What's new in Microsoft Purview

Whether it's adding new solutions to the Microsoft Purview governance or compliance portals, updating existing features based on your feedback, or rolling out fresh and updated documentation, Microsoft Purview helps you stay on top of the ever-changing data governance and risk and compliance areas. Take a look at the following information to see what's new in Microsoft Purview.

August 2024

AI Hub

• Improvements to permissions: You can use the Microsoft Purview Security Reader role for read-only access to the Microsoft Purview AI Hub. For more information, and a comparison breakdown of permissions by activities, see the new article, Permissions for Microsoft Purview AI Hub.

July 2024

AI Hub

• Improvements to permissions: You can now also use the Microsoft Purview Compliance Administrator role to access the Microsoft Purview AI Hub.

Audit

• Updated: Clarified the CreationTime property meaning.
• Updated: Documented that SearchQueryInitiated events are now included in Audit (Standard).

Compliance Manager

• Updated: Clarified settings for automatic testing of improvement actions to specify that Compliance Manager Administrators can turn on or off automatic testing for all improvement actions, not just on a per-action basis.

Data connectors

• Retired: All Veritas data connectors in Microsoft Purview were retired in June 2024. Non-Veritas data connectors in your organization aren't affected by this change. Contact your Veritas account representative if you have questions about Veritas archiving services.

eDiscovery

• In preview: Use the new eDiscovery (preview) solution in the Microsoft Purview portal to identify, review, and manage content in Microsoft 365 services to support your investigations. The new experience supports most of the features and capabilities from the previous experience, with more features being added over the coming months.
• Updates: New scenarios added for the Invoke-ComplianceSecurityFilterAction cmdlet for compliance boundaries.

Microsoft Purview portal

• Updated: The global search feature now supports the new User category in the Microsoft Purview portal.

Sensitivity labels

• In preview: New privacy control for Office apps that prevents sending labeled content to some connected experiences for analysis. This setting impacts services such as data loss prevention, automatic and recommended labeling, and Microsoft Copilot for Microsoft 365.
• In preview: Dynamic watermarks to deter leakage of labeled and encrypted documents by rendering over the document the reader's email address or other identifying information. Unlike standard content markings, dynamic watermarks can't be changed or removed by the user.
• In preview: Rolling out, the condition builder to create search queries in eDiscovery from the Microsoft Purview portal supports sensitivity labels. For example, as part of your eDiscovery case, restrict content to files and emails that have a Highly Confidential sensitivity label. Or conversely, exclude content to files and emails that have a Public sensitivity label.
• Improvements to Microsoft Copilot for Microsoft 365: Outlook for iOS and Outlook for Android join the platforms that support Copilot in Outlook for encrypted items.

June 2024

Communication compliance

• New article: Configure conditions for key scenarios. Use the screenshots in this article as models to quickly configure policy conditions for your own scenarios.
• Scheduled reports: If you need to recreate the same report regularly, you can now schedule report creation.

Data lifecycle management and records management

• Change for Teams meetings: Now that Microsoft Teams supports meetings that have transcripts without recordings, these transcripts are also identified with the same query that identifies recordings and accompanying transcripts.

Insider risk management

• New article: See the Best practices for managing your alert volume article to tune your alert volume if you have too many or too few alerts.
• In preview: With the new policy deletion enhancements, you have the choice to delete associated alerts and users when you delete a policy. This is useful if you have created a policy for testing purposes.
• Updated: Clarified that detection groups can be used with the Global exclusions setting as well as with variants of built-in indicators.
• Updated: Clarified that admins restricted by admin groups can't access alerts for users assigned to them through security groups or distribution groups and recommendations for adding users directly to admin groups.

Sensitivity labels

• General Availability (GA): New privacy control for Office apps that prevents sending labeled content to some connected experiences for analysis. This setting impacts services such as data loss prevention, automatic and recommended labeling, and Microsoft Copilot for Microsoft 365.
• Improvements to Microsoft Copilot for Microsoft 365: Copilot in Outlook now supports encrypted items for Outlook for Mac, Outlook on the web, and the New Outlook for Windows.
• Improvements to auto-labeling: The maximum number of automatically labeled files in your tenant per day is increased from 25,000 to 100,000 and the number of matched files that simulation supports is increased from 1,000,000 to 4,000,000.
• New: Additional column, "New Outlook for Windows" is now included in the capabilities table for Outlook.

Data governance private endpoints

• New: Enterprise data governance resources can now use platform private endpoints to secure access to the Microsoft Purview Data Catalog and Data Map, and secure data traffic between Microsoft Purview and your private networks.

May 2024

AI Hub

• In preview: Microsoft Purview AI Hub provides easy to use graphical tools and reports to quickly gain insights into AI use within your organization. Not just for Microsoft Copilot, but also third-party LLMs. One-click policies help you protect your data and comply with regulatory requirements. For more information, see Microsoft Purview AI Hub provides insights, policies, and controls for AI apps.

Communication compliance

• General Availability (GA): Summarize a message using Microsoft Copilot for Security in Microsoft Purview.
• In preview: Use the new communication compliance indicators in insider risk management to integrate communication compliance with insider risk management.
• In preview: Use admin units to scope users to a region or department.
• In preview: Use the new condition builder to combine multiple conditions in the same policy. Create compound conditions with AND, OR, and NOT operators. See a list of scenarios that use the new condition builder.
• In preview: Use the new Cross-policy resolution setting to resolve all instances of the same policy match in any policy where it's detected.
• Updated: Clarified that policies appearing in the policy list with the "AI-hub" prefix are created in the AI Hub, not in communication compliance.
• Updated: Added Outlook Copilot and Stream Copilot to the list of Copilot apps supported by communication compliance.
• Updated: Clarified that when migrating between Microsoft 365 US Government Cloud and the commercial cloud, active cases, and alerts won't be migrated.

Compliance Manager

• Updated: There are four new AI regulatory templates to help organizations assess, implement, and strengthen their compliance against AI regulations, including the EU Artificial Intelligence Act, ISO/IEC 23894:2023, ISO/IEC 42001, and NIST AI RMF.

Data lifecycle management and records management

• In preview: Adaptive protection for content in SharePoint, OneDrive, and Exchange. An auto-labeling retention policy for these locations is automatically created when you use adaptive protection with insider risk management. For more information, see Dynamically mitigate the risk of accidental or malicious deletes. You might need to opt in to this new capability:
  • If adaptive protection was turned on before this data lifecycle management preview release, you must manually enable the auto-labeling retention policy.
  • If you turn on adaptive protection after this data lifecycle management preview release, the auto-labeling retention policy is automatically turned on for you.

Information protection scanner

• General availability (GA): A new scanner version from the Microsoft Purview Information Protection client is generally available and procedural information is updated to use the new PowerShell module. When you upgrade from the Azure Information Protection client, it's important to follow the upgrade instructions because service names and other components are renamed.

Insider risk management

• General Availability (GA): Adaptive protection in insider risk management when used with Microsoft Purview Data Loss Prevention.
• In preview: Adaptive protection in insider risk management extended to Microsoft Purview Data Lifecycle Management. The data lifecycle management policy that's automatically created detects for users that are assigned an Elevated risk level. When a risky user deletes any content from SharePoint, OneDrive, or Exchange Online, the contents are automatically preserved for 120 days.
• General Availability (GA): Summarize an alert using Microsoft Copilot for Security in Microsoft Purview.
• In preview: You can now use adaptive scopes with insider risk management policies. Learn about the advantages of adaptive scopes and how they work with admin units
• In preview: Exclude users or groups from an insider risk management policy.
• In preview: Use the new Global exclusions setting to configure exclusions for your policies. Exclusions settings (domains, email signature attachments, file paths, file types, keywords, sensitive info types, SharePoint sites, and trainable classifiers) have been moved from the Intelligent detections setting to this new setting.
• In preview: Insider risk management now uses the Free public domains domain group to automatically create email insights for exfiltration of business data to personal email and email to self.
• In preview: Use the new communication compliance indicators in insider risk management to integrate communication compliance with insider risk management.
• In preview: Use the new Microsoft Fabric indicators to detect for techniques used to figure out the environment and to gather data of interest.
• In preview: Data sharing setting now extends insider risk severity to the Microsoft Defender XDR User's page.
• Updated: Clarified that when migrating between Microsoft 365 US Government Cloud and the commercial cloud, active cases, and alerts won't be migrated.
• Updated: Clarified that when assigning an alert, if you're using a custom group, you must add the Case management role to the custom group.
• Updated: Clarified that when configuring a physical badging connector, you can't add non-english characters to the JSON file.
• Updated: Clarified that the Users exceeding daily thresholds for indicator graph appears now even if you select the Get alerts only for activity that includes priority content option in the Content to prioritize page. This was a previous limitation for the graph.

Sensitivity labels

• General availability (GA): The Microsoft Purview Information Protection client is generally available, and replaces the Azure Information Protection (AIP) unified labeling client. For more information, see the following resources:
  • Extend sensitivity labeling on Windows
  • Microsoft Purview Information Protection client - Release management and supportability
• In preview: Double Key Encryption (DKE) is now in preview for Word, Excel, and PowerPoint on macOS and iOS.
• In preview: Rolling out, sensitivity labels for protected meetings now extend the option for who can record to who can record and transcribe.
• Improvements to Microsoft Copilot for Microsoft 365: Copilot in PowerPoint can now create a presentation from a labeled and encrypted file for supported configurations.

April 2024

The Microsoft Purview portal (in preview) is being gradually updated with solutions from the compliance portal. Where relevant, the documentation now includes configuration steps for both portals.

Audit

• Updated: Clarified search tips for Exchange admin activities in the audit log.

Communication compliance

• In preview: Summarize a message by using Microsoft Copilot in Microsoft Purview (preview).
• Updated: Clarified why a generic error message might appear when summarizing a message with Copilot in Microsoft Purview.
• Updated: Clarified roles required to investigate Copilot for Microsoft 365 interactions and how you can remediate policy matches for Copilot interactions in the same way that you remediate other policy matches in communication compliance.
• In preview: Create a custom tag when you need more flexibility than the standard tags provide.
• Updated: Added new table that describes possible values for the Sentiment column when prioritizing messages.

Compliance Manager

• Updated Working with connectors in Compliance Manager to reflect the availability of a new connector for Corporate Sustainability.

Copilot for Security

• New: Microsoft Copilot for Security in Microsoft Purview
• New: Microsoft Copilot in Microsoft Purview prompts and promptbooks

Data catalog

• In preview: New data catalog experience
• In preview: Business domains
• In preview: Data products
• In preview: Glossary terms
• In preview: OKRs
• In preview: Data quality
• In preview: New data estate health controls

Data lifecycle management and records management

• Improvements to SharePoint and OneDrive retention: For these services, you can now delete a folder that's subject to retention, even if it contains files.

Data loss prevention

• In preview: Learn about DLP the toolsets you can use to investigate DLP alerts (preview) for Microsoft Copilot in Microsoft Purview.
• In preview: Get started with the DLP alert dashboard (preview)

eDiscovery

• In preview: Summarize an item by using Microsoft Copilot for Security (preview)
• Updated: Clarified steps in the recommended script to correctly output a list of OneDrive sites in targeted collections.
• Updated: Updated application and service data sources for Copilot data.
• Updated: Updated content to reflect the retirement of the Search-Mailbox cmdlet.
• Updated: Clarified non-support for purge or search for Teams Connect Chat (External access or Federation).
• Updated: Documented the Export role for downloads from review sets.
• Updated: Clarified the differences in datacenter locations used to store data in the Canada for eDiscovery (Standard) and eDiscovery (Premium).

Information protection scanner

• In preview: A new scanner version from the Microsoft Purview Information Protection client, now in preview. When you upgrade from the Azure Information Protection client, it's important to follow the upgrade instructions because service names and other components are renamed.

Insider risk management

• In preview: Use the Copilot button to summarize an alert, updated for Copilot in Microsoft Purview.

• In preview: Configure sharing of user risk severity levels with Microsoft Defender and DLP alerts, updated for Copilot in Microsoft Purview.

• In preview: What happens when you share insider risk management user risk severity levels in DLP alerts?, updated for Copilot in Microsoft Purview.

• In preview: Use the new cloud storage indicators (Google Drive, Box, and Dropbox) to detect for techniques used to determine the environment, gather and steal data, and disrupt the availability or compromise the integrity of a system.

  Use the new cloud service indicators (Amazon S3 and Azure) to detect for techniques used to: avoid detection or risky activities by disabling trace logs or by updating or deleting SQL Server firewall rules; steal data, such as sensitive documents; disrupt the availability or compromise the integrity of a system; gain higher-level permissions to systems and data.

• Updated: Domains to add to the firewall and proxy server allowlist to support forensic evidence capture storage.

• Updated: Clarification that only Power Automate flows created within the default environment are supported for use with insider risk management.

Microsoft Priva

• New: What's new in Microsoft Priva is the new destination for learning about updates to Microsoft Priva solutions, features, and documentation. Moving forward, all Priva updates will be found on What's new in Microsoft Priva instead of the What's new in Microsoft Purview article.

• In preview: Four new Priva solutions are available for customers in seven regions, with more regions to come. Get details about how to get started using the new Priva solutions.

  • Consent management (preview)
  • Privacy assessments (preview)
  • Subject rights requests for data beyond Microsoft 365 (preview)
  • Tracker scanning (preview)

• In preview: Learn about the new Microsoft Priva portal, a unified experience for using the preview and generally available Priva solutions.

Microsoft Purview portal

• In preview: A new related portal feature is now available in the Microsoft Purview portal.
• In preview: A new help and support experience is now available in the Microsoft Purview portal.

Sensitivity labels

• General availability (GA): Now rolling out, Office documents that are labeled and encrypted can be tracked and revoked by end users in their Office apps on Windows, as a parity feature for the AIP add-in.
• In preview: The Microsoft Purview Information Protection client is released in preview, and replaces the Azure Information Protection (AIP) unified labeling client. For more information, see the following resources:
  • Extend sensitivity labeling on Windows
  • Microsoft Purview Information Protection client - Release management and supportability
• Improvements to Microsoft Copilot for Microsoft 365: Copilot in Word can now generate draft content from labeled and encrypted files for supported configurations.
• Retired: Because the AIP add-in for Office apps is now retired, migration instructions and other references to the AIP add-in have been removed throughout from the documentation. If you previously used an Office Group Policy setting to enable the add-in for Office apps, see Office built-in labeling and the Azure Information Protection client.

March 2024

The Microsoft Purview portal (in preview) is being gradually updated with solutions from the compliance portal. Where relevant, the documentation now includes configuration steps for both portals.

Audit

• Updated: Clarified audit log support for mailbox audit logging.
• Updated: Removed licensing statement for Microsoft Planner, there's no longer an additional licensing requirement for Microsoft Planner.
• Updated: Added audit log activity details for Windows 365 Customer Lockbox.

Communication compliance

• New: Consolidated content page shows how to configure a communication compliance policy to detect for Copilot for Microsoft 365 interactions.
• In preview: New Policy Health tab provides insights into potential issues or optimizations for your communication compliance policies.
• Updated: Period of time required to process Viva Engage chats with and without attachments.
• Updated: Clarifications for:
  • The amount of time to detect content from third-party channels.
  • BCC fields aren't supported for messages.

Data connectors

• In preview: New Sustainability data connector.

Data loss prevention

• New: Outlook on the Web now supports the IP Address v4 and IP Address v6 sensitive information types.
• Updated: Endpoint data loss protection no longer supports Windows 10 20H2 or Windows 10 21H1, as reflected on the following pages:
  • Learn about Endpoint data loss prevention
  • Onboard Windows devices into Microsoft 365 overview
  • Endpoint DLP Windows 10/11 and macOS settings

eDiscovery

• Updated: Clarified how to search for email messages sent or received during a specific time period.

Information barriers

• Updated: Removed statement concerning admin consent for information barriers in Microsoft Teams.

Insider risk management

• In preview: Adaptive protection in insider risk management now supports Microsoft Entra Conditional Access policies in addition to Microsoft Purview data loss prevention (DLP) policies. For example, by using adaptive protection together with Conditional Access, you can:
  • Require Minor insider risk level users to acknowledge Terms of Use before using an application.
  • Block Medium insider risk level users from accessing certain applications.
  • Completely block Elevated insider risk level users from using any applications.
• In preview: Admin units are now supported for insider risk management. Use admin units to scope user permissions to a region or department.
• In preview: Capture forensic evidence clips related to Enhanced Phishing Protection in Microsoft Defender SmartScreen. For example, capture when a user enters the Microsoft password they used to sign into their Windows 11 device on a phishing site or application connecting to a phishing site.
• Updated: New restrictions on who can be added as a contributor to a case and what contributors have permission to do.
• Clarification: Added info related to role-based access controls and how admins can use the inline alert customization setting to allow investigators and analysts to make edits to policy indicators and thresholds.

Sensitivity labels

• General availability (GA): Sensitivity labels for groups and sites have new options to support private teams discoverability and channel sharing controls for invitations to other teams.

February 2024

Communication compliance

• Updated: Create and manage communication compliance policies to clarify that Teams message remediation isn't supported if a user reports a message that was sent before they were added to a chat.

Compliance Manager

• Updated the Compliance Manager regulations list with the following recent additions:
  • India Digital Personal Data Protection Act
  • ISO/IEC 27001:2022
  • Microsoft Cloud Security Benchmark v1
  • NATO Directive AC/322-D(2021)0032
  • NIS2 Directive (EU) 2022/2555 of the European Parliament and of the Council

Data lifecycle management and records management

• General availability (GA): Rolling out, you can now change the retention period of an existing retention label when the retention period is based on when items were labeled.

Insider risk management

• Updated: Investigate insider risk management activities to clarify that insider risk management creates a single aggregated alert per user.

• Updated: Create and management insider risk management policies to clarify that you must have the Insider Risk Management or the Insider Risk Management Admins role to access policy health.

Sensitivity labels

• General availability (GA): Teams mobile apps now support calendar items for protected meetings.
• In preview: Sensitivity labels for groups and sites have new options rolling out to support private teams discoverability and channel sharing controls for invitations to other teams.
• Rolling out: The Encryption page when you configure a sensitivity label is renamed Access control. There are no changes to the existing settings for encryption.

Service Trust Portal

• Updated reports, whitepapers, and artifacts with a new category of AI Resources.