
Microsoft is enhancing Microsoft Purview with a new capability that allows administrators to assign expiration dates to role group memberships. This update makes it easier to grant temporary administrative access while supporting the principle of least privilege, helping organizations reduce the risk associated with long-term privileged accounts.
With this new feature, administrators can specify how long a user or security group should remain in a Purview role group, choosing a duration anywhere from one day up to two years. Once the assigned period expires, access is automatically removed, helping security and compliance teams maintain tighter control over administrative permissions.
When Will It Be Available?
Microsoft plans to roll out the feature according to the following schedule:
- Worldwide General Availability: Starting in late July 2026 and expected to complete by late August 2026.
- GCC, GCC High, and DoD: Starting in late August 2026 and expected to complete by late September 2026.
What Does This Mean for Organizations?
This enhancement primarily benefits:
- Microsoft Purview administrators
- Security administrators
- Compliance teams
- Organizations managing role-based access through Microsoft Purview
The feature will be available through:
- Microsoft Purview Compliance Portal
- Microsoft Purview Role-Based Access Control (RBAC)
Key Benefits
Once the rollout is complete, administrators will be able to:
✅ Assign users or security groups to role groups with a predefined expiration date.
✅ Set assignment durations ranging from 1 day to 2 years.
✅ Apply the capability to both new and existing role assignments.
✅ Reduce the likelihood of forgotten or unnecessary privileged access.
✅ Improve governance, compliance, and security posture with minimal administrative effort.
Importantly, existing role assignments will not be automatically modified, and end-user workflows will remain unchanged.
What Do You Need to Do?
The good news is that no action is required to enable this feature. It will be available by default once deployed, with no additional configuration or policy changes needed.
However, organizations may want to take advantage of the new functionality by:
- Reviewing privileged access management processes.
- Using expiration-based assignments for temporary projects, audits, or administrative tasks.
- Updating internal documentation and operational procedures.
- Informing Purview administrators about the new capability.

From a compliance perspective, time-limited role assignments help organizations demonstrate stronger control over privileged access.
Many regulatory frameworks and security standards—including ISO 27001, NIST, SOC 2, GDPR accountability requirements, and Zero Trust security principles—expect organizations to follow the principle of least privilege, ensuring users only have access to the resources they need and only for as long as they need it.





