What's new in Microsoft Purview
Whether it's adding new solutions, updating existing features based on your feedback, or rolling out fresh and updated documentation, Microsoft Purview helps you stay on top of the ever-changing data governance, data security, and risk and compliance areas. Take a look at the following information to see what's new in Microsoft Purview.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
What's planned for Microsoft Purview
Microsoft Purview continues to add new solutions and features to help with data governance, data security, and risk and compliance in your organization. Check out the following roadmap sites to learn more about what's planned for Microsoft Purview:
December 2024
Data Governance
- In preview: Self service analytics and insights for data governance metadata (preview) now extends to ADLS Gen2, which is in preview with general availability-grade support. Customers can now subscribe to Microsoft Purview Unified Catalog metadata to publish it to either ADLS Gen2 or Fabric OneLake storage for analytics and actionable insights.
- In preview: Data governance health report now has a glossary terms report (preview), providing a shared vocabulary for business users to make it easier to understand how terms and their definitions bring business context to data products. These terms are integral to Microsoft Purview, supporting data governance by incorporating policies. The glossary terms report, in preview with general availability-grade support, allows data stewards to explore:
- Trends in glossary terms,
- Glossary terms hierarchy,
- Data product associations with glossary terms, and
- Governance domain associations with glossary terms.
November 2024
Audit
- Ignite 2024 update: New guidance for about how audit logs are generated for user interactions and admin activities related to Microsoft Copilot and AI applications.
Communication Compliance
- Ignite 2024 update: New support for detecting generative AI interactions with Microsoft Copilot, non-Microsoft connected generative AI applications, and AI applications from browser and network activity by users in your organization.
- Ignite 2024 update: New support for harmful user-generated and AI-generated content in applications and services. This includes evaluation of user prompts submitted to generative AI services and the inclusion of known text content that may be sensitive to your organization.
- Ignite 2024 update: Expanded integration for Communication Compliance indicators and generative AI policy indicators in Insider Risk Management policies.
Compliance Manager
- In preview: Users can now customize Compliance Manager regulatory templates by adding controls and improvement actions in order to build custom assessments.
- Updated: Compliance Manager has a Reports page, which displays a history of the recent activity impacting an organization's compliance score.
- In preview: Organizations can assess their predeployment compliance (preview) before deploying any new Microsoft services.
Data Governance
- Ignite 2024 update: The Microsoft Purview Data Catalog is changing its name to Microsoft Purview Unified Catalog. All the features will stay the same. Check the name in your region.
Data lifecycle management and records management
- Ignite 2024 - In preview: Retention policies support Teams AI-generated notes when you use the Teams chat location for AI-generated notes in chat, and OneDrive accounts for AI-generated notes in meetings. Retention labels aren't currently supported for AI-generated notes.
- Ignite 2024 update: In preview, you can create separate retention policies for Copilot interactions and Teams chats. Newly created policies use separate locations. You can also separate existing policies. Previously, messages from Teams and Microsoft Copilot were automatically included in the retention policy location.
Data Loss Prevention
- Ignite 2024 update: In preview DLP policies for Fabric support semantic models and lakehouses. Get started with Data loss prevention policies for Fabric and Power BI.
- Ignite 2024 update: In preview four new scenarios for applying controls to files that fail classification or are outside the scope of DLP monitoring or are in scope but unknown or subsets of files.
- Ignite 2024 update: In preview, you can use Security Copilot to gain insights into your DLP policies. Get insights with Security Copilot.
- Ignite 2024 update: In preview, you can use Power Automate integration to trigger custom workflows as a DLP rule action: Get started with Power Automate integration
- Ignite 2024 new: In preview, Microsoft 365 Copilot is available as a monitored location in DLP policies. Learn about the Microsoft 365 location (preview).
Data Security Posture Management for AI
- Ignite 2024 - General Availability (GA): Previously named Microsoft Purview AI Hub, Data Security Posture Management for AI (DSPM for AI) is now GA with added preview functionality and changes:
- Data assessments (in preview) to identify and fix potential oversharing risks in your organization. Fixes include helping you to create a DLP policy to prevent Microsoft 365 Copilot from summarizing files with specific sensitivity labels, and specifying which SharePoint sites to be restricted from Microsoft 365 Copilot (SharePoint restricted content discoverability).
- New recommendations and policies that include detecting risky AI usage using an Insider Risk Management policy.
- Extending support for other generative AI apps, including Copilot Studio, ChatGPT - Microsoft Purview integration with ChatGPT Enterprise Compliance API, and new support for Microsoft Teams AI-generated notes, currently in preview. You see these categorized on the Reports page and in activity explorer as Microsoft Copilot Experiences and Enterprise AI apps.
- A version for E3 customers, to help turn on audit, see data related to Microsoft 365 Copilot interactions, and other AI-related events in activity explorer.
Device onboarding
- Ignite 2024 update: In preview, Microsoft Data Loss Prevention just-in-time (JIT) protection is available on the three most recent releases of macOS. Onboarding devices into device management.
eDiscovery (preview)
- Ignite 2024 update: New support and upgrades to the export flow in search and review sets, providing a unified export structure across premium and non-premium feature exports, faster export performance, detailed reporting, and flexible export options.
- Ignite 2024 update: New support to identify web queries in Microsoft 365 Copilot usage.
Insider Risk Management
- Ignite 2024 - In preview: New Risky AI usage policy template to help detect and enable risk scoring for user prompts and system responses across AI tools in your organization.
Security Copilot in Purview
- Ignite 2024 update - In preview multiple new capabilities are available in Microsoft Security Copilot in Purview. Security Copilot integration in Microsoft Purview.
- Ignite 2024 update - In preview Security Copilot is available in Microsoft Purview activity explorer. It can help with data hunting and generation of filters from natural language prompts Security Copilot in activity explorer (preview).
Sensitivity labels
- Ignite 2024 - In preview: SharePoint document libraries can be configured for a sensitivity label to extend permissions to downloaded documents, and protect files from being copied or moved. For more information, see Configure SharePoint with a sensitivity label to extend permissions to downloaded documents.
Trainable classifiers
- Ignite 2024 update: In preview there are two new trainable classifiers:
- Prompt Shields - Detects adversarial user input attacks in LLMs. Trainable classifiers definitions.
- Protected material - Detects known text content that may be protected under copyright or branding laws. Trainable classifiers definitions.
October 2024
AI Hub
- UI changes to navigation: Although there's no change to functionality, some AI hub pages and navigation have changed. For example, the original Analytics page is replaced by Overview and Recommendations pages, and the one-click policies have moved from the Policies page to individual recommendation cards. If you need help navigating the AI hub, see How to use the AI hub.
- Event name change: The event name of "Classification stamped" in activity explorer is changed to Sensitive info types detected.
Compliance Manager
- Updated: Changes in Compliance Manager settings for automated testing of improvement actions and user access to assessments are now reflected in the audit log. Relevant schemas have also been added to Office 365 Management Activity API schema.
Data Governance
Glossary terms to CDE associations: Data stewards can now connect glossary terms to critical data elements and vice versa.
Updating abandoned domains: Data Governance Administrators listed under Settings->Data Catalog->Role and permissions can now update owners for governance domains that have become uneditable due to previous owners leaving the organization.
Self-service analytics and insights for data governance metadata (preview)
- This feature empowers data analysts and data stewards to analyze and gain insights from Microsoft Purview Data Governance metadata in Fabric OneLake. Customers will have full flexibility in computing and tooling to leverage insights from Purview Data Governance metadata to manage and enhance their data estate health. They can link data governance metadata with other data sources to create leadership reports and generate insights that support fact-based decision-making and foster a culture of data governance across the organization.
- ADLSg2 support is currently in gated preview. Please contact your Microsoft Purview account team to have your tenant allowlisted to access Purview Data Governance metadata for your ADLSg2 storage. You need to provide the following information for allow listing: Tenant ID, Organization name, Purview Account name, Purview Account ID, Azure Region, and Azure Subscription ID. Learn more.
Azure Databricks view support in preview: Azure Databricks users will be able to profile and run data quality scans for data in Azure Databricks views in addition to Azure Databricks tables. Learn more.
Native Synapse connector for Serverless and Synapse Data Warehouse with managed vNet support is available in gated preview for both tables and views. Customers will be able to profile and run data quality scans on their data in Synapse behind the private endpoint. You need to provide following information for allow listing: Tenant ID, Organization name, Purview Account name, Purview Account ID, Azure Region, and Azure Subscription ID. Learn more.
Purview Deployment Models
- New model: Microsoft Purview deployment models are a new content set authored by the product engineering team and are based on real-world customer experiences. They are intended to streamline and accelerate your deployment process for specific business scenarios. The first one, Secure by default with Microsoft Purview and protect against oversharing focuses on:
- Implementing a secure-by-default configuration using sensitivity labeling
- Using label publishing defaults and auto-labeling in the Office client.
- Using contextual default in SharePoint sites to increase deployment velocity.
Sensitive information types
Sensitivity labels
- Loop support: New article that lists the supported apps and scenarios for using sensitivity labels with Loop components, pages, and workspaces, Use sensitivity labels with Microsoft Loop.
- Change for label scopes: The Items scope is renamed Files & other data assets. This renamed scope now includes items that were previously in the removed Schematized data assets scope and newly includes items for Microsoft Fabric.
- In preview: Sensitivity labels that apply access control to encrypt items now support protection policies for Microsoft Fabric. For more information, see Protection policies in Microsoft Fabric.
- In preview: Now rolling out, a naming change to the encryption permissions levels that you see in the Microsoft Purview portal and Microsoft Purview compliance portal, and that users see when a sensitivity label prompts them for permissions in Word, Excel, and PowerPoint. The actual usage rights included in these permission levels haven't changed. Accompanying this change is a new dialog box for users, which displays the permission levels and additional options.
- Reviewer is renamed Restricted Editor
- Co-author is renamed Editor
- Co-owner is renamed Owner
- Improvements to default labels: Rolling out, the default sensitivity labels now include the Meetings scope if the tenant has licenses to manually apply a label for scheduled meetings. Additionally:
- The accompanying sensitivity label policy includes a default Teams meeting label.
- If the tenant has licenses to manually apply the label to Teams meetings, some of the sensitivity labels also have settings configured to protect these meetings.
- Improvements to Microsoft 365 Copilot: Copilot in Outlook (Classic) for Windows now supports encrypted items for version 2408 in Monthly Enterprise Channel.
September 2024
Data Governance
General availability (GA): The Microsoft Purview Data Governance experience with Data Catalog is generally available with some new features and capabilities:
- Business concept deletes: Enables data stewards to delete business concepts (governance domains, data products, glossary terms, critical data elements, and OKRs that are unpublished and don't have associations with other concepts.
- Data catalog admin settings: The admin experience including roles, permissions, and self-service analytics is now part of the Solution Settings for Data Catalog in the Microsoft Purview portal.
- Data product policies: Optional access providers in data product request access workflows can record the asset level access provisioning status for assets in the data product and mark the request as Completed. See our access policies article for more information.
- Data product request access workflows
- Data consumers can select a request from the My Data Access tab in Data Products page and see the request details, including approval details and asset level access provisioning status. Learn more.
- Access request approvers or new optional access providers who are the last step in the workflow can record asset level access provisioning status for assets in the data product and mark the request as ‘Completed’ post approval. Learn more.
- Data quality for multi-cloud data sources: Data Quality Stewards will be able to profile, add data quality rules, run data quality scans and monitor data quality scores of their data in multicloud data estate.
- Enterprise glossary (preview): Data consumers can browse and understand all glossary terms, CDEs, and OKRs across the enterprise in this new page under Discovery.
- New navigation: New navigation and menu enhancements to navigate the 3 main categories of experiences: Discovery, Catalog management, and Health management, and separate admin experiences to Solution settings in the Microsoft Purview portal.
- Partner-built bulk import functionality: Download our partner Macula’s standalone utilities to bulk import business concepts into the new Data Catalog.
- Self-service analytics and insights for data governance metadata (private preview): Empower data analysts and data stewards to analyze and derive insights from Microsoft Purview Data Governance metadata. Customers will have full flexibility in computing and tooling to analyze and utilize insights from Purview Data Governance metadata to manage and improve their data estate health. They can link data governance metadata with other data sources to create leadership reports and generate insights that drive fact-based decision-making and foster a data governance culture across the company. Learn more.
- Tree-view visualization: Hierarchy for governance domains and glossary terms can be visualized as a tree-view within the catalog management and discovery experiences.
Sensitivity labels
- Improvements to Microsoft 365 Copilot: Copilot in Outlook (Classic) for Windows is now rolling out support for encrypted items, starting with version 2408 in Current Channel.
August 2024
AI Hub
- Copilot prompts and responses reported by activity explorer: The activity explorer event AI interaction includes the prompt and response independently from eDiscovery and insider risk management.
- Improvements to permissions: You can use the Microsoft Purview Security Reader role for read-only access to the Microsoft Purview AI Hub. For more information, and a comparison breakdown of permissions by activities, see the new article, Permissions for Microsoft Purview AI Hub.
Compliance Manager
- Updated: Added and clarified information about assessment status states.
Sensitivity labels
- In preview: Dynamic watermarks are now also supported on iOS and Android, and the custom string supports a date and time variable.
July 2024
AI Hub
- Improvements to permissions: You can now also use the Microsoft Purview Compliance Administrator role to access the Microsoft Purview AI Hub.
Audit
- Updated: Clarified the CreationTime property meaning.
- Updated: Documented that SearchQueryInitiated events are now included in Audit (Standard).
Compliance Manager
- Updated: Clarified settings for automatic testing of improvement actions to specify that Compliance Manager Administrators can turn on or off automatic testing for all improvement actions, not just on a per-action basis.
Data connectors
- Retired: All Veritas data connectors in Microsoft Purview were retired in June 2024. Non-Veritas data connectors in your organization aren't affected by this change. Contact your Veritas account representative if you have questions about Veritas archiving services.
eDiscovery
- In preview: Use the new eDiscovery (preview) solution in the Microsoft Purview portal to identify, review, and manage content in Microsoft 365 services to support your investigations. The new experience supports most of the features and capabilities from the previous experience, with more features being added over the coming months.
- Updates: New scenarios added for the Invoke-ComplianceSecurityFilterAction cmdlet for compliance boundaries.
Microsoft Purview portal
- Updated: The global search feature now supports the new User category in the Microsoft Purview portal.
Sensitivity labels
- In preview: New privacy control for Office apps that prevents sending labeled content to some connected experiences for analysis. This setting impacts services such as data loss prevention, automatic and recommended labeling, and Microsoft 365 Copilot.
- In preview: Dynamic watermarks to deter leakage of labeled and encrypted documents by rendering over the document the reader's Universal Principal Name (UPN) or other identifying information. Unlike standard content markings, dynamic watermarks can't be changed or removed by the user.
- In preview: Rolling out, the condition builder to create search queries in eDiscovery from the Microsoft Purview portal supports sensitivity labels. For example, as part of your eDiscovery case, restrict content to files and emails that have a Highly Confidential sensitivity label. Or conversely, exclude content to files and emails that have a Public sensitivity label.
- Improvements to Microsoft 365 Copilot: Outlook for iOS and Outlook for Android join the platforms that support Copilot in Outlook for encrypted items.
June 2024
Communication compliance
- New article: Configure conditions for key scenarios. Use the screenshots in this article as models to quickly configure policy conditions for your own scenarios.
- Scheduled reports: If you need to recreate the same report regularly, you can now schedule report creation.
Data Governance
- New: Enterprise data governance resources can now use platform private endpoints to secure access to the Microsoft Purview Data Catalog and Data Map, and secure data traffic between Microsoft Purview and your private networks.
Data lifecycle management and records management
- Change for Teams meetings: Now that Microsoft Teams supports meetings that have transcripts without recordings, these transcripts are also identified with the same query that identifies recordings and accompanying transcripts.
Insider risk management
- New article: See the Best practices for managing your alert volume article to tune your alert volume if you have too many or too few alerts.
- In preview: With the new policy deletion enhancements, you have the choice to delete associated alerts and users when you delete a policy. This is useful if you have created a policy for testing purposes.
- Updated: Clarified that detection groups can be used with the Global exclusions setting as well as with variants of built-in indicators.
- Updated: Clarified that admins restricted by admin groups can't access alerts for users assigned to them through security groups or distribution groups and recommendations for adding users directly to admin groups.
Sensitivity labels
- General Availability (GA): New privacy control for Office apps that prevents sending labeled content to some connected experiences for analysis. This setting impacts services such as data loss prevention, automatic and recommended labeling, and Microsoft 365 Copilot.
- Improvements to Microsoft 365 Copilot: Copilot in Outlook now supports encrypted items for Outlook for Mac, Outlook on the web, and the New Outlook for Windows.
- Improvements to auto-labeling: The maximum number of automatically labeled files in your tenant per day is increased from 25,000 to 100,000 and the number of matched files that simulation supports is increased from 1,000,000 to 4,000,000.
- New: Additional column, "New Outlook for Windows" is now included in the capabilities table for Outlook.