Share via

On-demand classification (preview)

Microsoft Purview on-demand classification (in preview) identifies and classifies sensitive content in historical data stored in SharePoint and OneDrive. This extends the classification capabilities to files that haven't been classified or modified for a long time, have never been classified or need updated classification on previously classified files.

As data volumes grow and AI tools like Copilot become more deeply integrated into daily work, the risk of exposing unlabeled or unprotected information increases—especially when that data sits untouched in SharePoint or OneDrive. To help close these gaps, Microsoft Purview now offers on-demand classification: a targeted way to scan and label files at rest, using your latest sensitive information types and classification policies. This gives admins more control to protect inactive content that might otherwise be missed by real-time systems.

When combined with Information Protection’s continuous classification, which automatically reclassifies files whenever they’re created, accessed, or modified, this two-pronged approach helps organizations keep content more closely aligned with the latest security policies:

  • Continuous classification keeps active files up to date by automatically re-evaluating them when they’re created, accessed, or edited
  • On-demand classification brings older or inactive files into scope by allowing admins to scan stored data at rest on their own schedule

With on-demand classification, organizations can:

  • Extend protection to previously unclassified or inactive files, increasing overall coverage
  • Strengthen data protection across your environment without relying on end-user actions
  • Reduce the risk of AI tools surfacing unlabeled or unprotected information and do it all natively, without exporting your data or relying on fragmented tools

Permissions

To run a scan, you must be a member of the following role group:

  • Compliance Administrator

To view classification results, you must be a member of one of these role groups:

  • Content Explorer Content Viewer
  • Content Explorer List Viewer

Create an on-demand classification scan

  1. Sign in to the Microsoft Purview portal

  2. Navigate to Data loss prevention > Classifiers > On-demand classification or Information Protection > Classifiers > On-demand classification

  3. Select New scan.

  4. Following the instructions of the wizard. During this process, you'll define the following:

    • Name and description
    • Scope and location - You can choose to scan all SharePoint sites and OneDrive accounts, only specific ones, or skip certain sites and accounts from the scan.
    • Date range you want to scan

    After you complete the wizard, the estimation process begins. The duration will depend on the scope of the scan.

    Note

    By default, items created or modified in the last year are selected. To view the list of Sensitive Information Types (SITs) and trainable classifiers included in the scan, select View scope. By default, all available classifiers in the tenant are included.

  5. From the On-demand classification list view, select the scan you created.

  6. Select View estimation.

    Note

    After reviewing the estimates, you can edit the scan to narrow or expand the scope. Select Edit scan and rerun simulation.

  7. Select Start classification.

Analyze on-demand classification results

  1. From the on-demand classification page, select a scan from the list.
  2. Select View Scan.
  3. On the Scan overview tab, review scan results, including progress, match found, failed locations, skipped locations and incurred cost. Optionally, you can cancel in-progress scans by selecting Cancel Scan.
  4. On the Items for review tab, review specific items found during the scan. You can filter and export the result.

Additional considerations

  • Classification can begin up to 30 days after estimation, but minimizing the gap ensures greater accuracy in final counts and costs.
  • Each scan can process up to 1,000 locations and 5 million files. These limits are enforced based on scan estimation results.
  • Each file, once scanned, is evaluated against Data Loss Prevention (DLP), Information Protection (MIP), Data Lifecycle Management (DLM), and Insider Risk Management (IRM) policies, triggering appropriate actions such as alerts, applied labels, or auto-labeling policies.
  • Content Explorer updates within seven days to reflect newly classified content.

See Also

Learn about trainable classifiers
Learn about sensitive information types
Deploy an information protection solution with Microsoft Purview