Tag Archives: Sensitivity labels

Data Security Investigations introduces new soft purge mitigation action

Posted on by

Microsoft is introducing a new soft purge action in Data Security Investigations (DSI), giving admins a quick and safe way to remove sensitive or overshared files during an investigation. With soft purge, items can be deleted immediately but still recovered later as long as they’re within their deleted‑item retention period, so admins get speed without risking permanent data loss.

This builds on DSI’s growing set of AI‑powered tools like intelligent categorization, AI search, and automated risk insights making it easier than ever for organizations to spot issues and take action fast.

New update coming to Microsoft 365 Roadmap ID 558109. A soft purge action will soon be available in Data Security Investigations (DSI), giving admins a safer and more flexible way to remove sensitive or overshared content during an investigation.

When it’s rolling out
  • General Availability (Worldwide): Begins early April 2026
  • Expected completion: late May 2026

What this means for your organization

Who is affected?

Admins who use Data Security Investigations (DSI) in the Microsoft Purview compliance portal.

What’s changing

A new soft purge option will appear in DSI. With this action, admins can:

  • Remove items that match an investigation query
  • Keep those items recoverable until the retention period expires
  • Act quickly without risking accidental permanent deletion

And the best part:

  • The feature is on by default
  • No configuration needed
  • No changes to existing DLP, labeling, or retention policies
  • End users will not see any changes in their workflows

Once the rollout finishes, the feature simply appears for eligible tenants.

How to prepare

There is nothing you need to do in advance.
If you want to get ahead, you may consider:

  • Reviewing how soft purge works in DSI
  • Updating any internal guidance on investigation processes
  • Informing your security or compliance teams about the new action

Overall, this update gives organizations a safer and more controlled way to remove sensitive content during investigations—without adding extra steps or complexity.

Microsoft Purview Information Protection: Override Manually Applied Labels and Remove Labels Using Auto‑Labeling

Posted on by

Microsoft Purview is rolling out a great new capability for SharePoint and OneDrive: automatic actions for sensitivity labels.

Until now, if someone manually applied the wrong label to a file, admins had limited options—especially when large volumes of content were involved. With this update, Purview can now automatically override or remove manually applied sensitivity labels when they don’t match your organization’s policies.

In simple terms:
Your data stays correctly classified, even when humans make mistakes.

Rollout begins mid‑April 2026, and the feature will be off by default, giving administrators full control over when and how they want to enable it. It’s another step toward stronger, more accurate data governance across Microsoft 365.

Microsoft Purview is getting a meaningful upgrade as part of its ongoing integration with Microsoft Defender for Cloud Apps. The latest improvement brings new auto‑labeling actions to SharePoint and OneDrive, giving organizations more control over how sensitive information is classified across their environment.

What’s new?
Admins can now automatically override sensitivity labels that were applied manually or remove labels entirely when a file no longer meets the criteria for that classification. This means large volumes of content can stay properly labeled—even as information changes—without relying on users to update labels themselves.

This update appears under Microsoft 365 Roadmap ID 558342.

📅 Rollout Timeline

  • General Availability (Worldwide): Starting mid‑April 2026
  • Completion expected by mid‑April 2026

A fast rollout for a very impactful capability.

Who will be impacted

This update mainly affects:

  • Microsoft 365 admins managing Purview Information Protection
  • Organizations using auto‑labeling policies for SharePoint or OneDrive

What’s changing

Admins will now see new actions inside the auto‑labeling configuration panel in the Purview portal.

Auto‑labeling policies can now:

Override existing sensitivity labels

Even if a user applied the label manually, Purview can replace it if the file meets a different policy condition.

Remove a specific sensitivity label

If a file no longer qualifies for a certain label, Purview can automatically strip it from the document.

Applies to files at rest

These changes affect existing content already stored in:

  • SharePoint Online
  • OneDrive for Business

Admin-controlled

Nothing changes until an admin enables these new actions.
By default, the feature is off.

Compliance Considerations

AreaWhat It Means
Does this change how customer data is processed?Yes—files in SharePoint and OneDrive may now have labels automatically overridden or removed based on rules you configure.
Does this modify Information Protection capabilities?Yes—it expands auto‑labeling to include overriding manual labels and removing specific labels.
Does this affect monitoring or compliance evidence?Yes—it improves consistency and auditability because label changes follow formal Purview policies.
Is there an admin control?Absolutely. Admins must explicitly configure these new actions in Purview. Nothing changes automatically.

Microsoft Office for the web: Apply sensitivity labels with user-defined permissions

Posted on by

Updated February 13, 2026: The roll-out timeline has been updated!!

Microsoft 365 Office for the web will support applying sensitivity labels with user-defined permissions in Word, Excel, and PowerPoint starting mid-March 2026. This aligns with desktop app permissions dialogs, requires no admin changes, and enhances document access control without compliance impacts.

Office for the web now supports sensitivity labels with user‑defined permissions

Microsoft 365 Office for the web (Word, Excel, and PowerPoint) now includes the ability to apply sensitivity labels with user‑defined permissions, giving organizations greater flexibility and control over document access directly in the browser. This update aligns the web experience with the modern permissions dialog available in the desktop apps.

Roadmap ID: 468888

Rollout timeline

General Availability

  • Worldwide & GCC:
    Rollout begins mid‑March 2026 (previously mid‑February) and is expected to complete by early April 2026 (previously early March).
  • GCCH & DoD:
    Rollout begins mid‑March 2026 (previously mid‑February) and is expected to complete by early May 2026 (previously early April).

Who is affected

Compliance considerations

No new compliance impacts have been identified. Organisations may review the change as needed.