate alerts and audit events for only German users. This update extends support to SharePoint for Microsoft 365.
LaunchedMicrosoft Purview
Microsoft Purview Data risk assessments now support item-level investigation and remediation of SharePoint data. Item-level insights like sensitivity label and sharing links created help users identify potentially overshared items. Users are empowered to remediate overshared items by resolving, notifying, applying a sensitivity label, or removing sharing links for selected item(s). This helps organizations proactively reduce data exposure, strengthen compliance posture, and ensure sensitive data are only accessible to the right people.
In developmentMicrosoft Purview
Data Security Investigations (DSI) insights are now being incorporated into Data Security Posture Management to support the prevention of sensitive content exfiltration. Additionally, DSI integrations with Defender XDR and Insider Risk Management are being enhanced, reflecting customer feedback received during the Public Preview phase.
In developmentMicrosoft Purview
Admin should be able to see destination machine information when end-user copy a sensitive file to a remote machine through RDP.
In developmentMicrosoft Purview
Microsoft Purview Data Loss Prevention end-user email notification is getting advanced incident remediation capabilities: actionable email notifications. This new feature allows end users to take remediation actions directly from their mailbox, streamlining the remediation process. The end users will be able take remediation actions on files on OneDrive and SharePoint that caused a policy match. Key actions now available in our email notifications include - stop sharing file, delete file, apply label, override the policy, report false positive and unable to take action.
In developmentMicrosoft Purview
With this update, Risky AI usage policy template will support priority content. Customers can define Sensitive Info Types (SITs), Trainable Classifiers, Sensitivity Labels as priority content, and get alerted only when the activity matches the selected priority content. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
Currently you can create Purview Endpoint DLP policy and assign to specific users or user groups. This feature will allow you to create and assign policy based on both users and machines. You can use this feature to achieve different policies for same user on different Mac devices.
LaunchedMicrosoft Purview
With this feature when multiple files are involved in a DLP enforcement action, the policy tip will now show multiple files and their respective status.
In developmentMicrosoft Purview
Enhance Content Explorer by introducing new summary metrics that provide better visibility into scanning and classification activities. This update will include:
1. Unscanned Files Summary
Displays the count and percentage of files that have not been scanned for classification, helping admins identify gaps and take corrective action.
2. Classification History Insights
Shows trends and details of classification changes over time, helping admins to discover the stale data in their organization
LaunchedMicrosoft Purview
This feature release ‘Always-on diagnostics’, captures critical diagnostic data from onboarded endpoint devices running on Windows OS for EDLP issue reporting. Comprehensive trace logs will be automatically recorded and stored locally on the devices, eliminating the need to reproduce issues when submitting investigation requests to Microsoft. It allows for the collection of detailed traces over extended periods (up to 90 days). While raising tickets to submit investigation requests to Microsoft regarding Microsoft Endpoint DLP, customers can share enhanced diagnostic information with Microsoft without needing to reproduce the exact scenario.
In developmentMicrosoft Purview
This feature in Purview Compliance Manager shall enable customers to convert complex regulations from PDF documents to actionable controls and actions in multi cloud environment. Customers can use the converted regulatory templates to create assessments and identify compliance gaps, understand and implement controls to improve their compliance posture.
In developmentMicrosoft Purview
Microsoft Purview introduces the Classifier Simulation Mode, the first phase of the broader Classifier Health Monitoring Platform.
This capability enables you to test, analyze, and optimize custom classifiers on production data before publishing them, hence offering a reliable means of verifying the effectiveness of classifiers before committing them to live environments.
Custom classifiers are powerful tools but can sometimes include inefficient regex patterns or overly broad logic, leading to Noisy classifier due to high matches, False positives and High scanning latency
Simulation Mode mitigates these risks by allowing you to validate classifier quality and performance before publishing, helping ensure healthy, performant, and more precise classification outcomes.
LaunchedMicrosoft Purview
AI and IT admins in Microsoft Admin Center can 1) gain visibility around oversharing risks and drive remediations 2) Understand how much of sensitive copilot interactions are protected and turn on Purview DLP for M365 Copilot right from there. Enables secure adoption of Copilot.
Rolling outMicrosoft Information ProtectionMicrosoft Purview
Extend Microsoft Purview Data Loss Prevention (DLP) policies to filter sensitive files at the network layer by integrating with Entra Global Secure Access Internet Access. This integration enables organizations to intercept and inspect files at the network layer and enforce restrictive actions based on DLP policy conditions. It helps prevent sensitive data from being shared with untrusted cloud applications through browsers, apps, APIs, add-ins, and more - including generative AI platforms, cloud storage, and content-sharing services - while managing alerts and incidents through Purview and Microsoft Defender.
LaunchedMicrosoft Purview
Extend Microsoft Purview Data Loss Prevention (DLP) policies and Insider Risk Management indicators to the network by integrating with your existing non-Microsoft Secure Access Service Edge (SASE) solution. This integration enables organizations to intercept and inspect traffic inline at the network layer and enforce actions based on DLP policy conditions. It helps prevent sensitive data from being shared with untrusted cloud applications through browsers, apps, APIs, add-ins, and more - including generative AI platforms, cloud storage, and content-sharing services - while managing alerts and incidents through Purview and Microsoft Defender. If configured, these signals also inform user risk indicators in Insider Risk Management
LaunchedMicrosoft Purview
Enable admins to configure retention policies for various Copilots and AI Apps.
LaunchedMicrosoft Purview
Inline protections for text and file uploads, directly integrated into for Edge for Business, can be applied to more unmanaged consumer GenAI apps. Admins can now apply Purview collection policies and Purview DLP policies to detect and protect inline against sensitive data sharing in the Edge browser by users on Intune-managed Windows devices to a selection of new unmanaged app locations.
LaunchedMicrosoft Purview
Inline protections for file upload protection are directly integrated into for Edge for Business to help prevent data leakage when users upload files to consumer GenAI apps in the browser. In addition to existing text upload controls in Purview collection and DLP policies, Admins can now detect and enforce inline protections on file uploads. Policies can target file-specific conditions such as file size, file type, and sensitive information types, enabling organizations to audit or block activities for users in Edge on Intune-managed Windows devices.
LaunchedMicrosoft PurviewMicrosoft Copilot (Microsoft 365)
Microsoft Purview Data Loss Prevention is extended to Microsoft 365 Copilot. This feature will allow DLP policies to provide detection of sensitivity labels in enterprise grounding data and restrict access of the content in Microsoft 365 Copilot.
LaunchedMicrosoft Purview
Introduces enhanced controls in Content Explorer’s UI, enabling scoped visibility and filtering of SIT and label data. This will help with content discoverability and governance.
LaunchedMicrosoft Purview
Microsoft Purview Insider Risk Management variant limit is being increased from 3 to 10 per indicator and an overall limit of 100 across all indicators. Along with this, the number of items in one detection group is being increased from 200 to 500.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
A new capability called Auto-Archiving for Exchange Online will enter public preview in November 2025 (currently under private preview for selected customers). When a user's mailbox utilization exceeds 95% of its quota and archive mailbox is present, this feature automatically moves the oldest items excluding those tagged with “Never Move to Archive” from the primary mailbox to the archive mailbox to prevent mail flow disruptions by keeping usage below the safe threshold of 95% of mailbox quota.
LaunchedMicrosoft Purview
Data Security Investigations (DSI) now features advanced AI analysis tools, including options to add investigative context for higher-quality results, as well as improvements in vector search relevance and content categorization to better identify risky material. Additionally, we've launched a new AI-powered search function that lets investigators use natural language to locate specific files by searching through keywords, metadata, and embeddings.
LaunchedMicrosoft Purview
Introducing a Data Security Investigations (DSI) lightweight cost estimator designed to help analysts model and forecast both storage and compute unit costs based on specific use cases, enabling more accurate budget planning. In addition to the estimator, a new report provides granular breakdowns of billed storage and compute unit usage, empowering DSI analysts to identify cost-saving opportunities and optimize resource allocation.
LaunchedMicrosoft Purview
Introducing a capability to Purview compliance admins via a Data Lifecycle Management to bypass retention hold or legal holds to delete content on OneDrive or SharePoint Online such as Teams meeting transcripts and/or recordings earlier than the hold durations to comply with emerging compliance requirements. Leveraging Simulation, authoring approvals, Audit and disposition reviews to set-up and enforce defensible policies.
LaunchedMicrosoft Purview
Microsoft Purview Insider Risk Management (IRM) introduces the Security Copilot Alert Triage Agent in IRM that analyzes and prioritizes IRM alerts so analysts can understand and act on their most urgent alerts first. On top of prioritizing critical alerts for analysts to triage first, alert triage agent will provide a summary of findings to help users understand what are the riskiest activities that make this alert critical to review. IRM correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. IRM enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
This feature allows users to add only a sampled subset of search results to a review set, rather than adding the entire query output. Users can configure sampling parameters—such as confidence level and sample size—to ensure the subset meets their review objectives while reducing unnecessary data ingestion.
LaunchedMicrosoft PurviewMicrosoft Copilot (Microsoft 365)
We are expanding Microsoft Purview Data Loss Prevention for Microsoft 365 Copilot to safeguard prompts containing sensitive data. This real-time control helps organizations mitigate data leakage and oversharing risks by preventing Microsoft 365 Copilot, including pre-built agents in Microsoft 365 Copilot, from returning a response when prompts contain sensitive data or using that sensitive data for grounding in Microsoft 365 or the web.
LaunchedMicrosoft Purview
This feature offers a comprehensive timeline view of a user's potentially risky interactions. It includes both interactions with other users and generative AI applications that have been flagged for review. This empowers reviewers by providing context on the user's history, enabling them to address violations with a complete view of all other potential risky interactions. As a result, reviewers can make informed decisions, streamlining the review process to be both efficient and effective.
LaunchedMicrosoft Purview
Introducing a Microsoft Purview Insider Risk Management pay-as-you-go feature usage report designed to provide transparency to the customers, enabling more accurate budget planning and policy tuning. This report provides granular breakdowns of billed processing unit usage across different data source categories and activity indicators over time, empowering IRM admins to identify cost-saving opportunities and tune their policies.
LaunchedMicrosoft Purview
Microsoft Purview Insider Risk Management variant limit is being increased from 3 to 10 per indicator and an overall limit of 100 across all indicators. Along with this, the number of items in one detection group is being increased from 200 to 500.
LaunchedMicrosoft Purview
This feature introduces the ability to classify DLP alerts directly in the Purview portal. In addition to assigning a status, customers can now categorize alerts as True Positive, False Positive, or Benign Positive. This capability helps security teams better organize, track, and manage alerts, enabling more accurate reporting and efficient incident handling.
LaunchedMicrosoft Purview
Monitor or protect file with unsaved sensitive content from being printed or being moved to USB or network share.
LaunchedMicrosoft Purview
This feature allows admins to view the attachments of an email inside content explorer.
LaunchedMicrosoft Purview
The Aggregate parameter switch returns the folder level aggregated numbers instead of returning details at the item level. You don't need to specify a value with this switch.
Using this switch significantly reduces the export time. To download the items in a folder, run this cmdlet for specific folders.
When you use this switch with the TagName, TagType and Workload parameters, the command returns the following information:
SiteUlrs: OneDrive and SharePoint.
UPNs: Exchange Online and Teams.
The count of items stamped with that tag.
LaunchedMicrosoft Purview
Introducing enhancements to metadata reporting in item.csv exports and Add To Review set CSVs, including new fields such as error details, isEncrypted, and sensitivity label. These updates provide clearer, more detailed insights into items processed during export and review workflows.
Rolling outMicrosoft Purview
Copilot for Security is embedded in eDiscovery to enable users to provide a search prompt in natural language and will translate into keyword query language to help expedite the start of an eDiscovery search.
In developmentMicrosoft Purview
Providing a new mode to count EDM Matches where each row is counted once in addition to the current behavior where each primary element is counted once
In developmentMicrosoft Purview
Endpoint DLP can now classify Office files stored in Windows devices that have Azure RMS protection applied. Classification will be triggered when file is used in applications or when just-in-time classification is enabled.
LaunchedMicrosoft Purview
Microsoft Purview Endpoint data loss prevention is expanding coverage to Copilot + PCs initially to support Recall snapshots and determining whether policies exist to prevent capture of windows containing restricted sensitivity labels and Sensitive information types (SITs). Purview admins will author Endpoint DLP custom policies to integrate with Windows Copilot + PC Recall setup by Intune admins for Copilot + PC devices exclusively.
LaunchedMicrosoft 365 admin centerMicrosoft Copilot (Microsoft 365)Microsoft Purview
Track and audit agent-related admin actions in Microsoft 365 admin center via Purview unified audit logs. This feature enables visibility into agent configuration changes—such as publishing, blocking, updating, or removing agents. Integrated with Purview’s audit search and reporting tools, it helps organizations meet regulatory standards and maintain oversight of agent management.
In developmentMicrosoft Purview
Launch a pre-scoped Data Security Investigation (DSI) from an IRM case. When a data security admin identifies a risky user who needs deeper investigation, they can launch a pre-scoped investigation directly from an IRM case, allowing them to view content analysis related to that user and better assess post-incident data impact. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
This feature is designed to provide Audit logs for each OCR transaction; this feature is only available in Exchange and teams workload for public preview.
LaunchedMicrosoft Purview
Microsoft Purview Data Loss Prevention (DLP) is extended to preventing Microsoft 365 Copilot from processing emails with sensitivity labels. This feature will allow DLP policies to provide detection of sensitivity labels in emails as enterprise grounding data and restrict access of the labeled emails in Microsoft 365 Copilot chat experiences.
LaunchedMicrosoft Purview
We’re excited to announce UX improvements to the DLP Alerts Portal in Purview to help you triage incidents faster and more efficiently. What’s New: 1. Unified View: Events related to each alert are now available directly on the alerts page — no need to switch to new tab or drill down. 2. Faster Access: Access event details (e.g. Impacted assets) with just 1 click on the main alerts page itself, compared to 4 clicks earlier, reducing triage time significantly. 3. Enhanced Context: We've added 4 new columns - Location, DLP Rule name, DLP Policy name, Rule Action to display key alert and event attributes upfront — giving you more visibility at a glance. 4. Performance Boost: Cache improvements to ensure faster load times and a smoother experience. These updates are designed to streamline your workflow, reduce response times, and give you the context you need — all in a single, efficient view.
LaunchedMicrosoft Purview
User-Based Aggregation consolidates DLP alerts by user identity i.e. a DLP rule violations, in a specified aggregation time window, of the same rule and single user will be aggregated into a single alert enabling quicker triage and remediation. Instead of reviewing alerts containing rule match events of multiple users, DLP admin can now analyze grouped DLP rule match events per user, gaining insights into repeated policy violations and anomalous behavior.
LaunchedMicrosoft Purview
Admin should be able to troubleshoot device health and policy sync health through Diagnostics page.
In developmentMicrosoft Purview
With this update, Microsoft Purview will start supporting collection policies. Collection policies allow customers to scope classification (SITs - Sensitive Information Types) and activities for scoped users. We recommend reviewing collection policies as they can be created by different Purview solution admins to ensure they are setup to detect the activities required by Insider Risk Management policies Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
With this update, Insider Risk Management will support the discovery of sensitive files and text shared to any cloud application or website (inc. GenAI) via network layer. This capability is based on integration with 3rd party network partners (with data being captured via network layer). Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
In developmentMicrosoft Purview
With this update, the generative AI apps indicators will be supported as triggers in Risky AI usage policy. With triggers, customers can define the conditions for bringing the user into the scope of a policy while the generative AI apps indicators are used to determine risk score. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
LaunchedMicrosoft Purview
Endpoint DLP can now classify Office files stored in Windows devices that have Azure RMS protection applied. Classification will be triggered when file is used in applications or when just-in-time classification is enabled
LaunchedMicrosoft Purview
We are expanding the access to Diagnostics beyond Global Admin to: Compliance Administrator, Security Administrator and Organization Management.
LaunchedMicrosoft Purview
Releasing Graph APIs supporting case management, search management and export for tenants with standard eDiscovery licenses.
In developmentMicrosoft Purview
With this update, IRM will start supporting collection policies. Collection policies allow customers to scope classification (SITs - Sensitive Information Types) and activities for scoped users. For device indicators based IRM policy, required collection policies will be automatically created in the background. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.