What's new in Microsoft Purview
Whether it be adding new solutions to the Microsoft Purview governance or compliance portals, updating existing features based on your feedback, or rolling out fresh and updated documentation, Microsoft Purview helps you stay on top of the ever-changing data governance and risk and compliance areas. Take a look at the following information to see what's new in Microsoft Purview.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
May 2024
AI Hub
- In preview: Microsoft Purview AI Hub provides easy-to-use graphical tools and reports to quickly gain insights into AI use within your organization. Not just for Microsoft Copilot, but also third-party LLMs. One-click policies help you protect your data and comply with regulatory requirements. For more information, see Microsoft Purview AI Hub provides insights, policies, and controls for AI apps.
Communication compliance
- General Availability (GA): Summarize a message using Microsoft Copilot for Security in Microsoft Purview.
- In preview: Use admin units to scope users to a region or department.
- In preview: Use the new condition builder to combine multiple conditions in the same policy. Create compound conditions with AND, OR, and NOT operators. See a list of scenarios that use the new condition builder.
- In preview: Use the new Cross-policy resolution setting to resolve all instances of the same policy match in any policy where it's detected.
- Updated: Clarified that policies appearing in the policy list with the "AI-hub" prefix are created in the AI Hub, not in communication compliance.
Compliance Manager
- Updated: There are four new AI regulatory templates to help organizations assess, implement, and strengthen its compliance against AI regulations, including the EU Artificial Intelligence Act, ISO/IEC 23894:2023, ISO/IEC 42001, and NIST AI RMF.
Data lifecycle management and records management
- In preview: Adaptive protection for content in SharePoint, OneDrive, and Exchange. An auto-labeling retention policy for these locations is automatically created when you use adaptive protection with insider risk management. For more information, see Dynamically mitigate the risk of accidental or malicious deletes. You might need to opt-in to this new capability:
- If adaptive protection was turned on before this data lifecycle management preview release, you must manually enable the auto-labeling retention policy.
- If you turn on adaptive protection after this data lifecycle management preview release, the auto-labeling retention policy is automatically turned on for you.
Information protection scanner
- General availability (GA): A new scanner version from the Microsoft Purview Information Protection client is generally available and procedural information is updated to use the new PowerShell module. When you upgrade from the Azure Information Protection client, it's important to follow the upgrade instructions because service names and other components are renamed.
Insider risk management
- General Availability (GA): Adaptive protection in insider risk management when used with Microsoft Purview Data Loss Prevention.
- In preview: Adaptive protection in insider risk management extended to Microsoft Purview Data Lifecycle Management. The data lifecycle management policy that's automatically created detects for users that are assigned an Elevated risk level. When a risky user deletes any content from SharePoint, OneDrive, or Exchange Online, the contents are automatically preserved for 120 days.
- General Availability (GA): Summarize an alert using Microsoft Copilot for Security in Microsoft Purview
- In preview: Use the new Microsoft Fabric indicators to detect for techniques used to figure out the environment and to gather data of interest.
- In preview: Data sharing setting now extends insider risk severity to the Microsoft Defender XDR User's page.
- Updated: Clarified that when configuring a physical badging connector, you can't add non-english characters to the JSON file.
Sensitivity labels
- General availability (GA): The Microsoft Purview Information Protection client is generally available, and replaces the Azure Information Protection (AIP) unified labeling client. For more information, see the following resources:
- In preview: Double Key Encryption (DKE) is now in preview for Word, Excel, and PowerPoint on macOS and iOS.
- Improvements to Microsoft Copilot for Microsoft 365: Copilot in PowerPoint can now create a presentation from a labeled and encrypted file for supported configurations.
April 2024
The Microsoft Purview portal (in preview) is being gradually updated with solutions from the compliance portal. Where relevant, the documentation now includes configuration steps for both portals.
Audit
- Updated: Clarified search tips for Exchange admin activities in the audit log.
Communication compliance
- In preview: Summarize a message by using Copilot in Purview (preview).
- Updated: Clarified why a generic error message might appear when summarizing a message with Copilot in Purview.
- Updated: Clarified roles required to investigate Copilot for Microsoft 365 interactions and how you can remediate policy matches for Copilot interactions in the same way that you remediate other policy matches in communication compliance.
- In preview: Create a custom tag when you need more flexibility than the standard tags provide.
- Updated: Added new table that describes possible values for the Sentiment column when prioritizing messages.
Compliance Manager
- Updated Working with connectors in Compliance Manager to reflect the availability of a new connector for Corporate Sustainability.
Copilot for Security
- New: Microsoft Copilot for Security in Microsoft Purview
- New: Microsoft Copilot in Microsoft Purview prompts and promptbooks
Data catalog
- In preview: New data catalog experience
- In preview: Business domains
- In preview: Data products
- In preview: Glossary terms
- In preview: OKRs
- In preview: Data quality
- In preview: New data estate health controls
Data lifecycle management and records management
- Improvements to SharePoint and OneDrive retention: For these services, you can now delete a folder that's subject to retention, even if it contains files.
Data loss prevention
- In preview: Learn about DLP the toolsets you can use to investigate DLP alerts (preview) for Copilot in Purview.
- In preview: Get started with the DLP alert dashboard (preview)
eDiscovery
- In preview: Summarize an item by using Microsoft Copilot for Security (preview)
- Updated: Clarified steps in the recommended script to correctly output a list of OneDrive sites in targeted collections.
- Updated: Updated application and service data sources for Copilot data.
- Updated: Updated content to reflect the retirement of the Search-Mailbox cmdlet.
- Updated: Clarified non-support for purge or search for Teams Connect Chat (External access or Federation).
- Updated: Documented the Export role for downloads from review sets.
- Updated; Clarified the differences in datacenter locations used to store data in the Canada for eDiscovery (Standard) and eDiscovery (Premium).
Information protection scanner
- In preview: A new scanner version from the Microsoft Purview Information Protection client, now in preview. When you upgrade from the Azure Information Protection client, it's important to follow the upgrade instructions because service names and other components are renamed.
Insider risk management
In preview: Use the Copilot button to summarize an alert, updated for Copilot in Purview.
In preview: Configure sharing of user risk severity levels with Microsoft Defender and DLP alerts, updated for Copilot in Purview.
In preview: What happens when you share insider risk management user risk severity levels in DLP alerts?, updated for Copilot in Purview.
In preview: Use the new cloud storage indicators (Google Drive, Box, and Dropbox) to detect for techniques used to determine the environment, gather and steal data, and disrupt the availability or compromise the integrity of a system.
Use the new cloud service indicators (Amazon S3 and Azure) to detect for techniques used to: avoid detection or risky activities by disabling trace logs or by updating or deleting SQL Server firewall rules; steal data, such as sensitive documents; disrupt the availability or compromise the integrity of a system; gain higher-level permissions to systems and data.
Updated: Domains to add to the firewall and proxy server allowlist to support forensic evidence capture storage.
Updated: Clarification that only Power Automate flows created within the default environment are supported for use with insider risk management.
Microsoft Priva
New: What's new in Microsoft Priva is the new destination for learning about updates to Microsoft Priva solutions, features, and documentation. Moving forward, all Priva updates will be found on What's new in Microsoft Priva instead of the What's new in Microsoft Purview article.
In preview: Four new Priva solutions are available for customers in seven regions, with more regions to come. Get details about how to get started using the new Priva solutions.
In preview: Learn about the new Microsoft Priva portal, a unified experience for using the preview and generally available Priva solutions.
Microsoft Purview portal
- In preview: A new related portal feature is now available in the Microsoft Purview portal.
- In preview: A new help and support experience is now available in the Microsoft Purview portal.
Sensitivity labels
- General availability (GA): Now rolling out, Office documents that are labeled and encrypted can be tracked and revoked by end users in their Office apps on Windows, as a parity feature for the AIP add-in.
- In preview: The Microsoft Purview Information Protection client is released in preview, and replaces the Azure Information Protection (AIP) unified labeling client. For more information, see the following resources:
- Improvements to Microsoft Copilot for Microsoft 365: Copilot in Word can now generate draft content from labeled and encrypted files for supported configurations.
- Retired: Because the AIP add-in for Office apps is now retired, migration instructions and other references to the AIP add-in have been removed throughout from the documentation. If you previously used an Office Group Policy setting to enable the add-in for Office apps, see Office built-in labeling and the Azure Information Protection client.
March 2024
The Microsoft Purview portal (in preview) is being gradually updated with solutions from the compliance portal. Where relevant, the documentation now includes configuration steps for both portals.
Audit
- Updated: Clarified audit log support for mailbox audit logging.
- Updated: Removed licensing statement for Microsoft Planner, there's no longer an additional licensing requirement for Microsoft Planner.
- Updated: Added audit log activity details for Windows 365 Customer Lockbox.
Communication compliance
- New: Consolidated content page shows how to configure a communication compliance policy to detect for Copilot for Microsoft 365 interactions.
- In preview: New Policy Health tab provides insights into potential issues or optimizations for your communication compliance policies.
- Updated: Period of time required to process Viva Engage chats with and without attachments.
- Updated: Clarifications for:
Data connectors
- In preview: New Sustainability data connector.
Data loss prevention
- New: Outlook on the Web now supports the IP Address v4 and IP Address v6 sensitive information types.
- Updated: Endpoint data loss protection no longer supports Windows 10 20H2 or Windows 10 21H1, as reflected on the following pages:
eDiscovery
- Updated: Clarified how to search for email messages sent or received during a specific time period.
Information barriers
- Updated: Removed statement concerning admin consent for information barriers in Microsoft Teams.
Insider risk management
- In preview: Adaptive protection in insider risk management now supports Microsoft Entra Conditional Access policies in addition to Microsoft Purview data loss prevention (DLP) policies. For example, by using adaptive protection together with Conditional Access, you can:
- Require Minor insider risk level users to acknowledge Terms of Use before using an application.
- Block Medium insider risk level users from accessing certain applications.
- Completely block Elevated insider risk level users from using any applications.
- In preview: Admin units are now supported for insider risk management. Use admin units to scope user permissions to a region or department.
- In preview: Capture forensic evidence clips related to Enhanced Phishing Protection in Microsoft Defender SmartScreen. For example, capture when a user enters the Microsoft password they used to sign into their Windows 11 device on a phishing site or application connecting to a phishing site.
- Updated: New restrictions on who can be added as a contributor to a case and what contributors have permission to do.
- Clarification: Added info related to role-based access controls and how admins can use the inline alert customization setting to allow investigators and analysts to make edits to policy indicators and thresholds.
Sensitivity labels
- General availability (GA): Sensitivity labels for groups & sites have new options to support private teams discoverability and channel sharing controls for invitations to other teams.
February 2024
Communication compliance
- Updated: Create and manage communication compliance policies to clarify that Teams message remediation is not supported if a user reports a message that was sent before they were added to a chat.
Compliance Manager
- Updated the Compliance Manager regulations list with the following recent additions:
- India Digital Personal Data Protection Act
- ISO/IEC 27001:2022
- Microsoft Cloud Security Benchmark v1
- NATO Directive AC/322-D(2021)0032
- NIS2 Directive (EU) 2022/2555 of the European Parliament and of the Council
Data lifecycle management and records management
- General availability (GA): Rolling out, you can now change the retention period of an existing retention label when the retention period is based on when items were labeled.
Insider risk management
Updated: Investigate insider risk management activities to clarify that insider risk management creates a single aggregated alert per user.
Updated: Create and management insider risk management policies to clarify that you must have the Insider Risk Management or the Insider Risk Management Admins role to access policy health.
Sensitivity labels
- General availability (GA): Teams mobile apps now support calendar items for protected meetings.
- In preview: Sensitivity labels for groups & sites have new options rolling out to support private teams discoverability and channel sharing controls for invitations to other teams.
- Rolling out: The Encryption page when you configure a sensitivity label is renamed Access control. There are no changes to the existing settings for encryption.
Service Trust Portal
- Updated reports, whitepapers, and artifacts with a new category of AI Resources.
January 2024
Communication compliance
- In preview: Test conditions when you create or edit a policy before rolling the policy out to the wider organization.
- Updates to note that mail-enabled security groups are now supported.
- Updates to clarify the implication of choosing Inbound as the communication direction for Teams channel communications.
Compliance Manager
- Updated Compliance Manager scoring to clarify how technical and nontechnical improvement actions are scored.
Data loss prevention
The name of the DLP settings control has been changed from "Settings" to "Data loss prevention settings" Configure endpoint data loss prevention settings
Updated content to cover the significant enhancements that have been made to the Advanced customization and Preview for DLP end-user email notification features for SharePoint, OneDrive, and Exchange. You can now:
- Decide whether the matching email messages should be included or excluded in the end-user notification emails.
- Use tokens from the expanded token library.
- Customize the sender's display name, email subject and email body.
- Preview notifications before sending them to end users.
Preview: Support has been added for two new endpoint conditions:
- Document property is
- Document name contains words or phrases
Insider risk management
- In preview: Use real-time analytics recommendations to efficiently adjust the selection of indicators and thresholds of activity occurrence so that you don't have too few or too many policy alerts. If you adjust threshold settings manually, select View impact to display a graph that provides sensitivity analysis for each policy indicator.
Sensitivity labels
- General availability (GA): iOS and Android now also support converting a labeled Office document into a PDF document, inheriting the sensitivity label with any content markings.
December 2023
Audit
- Microsoft 365 Copilot clarification for activities that are logged in the Microsoft 365 audit log.
Communication compliance
- Updated Copilot for Microsoft 365 content to include information about choosing a location and using the new Detect Copilot for Microsoft 365 interactions template.
- In preview: The New pending today column shows the number of policy matches for the current day.
- In preview: Added information on the new content safety classifiers for Teams. These four new classifiers, which are based on large language models, include Hate, Sexual, Violence, and Self-harm.
Data lifecycle management and records management
- In preview: Support for sites using Microsoft 365 Archive. For more information, see How retention works with Microsoft 365 Archive.
- Improvements to auto-apply retention label policies for sensitive information: Rolling out, you can now include or exclude specific Exchange mailboxes when you configure an auto-apply retention label policy for sensitive information. This policy update for both static and adaptive scopes provides parity with the other retention conditions for Exchange mailboxes.
Data loss prevention (DLP)
- Block the sharing of sensitive items via SharePoint and OneDrive in Microsoft 365 with external added.
- Guidance on how to avoid excessive policy-evaluation and check-complete notifications due to classification latency. Sensitive service domain groups.
- Preview [DLP alerts can include Insider Risk Management user risk]Investigate a DLP alert summary contextual information.
- In preview: Endpoint DLP support has been extended to four new conditions:
- Document size equals or is greater than
- Document name matches patterns
- Document couldn't be scanned
- Scanning didn't complete
- Added discussion of halting and non-halting actions in Microsoft Exchange, including a table specifying the halting/non-halting behavior for each supported action.
eDiscovery
- NEAR keyword search operator example correction and clarification on how the distance between terms is defined.
- Content search preview item viewed activity removed from Microsoft 365 audit log for eDiscovery.
- Permission clarification for SAS tokens when exporting documents from a review set.
- Clarification on how to use the eDiscovery RBAC Check test tool.
- Clarification on how to use spaces and the OR operator in eDiscovery searches.
- Example update for the New-ComplianceSecurityFilter cmdlet when filtering content search results.
- Clarification that previews of Teams Video Clips aren't currently supported in eDiscovery.
- Added new information about managing custodian UPNs. If the UPN of a custodian changes after the custodian is added to a case, the custodian information (Title, Manager, Location, etc.) isn't retained and is displayed in the custodian summary pane as No data to show.
- Content retired: The User Data Search case tool has been retired and its functionality has merged with eDiscovery (Standard). You can now use content to search for content to support DSRs all locations supported by eDiscovery (Standard) searches.
- Content retired: The Migrate legacy eDiscovery searches and holds to the Microsoft Purview compliance portal article was retired. The Get-MalboxSearch cmdlet isn't supported in eDiscovery, doesn't return all details older searches.
Exact data match (EDM) sensitive information types (SITs)
- Added support for multi-token matching, which allows you to detect exact data matches in fields that contain more than one string, for instance, when you have an
Address
field containing values such asOne Microsoft Way
or1234 Main Street
.
Insider risk management
- In preview: Added information on new Data share setting that you can use to share user risk severity levels from insider risk management with DLP alerts and Microsoft Defender.
- New triage attributes: Use the new attributes when filtering alerts on the Alert dashboard.
- Updated adaptive protection article to include info on how insider risk level is assigned if a user is in scope for multiple policies.
Microsoft Copilot for Microsoft 365
- Short video added to the Copilot protection with sensitivity label inheritance documentation, which demos how drafting with Word can update the default sensitivity label after referencing a file with a higher priority label.
Sensitivity labels
- General availability (GA): Outlook Mobile now supports calendar items for protected meetings.
- Improvements for Office on the web for labeled and encrypted documents: When screen captures are prevented for labeled and encrypted documents by not granting the user the Copy usage right, the previous exceptions for relabeling scenarios no longer apply for Office on the web. Now, the behavior matches the desktop apps.
November 2023
Announced at Microsoft Ignite
The following new Microsoft Purview capabilities are announced at Microsoft Ignite:
- Support for Microsoft Copilot: Microsoft Purview strengthens your data security and compliance for Microsoft Copilot for Microsoft 365.
- In preview: The Microsoft Purview portal has a new look and capabilities to help you govern and protect your data, wherever it lives.
Communication compliance
- General availability (GA): Support for Microsoft Copilot for Microsoft 365.
- Report this conversation for Viva Engage: Communication compliance now has a Report conversations option for Viva Engage.
- Conversation view: You can now load up to 20 messages before and after a message, and download a conversation.
Data lifecycle management and records management
- General availability (GA): You can programmatically apply and manage retention labels for SharePoint and OneDrive by using Microsoft Graph API to lock and unlock records, set retention labels, remove retention labels, and get metadata for retention labels.
- General availability (GA): Microsoft Copilot interactions can be retained or deleted with a retention policy for Teams chats and Copilot interactions.
- General availability (GA): The versions of files referenced in an interaction for Microsoft Copilot can be retained as a cloud attachment with an auto-apply retention label policy.
- New guidance: Learn about retention for Microsoft Copilot for Microsoft 365.
Data Loss Prevention
In preview: Simulation mode for Microsoft Purview Data Loss Prevention (DLP) policies replaces the Test and Test with policy tips policy states. When a policy is in simulation mode, it's run as if it were being enforced, without any actual enforcement.
In preview: Links to advanced hunting are available for DLP alerts in Microsoft Defender XDR.
In preview: Addition filters for data loss prevention alerts in the Defender portal.
- In preview: Enhanced customization of email notifications to end users for Microsoft 365 services. We've added multiple tokens, and enhanced editing experience and email preview.
In preview: Microsoft managed storage for DLP evidence. When saving evidence of the matches detected by your DLP policies, you can now use Azure blob storage managed by Microsoft as an alternative to creating an Azure blob that you manage yourself.
General availability (GA): Optical character recognition (OCR) scanning enables Microsoft Purview to scan content in images for sensitive information.
Information protection
- New graphic added to Consider a phased deployment to conceptually illustrate a phased deployment of sensitivity labels and DLP policies that become more integrated, and with more restrictive controls.
Insider risk management
- Updated the maximum number of policies available for any template from five to twenty.
- For custom indicators, clarified the waiting period required before uploading data after custom indicators and associated policies have been updated.
Microsoft Priva
- In preview: Identify duplicates, apply actions once to all duplicate items, and filter duplicates from view when reviewing data for a subject rights request.
Sensitivity labels
- General availability (GA): Sensitivity labels are recognized and used by Copilot for Microsoft 365 to provide an extra layer of protection for your organization's data.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for