
Microsoft has announced the retirement of the Instances policy location in Microsoft Purview Data Loss Prevention (DLP), with the change taking effect on January 6, 2027.
Today, organizations using the Instances location rely on the Microsoft Defender for Cloud Apps file policy infrastructure to enforce DLP and auto-labeling policies across supported third-party applications. To simplify policy management and provide a more consistent compliance experience, Microsoft is moving away from this approach and introducing dedicated application-specific policy locations directly within Microsoft Purview.
Supported applications include:
- Google Workspace
- Box
- Dropbox
- Salesforce
- ServiceNow
- AWS
- Cisco Webex
What’s Changing?
Instead of creating policies under a generic Instances location, administrators will use dedicated locations for each supported application.
For example:
| Current Location | New Location |
|---|---|
| Instances (Google Workspace) | Google Workspace |
| Instances (Box) | Box |
| Instances (Dropbox) | Dropbox |
| Instances (Salesforce) | Salesforce |
| Instances (ServiceNow) | ServiceNow |
| Instances (AWS) | AWS |
| Instances (Cisco Webex) | Cisco Webex |
This change aligns non-Microsoft application protection more closely with the broader Microsoft Purview compliance framework.

Microsoft is introducing these new application locations ahead of the retirement date to allow organizations time to migrate.
Key dates:
- Dedicated application locations will be rolled out before retirement.
- January 6, 2027: Instances policy location officially retires.
- Retirement rollout begins in early January 2027 and is expected to complete by mid-January 2027.
What Happens After January 6, 2027?
Once the retirement takes place:
- New policies can no longer be created using the Instances location.
- Existing policies configured with the Instances location will no longer be supported.
- Organizations should use the new dedicated application locations for all future DLP and auto-labeling policies.
- Policies that continue to rely on the retired Instances location may no longer be enforced as expected.
If your organization currently uses the Instances location, Microsoft strongly recommends recreating those policies in the new application-specific locations before the retirement deadline.

Recommended Next Steps
To avoid any disruption to DLP enforcement, organizations should begin preparing well before the 2027 deadline.
1. Review Existing Policies
Identify any DLP or auto-labeling policies currently configured through the Instances location.
2. Identify Affected Applications
Determine which non-Microsoft platforms are involved and map them to their new dedicated policy locations.
3. Recreate Policies
Build equivalent policies using the new application-specific locations within Microsoft Purview.
4. Test and Validate
Before retiring legacy policies, verify that policy enforcement, labeling, and user experiences behave as expected.
5. Update Documentation
Review operational procedures, internal documentation, and administrator guidance to reflect the new management model.
6. Notify Stakeholders
Make sure compliance, security, and support teams are aware of the upcoming change and migration timeline.

While the retirement is still several months away, organizations using third-party cloud platforms for collaboration and data storage should start planning their migration strategy now. Moving to dedicated application locations will ensure continued DLP and auto-labeling protection while providing a more streamlined and unified compliance experience within Microsoft Purview.
The bottom line: If you’re using the Instances location today, plan your migration before January 6, 2027. If you’re not, you can safely continue using Microsoft Purview as normal and take advantage of the new dedicated application locations as they become available.



















