Tag Archives: Microsoft Purview

Microsoft Purview DSPM now includes a new data security agent to strengthen your data protection posture

Posted on by

Microsoft has officially moved Data Security Posture Management (DSPM) in Microsoft Purview from preview to general availability (GA) and that’s a big step forward for organizations looking to strengthen how they protect sensitive data.

At its core, DSPM helps you understand where your data risks really are, giving you better visibility across your Microsoft 365 environment. Instead of piecing things together manually, you get clear insights, risk signals, and practical recommendations to help improve your overall data security posture.

This release is part of Microsoft’s ongoing investment in enterprise-grade security and compliance tools, making it easier to protect data at scale without added complexity.

What’s New

One of the key additions in this GA release is the Data Security Posture Agent, now fully available.

With it, you can:

  • Get a centralized view of data risks across your environment
  • Identify potential gaps in your security posture
  • Access actionable recommendations to improve protection
  • Take direct steps to remediate risks

The transition from preview to GA is seamless—your existing configurations stay as they are, and there’s no need to reconfigure policies or settings.

Rollout Timeline
  • General Availability (Worldwide): Late May 2026 – Late June 2026

The feature will become available based on your organization’s Microsoft Purview deployment timing.

Who Should Pay Attention

This update is especially relevant for:

  • IT admins
  • Security teams
  • Compliance professionals

Basically anyone responsible for managing or protecting data within Microsoft 365 using Microsoft Purview.

What This Means for You

Good news, no action is required to enable this feature.

That said, it’s a great opportunity to take advantage of what DSPM offers. You might want to:

  • Explore the new DSPM capabilities and see how they fit into your security strategy
  • Learn how to set up and use the Data Security Posture Agent
  • Start using DSPM insights to prioritize and reduce data risks
  • Inform your security and compliance teams about the update
  • Update any internal documentation that references Purview DSPM

Smarter Role Group Management in Microsoft Purview

Posted on by

Managing permissions in Microsoft Purview is about to get a lot easier.

Microsoft is improving the Role groups experience in the Purview compliance portal, introducing a more intuitive interface that helps admins quickly understand and validate permissions—something many of us have struggled with at some point.

What’s new?

Based on customer feedback, the updated UI adds new ways to view role group assignments so you can find what you need faster and with less guesswork.

Instead of digging through multiple layers, admins can now look up permissions from three different perspectives:

  • By Role – see who has specific roles assigned
  • By Member – check which roles a particular user belongs to
  • My permissions – quickly understand your own access and responsibilities

These views are designed to reduce troubleshooting time and give admins clearer visibility into how permissions are structured.

When is this rolling out?
  • Public Preview: Mid-June 2026 → Mid-July 2026
  • General Availability (Worldwide, GCC, GCC High, DoD): Mid-July 2026 → Mid-August 2026

Roadmap ID: 562033

Why this is useful

This update makes it much easier for admins to see who has access to what—without wasting time searching.

Here’s what that means in practice:

  • Faster answers – Instead of clicking around, you can quickly find permissions by role, user, or your own access
  • Less confusion – It’s clearer how permissions are set up, so fewer mistakes or misunderstandings
  • Easier troubleshooting – When someone doesn’t have access (or has too much), you can figure out why much faster
  • Better for audits – You can easily review and confirm permissions when needed
  • No learning curve – Nothing changes in how things work—just a clearer view of what’s already there
How this improves security

This update doesn’t change permissions—but it makes it much easier to spot problems and fix them quickly, which directly improves security.

Here’s how:

  • Better visibility = fewer hidden risks
    You can clearly see who has access to what, making it easier to catch over-permissioned users or unnecessary roles.
  • Faster detection of mistakes
    If someone has access they shouldn’t (or is missing access), you can identify and correct it much faster.
  • Stronger least-privilege control
    It’s easier to ensure people only have the access they actually need—nothing more.
  • Simpler audits and reviews
    During security or compliance checks, you can quickly validate permissions instead of manually piecing things together.
  • Reduced risk of accidental exposure
    Clearer role assignments help prevent misconfigurations that could lead to data leaks or unauthorized access.

Microsoft Purview DSI Gets Smarter with OCR

Posted on by

Microsoft is continuing to strengthen Purview Data Security Investigations (DSI) by adding AI‑powered Optical Character Recognition (OCR) capabilities. This new enhancement allows DSI to read and analyze text that appears inside images, something traditional investigations often miss.

With OCR built in, DSI can now surface sensitive information hidden in screenshots, scanned documents, and embedded visuals within files. The result? Deeper investigations, better context, and more accurate risk detection across your organization.

This update is tracked under Microsoft 365 Roadmap ID 561489.

When is this rolling out?
  • Public Preview (Worldwide):
    Rolling out in late May 2026, with completion expected by early June 2026
  • General Availability (Worldwide):
    Rolling out in mid‑July 2026, with completion expected by late July 2026
Who is impacted?

This update is relevant for:

  • Admins and security analysts using Microsoft Purview Data Security Investigations
  • Organizations investigating data security risks with Purview
What’s changing?

Once OCR is enabled (and it will be on by default), DSI will automatically:

  • Extract text from image‑based content, including:
    • Images
    • Screenshots
    • Visuals embedded in documents
  • Add the extracted text to investigation datasets
  • Improve search, analysis, and risk detection using this newly visible content

The good news?
No workflow changes are required. Existing investigations will continue to work as they do today—just with richer insights.

Even better, all existing Purview controls and protections still apply. Sensitivity labels, DLP policies, and other compliance settings continue to be fully respected.

Why this matters

Sensitive information doesn’t always live in plain text. Credentials, personal data, or confidential details often end up in screenshots or images—especially in collaboration tools. OCR helps close that gap and gives security teams greater visibility into data risks that were previously hard to detect.

What do you need to do?

No action is required before rollout. However, you may want to:

  • Inform your security and compliance teams about the improved image‑based detection
  • Update internal investigation procedures to account for OCR‑driven findings
  • Refresh training materials or documentation that reference DSI capabilities

Microsoft Purview DLP Gets Smarter Troubleshooting with Guided Diagnostics

Posted on by

If you’ve ever tried to troubleshoot why a Data Loss Prevention (DLP) policy behaved the way it did, you’ll know it’s not always obvious what happened behind the scenes. Microsoft is looking to change that.

Microsoft is rolling out a new guided diagnostics experience in Microsoft Purview Data Loss Prevention (DLP), designed to help administrators quickly understand, diagnose, and resolve DLP policy issues. The goal is simple: make DLP behavior easier to explain, easier to fix, and easier to optimize.

This update is tracked under Microsoft 365 Roadmap ID 561032.

When is this coming?
  • Public Preview: Mid‑May 2026 to Mid‑June 2026
  • General Availability (Worldwide): Late June 2026 to July 2026
Who does this affect?

This update is primarily aimed at:

  • Microsoft 365 administrators managing DLP policies in Microsoft Purview
  • Commercial Microsoft 365 tenants

If your organization has Microsoft 365 E5 and Copilot licensing, you’ll also benefit from Security Copilot‑powered insights, which add intelligent recommendations during troubleshooting.

What’s changing?

A new guided diagnostics experience will appear directly in the Microsoft Purview portal, making it much easier to understand what your DLP policies are doing and why.

With this experience, admins can:

  • See the order in which DLP policies are evaluated
  • Understand which conditions were matched
  • Clearly identify what action was taken (allow, block, or audit)

In other words, instead of guessing or piecing together logs, you’ll get a clearer, step‑by‑step explanation of how a DLP decision was made.

Security Copilot‑powered insights (for eligible tenants)

For organizations with the right licensing, Microsoft brings Copilot into the experience to help:

  • Spot potential policy misconfigurations
  • Speed up DLP troubleshooting
  • Get recommendations for improving and optimizing policies
What’s not changing?
  • Existing DLP policies continue to work exactly as they do today
  • Enforcement behavior is unchanged
  • There is no impact on end‑user workflows

This update is purely about visibility and diagnostics, not policy enforcement.

That said, you may want to:

  • Update internal DLP troubleshooting documentation to reference the new guided diagnostics experience
  • Make sure your security and compliance teams are aware of the new diagnostics flow in the Purview portal
  • Review your Copilot and E5 licensing to understand whether Security Copilot‑powered insights will be available in your tenant

New in Microsoft Purview: Smarter Credential Scanning to Strengthen Your Data Security

Posted on by

Microsoft is rolling out a major update to the Data Security Posture Agent in Microsoft Purview, and it’s a big step forward for organizations looking to stay ahead of credential‑related risks.

The newest addition is a credential scanning capability designed to help you uncover exposed credentials, like Microsoft Entra ID details, private keys, API tokens, and other sensitive access points across your selected data locations. With this update, Purview doesn’t just spot the issues; it also gives you risk scores, AI‑generated insights, confidence levels, and credential categories so you can quickly understand what matters and what needs attention.

All findings are surfaced in one streamlined task board, making it easier than ever to review, confirm, and take action.

This enhancement is listed as Microsoft 365 Roadmap ID 558436.

Rollout Timeline
  • Public Preview: Starts late March 2026, expected to finish by early April 2026
  • General Availability (Worldwide): Starts late June 2026, wrapping up by early July 2026

What This Means for Your Organization

Who will notice the change?

Admins who manage Microsoft Purview and use the Data Security Posture Agent within Microsoft 365 tenants will see the new feature appear under the Explore Agent section.

What’s changing?

A brand‑new credential scanning experience is being introduced, including:

  • LLM-powered detection of exposed credentials across selected data locations
  • Automated identification of:
    • Microsoft Entra ID credentials
    • Private keys
    • API tokens
    • Additional sensitive credential types

Each detection comes with:

  • A risk score
  • AI-generated insights
  • A confidence rating
  • A credential category

And to help you stay organized, Purview provides a task board where you can follow up on findings, track progress, and take recommended actions, all in one place.

How to Prepare

New in Microsoft Defender XDR: AI‑Powered Summaries for DLP Alerts

Posted on by

Microsoft is rolling out a great new capability that will make life much easier for anyone who works with Data Loss Prevention (DLP) alerts. You’ll now start seeing AI‑generated summaries and categorizations, produced by the Microsoft Purview Data Security Triage Agent, directly inside the Microsoft Defender XDR portal.

This means faster triage, clearer insights, and less time manually digging through alert details.

What’s new?

When a DLP alert fires, analysts will now see:

  • A concise AI‑generated summary of what happened
  • A suggested categorization of the alert
  • Context pulled directly from the incident to help speed up investigation

If you’ve already deployed the Triage Agent in Purview, these summaries will show up automatically in your Defender XDR alerts. If not, eligible analysts will be able to deploy it directly from the alert page super handy.

Rollout timeline

Public Preview
Starts: Early April 2026
Completed by: Mid‑April 2026

General Availability (Worldwide)
Starts: Mid‑August 2026
Completed by: Late August 2026

Roadmap ID: 558860

Who is impacted?

This update is especially helpful for:

  • Security analysts and administrators triaging DLP alerts in Defender XDR
  • Organizations already using (or planning to use) Microsoft Purview’s Data Security Triage Agent

Existing DLP policies, enforcement, and user experience remain unchanged.

Data Security Investigations introduces new soft purge mitigation action

Posted on by

Microsoft is introducing a new soft purge action in Data Security Investigations (DSI), giving admins a quick and safe way to remove sensitive or overshared files during an investigation. With soft purge, items can be deleted immediately but still recovered later as long as they’re within their deleted‑item retention period, so admins get speed without risking permanent data loss.

This builds on DSI’s growing set of AI‑powered tools like intelligent categorization, AI search, and automated risk insights making it easier than ever for organizations to spot issues and take action fast.

New update coming to Microsoft 365 Roadmap ID 558109. A soft purge action will soon be available in Data Security Investigations (DSI), giving admins a safer and more flexible way to remove sensitive or overshared content during an investigation.

When it’s rolling out
  • General Availability (Worldwide): Begins early April 2026
  • Expected completion: late May 2026

What this means for your organization

Who is affected?

Admins who use Data Security Investigations (DSI) in the Microsoft Purview compliance portal.

What’s changing

A new soft purge option will appear in DSI. With this action, admins can:

  • Remove items that match an investigation query
  • Keep those items recoverable until the retention period expires
  • Act quickly without risking accidental permanent deletion

And the best part:

  • The feature is on by default
  • No configuration needed
  • No changes to existing DLP, labeling, or retention policies
  • End users will not see any changes in their workflows

Once the rollout finishes, the feature simply appears for eligible tenants.

How to prepare

There is nothing you need to do in advance.
If you want to get ahead, you may consider:

  • Reviewing how soft purge works in DSI
  • Updating any internal guidance on investigation processes
  • Informing your security or compliance teams about the new action

Overall, this update gives organizations a safer and more controlled way to remove sensitive content during investigations—without adding extra steps or complexity.

Microsoft Purview Information Protection: Override Manually Applied Labels and Remove Labels Using Auto‑Labeling

Posted on by

Microsoft Purview is rolling out a great new capability for SharePoint and OneDrive: automatic actions for sensitivity labels.

Until now, if someone manually applied the wrong label to a file, admins had limited options—especially when large volumes of content were involved. With this update, Purview can now automatically override or remove manually applied sensitivity labels when they don’t match your organization’s policies.

In simple terms:
Your data stays correctly classified, even when humans make mistakes.

Rollout begins mid‑April 2026, and the feature will be off by default, giving administrators full control over when and how they want to enable it. It’s another step toward stronger, more accurate data governance across Microsoft 365.

Microsoft Purview is getting a meaningful upgrade as part of its ongoing integration with Microsoft Defender for Cloud Apps. The latest improvement brings new auto‑labeling actions to SharePoint and OneDrive, giving organizations more control over how sensitive information is classified across their environment.

What’s new?
Admins can now automatically override sensitivity labels that were applied manually or remove labels entirely when a file no longer meets the criteria for that classification. This means large volumes of content can stay properly labeled—even as information changes—without relying on users to update labels themselves.

This update appears under Microsoft 365 Roadmap ID 558342.

📅 Rollout Timeline

  • General Availability (Worldwide): Starting mid‑April 2026
  • Completion expected by mid‑April 2026

A fast rollout for a very impactful capability.

Who will be impacted

This update mainly affects:

  • Microsoft 365 admins managing Purview Information Protection
  • Organizations using auto‑labeling policies for SharePoint or OneDrive

What’s changing

Admins will now see new actions inside the auto‑labeling configuration panel in the Purview portal.

Auto‑labeling policies can now:

Override existing sensitivity labels

Even if a user applied the label manually, Purview can replace it if the file meets a different policy condition.

Remove a specific sensitivity label

If a file no longer qualifies for a certain label, Purview can automatically strip it from the document.

Applies to files at rest

These changes affect existing content already stored in:

  • SharePoint Online
  • OneDrive for Business

Admin-controlled

Nothing changes until an admin enables these new actions.
By default, the feature is off.

Compliance Considerations

AreaWhat It Means
Does this change how customer data is processed?Yes—files in SharePoint and OneDrive may now have labels automatically overridden or removed based on rules you configure.
Does this modify Information Protection capabilities?Yes—it expands auto‑labeling to include overriding manual labels and removing specific labels.
Does this affect monitoring or compliance evidence?Yes—it improves consistency and auditability because label changes follow formal Purview policies.
Is there an admin control?Absolutely. Admins must explicitly configure these new actions in Purview. Nothing changes automatically.

Enhancing AI Analysis in Data Security Investigations: What’s Coming Next

Posted on by

Microsoft Purview is rolling out a series of improvements designed to make AI analysis in Data Security Investigations (DSI) faster, smoother, and easier for analysts to use.

With these updates, items added to an investigation will now be automatically prepared for AI analysis—removing a repetitive manual step and helping analysts get to insights sooner. Purview is also introducing a new standard categorization option, giving organizations a quicker and more cost‑efficient way to group and review investigation items. For deeper insights, advanced categorization, including AI‑generated topics, will continue to be available.

These changes are part of Microsoft 365 Roadmap ID 557556.

Rollout Timeline

  • Public Preview: Mid‑March 2026 → Mid‑April 2026
  • General Availability (Worldwide): Mid‑April 2026 → Mid‑May 2026

What This Means for Your Organization

Who will notice the changes?

  • Microsoft Purview administrators
  • Analysts and security teams using Data Security Investigations
  • Any Microsoft 365 tenant with access to DSI capabilities

What’s changing?

  • Automatic AI preparation:
    Items added to an investigation will automatically get ready for AI analysis. No extra clicks or steps required.
  • New standard categorization option:
    A streamlined way to categorize items, ideal for scenarios where speed and simplicity matter.
  • Advanced categorization remains:
    Organizations can still use richer AI‑powered topic grouping when deeper analysis is needed.
  • No configuration changes needed:
    Everything is enabled by default—no admin setup required.

What users may see

  • Faster time from “item added” to “item ready for analysis”
  • A refreshed UI for choosing between standard and advanced categorization

How to Prepare

There’s nothing you need to configure ahead of time. However, it’s helpful to:

  1. Inform analysts and SOC teams about the new categorization options and automatic AI preparation.
  2. Update internal documentation if you maintain guides or SOPs that describe DSI workflows.
  3. Review training materials so teams know when to choose standard vs. advanced categorization.

Microsoft Office for the web: Apply sensitivity labels with user-defined permissions

Posted on by

Updated February 13, 2026: The roll-out timeline has been updated!!

Microsoft 365 Office for the web will support applying sensitivity labels with user-defined permissions in Word, Excel, and PowerPoint starting mid-March 2026. This aligns with desktop app permissions dialogs, requires no admin changes, and enhances document access control without compliance impacts.

Office for the web now supports sensitivity labels with user‑defined permissions

Microsoft 365 Office for the web (Word, Excel, and PowerPoint) now includes the ability to apply sensitivity labels with user‑defined permissions, giving organizations greater flexibility and control over document access directly in the browser. This update aligns the web experience with the modern permissions dialog available in the desktop apps.

Roadmap ID: 468888

Rollout timeline

General Availability

  • Worldwide & GCC:
    Rollout begins mid‑March 2026 (previously mid‑February) and is expected to complete by early April 2026 (previously early March).
  • GCCH & DoD:
    Rollout begins mid‑March 2026 (previously mid‑February) and is expected to complete by early May 2026 (previously early April).

Who is affected

Compliance considerations

No new compliance impacts have been identified. Organisations may review the change as needed.