Microsoft Purview Adds Time-Limited Role Assignments to Strengthen Security

Microsoft is enhancing Microsoft Purview with a new capability that allows administrators to assign expiration dates to role group memberships. This update makes it easier to grant temporary administrative access while supporting the principle of least privilege, helping organizations reduce the risk associated with long-term privileged accounts.

With this new feature, administrators can specify how long a user or security group should remain in a Purview role group, choosing a duration anywhere from one day up to two years. Once the assigned period expires, access is automatically removed, helping security and compliance teams maintain tighter control over administrative permissions.

When Will It Be Available?

Microsoft plans to roll out the feature according to the following schedule:

  • Worldwide General Availability: Starting in late July 2026 and expected to complete by late August 2026.
  • GCC, GCC High, and DoD: Starting in late August 2026 and expected to complete by late September 2026.
What Does This Mean for Organizations?

This enhancement primarily benefits:

  • Microsoft Purview administrators
  • Security administrators
  • Compliance teams
  • Organizations managing role-based access through Microsoft Purview

The feature will be available through:

  • Microsoft Purview Compliance Portal
  • Microsoft Purview Role-Based Access Control (RBAC)
Key Benefits

Once the rollout is complete, administrators will be able to:

✅ Assign users or security groups to role groups with a predefined expiration date.

✅ Set assignment durations ranging from 1 day to 2 years.

✅ Apply the capability to both new and existing role assignments.

✅ Reduce the likelihood of forgotten or unnecessary privileged access.

✅ Improve governance, compliance, and security posture with minimal administrative effort.

Importantly, existing role assignments will not be automatically modified, and end-user workflows will remain unchanged.

What Do You Need to Do?

The good news is that no action is required to enable this feature. It will be available by default once deployed, with no additional configuration or policy changes needed.

However, organizations may want to take advantage of the new functionality by:

  • Reviewing privileged access management processes.
  • Using expiration-based assignments for temporary projects, audits, or administrative tasks.
  • Updating internal documentation and operational procedures.
  • Informing Purview administrators about the new capability.

From a compliance perspective, time-limited role assignments help organizations demonstrate stronger control over privileged access.

Many regulatory frameworks and security standards—including ISO 27001, NIST, SOC 2, GDPR accountability requirements, and Zero Trust security principles—expect organizations to follow the principle of least privilege, ensuring users only have access to the resources they need and only for as long as they need it.

Smarter Role Group Management in Microsoft Purview

Managing permissions in Microsoft Purview is about to get a lot easier.

Microsoft is improving the Role groups experience in the Purview compliance portal, introducing a more intuitive interface that helps admins quickly understand and validate permissions—something many of us have struggled with at some point.

What’s new?

Based on customer feedback, the updated UI adds new ways to view role group assignments so you can find what you need faster and with less guesswork.

Instead of digging through multiple layers, admins can now look up permissions from three different perspectives:

  • By Role – see who has specific roles assigned
  • By Member – check which roles a particular user belongs to
  • My permissions – quickly understand your own access and responsibilities

These views are designed to reduce troubleshooting time and give admins clearer visibility into how permissions are structured.

When is this rolling out?
  • Public Preview: Mid-June 2026 → Mid-July 2026
  • General Availability (Worldwide, GCC, GCC High, DoD): Mid-July 2026 → Mid-August 2026

Roadmap ID: 562033

Why this is useful

This update makes it much easier for admins to see who has access to what—without wasting time searching.

Here’s what that means in practice:

  • Faster answers – Instead of clicking around, you can quickly find permissions by role, user, or your own access
  • Less confusion – It’s clearer how permissions are set up, so fewer mistakes or misunderstandings
  • Easier troubleshooting – When someone doesn’t have access (or has too much), you can figure out why much faster
  • Better for audits – You can easily review and confirm permissions when needed
  • No learning curve – Nothing changes in how things work—just a clearer view of what’s already there
How this improves security

This update doesn’t change permissions—but it makes it much easier to spot problems and fix them quickly, which directly improves security.

Here’s how:

  • Better visibility = fewer hidden risks
    You can clearly see who has access to what, making it easier to catch over-permissioned users or unnecessary roles.
  • Faster detection of mistakes
    If someone has access they shouldn’t (or is missing access), you can identify and correct it much faster.
  • Stronger least-privilege control
    It’s easier to ensure people only have the access they actually need—nothing more.
  • Simpler audits and reviews
    During security or compliance checks, you can quickly validate permissions instead of manually piecing things together.
  • Reduced risk of accidental exposure
    Clearer role assignments help prevent misconfigurations that could lead to data leaks or unauthorized access.

Data Security Investigations introduces new soft purge mitigation action

Microsoft is introducing a new soft purge action in Data Security Investigations (DSI), giving admins a quick and safe way to remove sensitive or overshared files during an investigation. With soft purge, items can be deleted immediately but still recovered later as long as they’re within their deleted‑item retention period, so admins get speed without risking permanent data loss.

This builds on DSI’s growing set of AI‑powered tools like intelligent categorization, AI search, and automated risk insights making it easier than ever for organizations to spot issues and take action fast.

New update coming to Microsoft 365 Roadmap ID 558109. A soft purge action will soon be available in Data Security Investigations (DSI), giving admins a safer and more flexible way to remove sensitive or overshared content during an investigation.

When it’s rolling out
  • General Availability (Worldwide): Begins early April 2026
  • Expected completion: late May 2026

What this means for your organization

Who is affected?

Admins who use Data Security Investigations (DSI) in the Microsoft Purview compliance portal.

What’s changing

A new soft purge option will appear in DSI. With this action, admins can:

  • Remove items that match an investigation query
  • Keep those items recoverable until the retention period expires
  • Act quickly without risking accidental permanent deletion

And the best part:

  • The feature is on by default
  • No configuration needed
  • No changes to existing DLP, labeling, or retention policies
  • End users will not see any changes in their workflows

Once the rollout finishes, the feature simply appears for eligible tenants.

How to prepare

There is nothing you need to do in advance.
If you want to get ahead, you may consider:

  • Reviewing how soft purge works in DSI
  • Updating any internal guidance on investigation processes
  • Informing your security or compliance teams about the new action

Overall, this update gives organizations a safer and more controlled way to remove sensitive content during investigations—without adding extra steps or complexity.