Empowering organizations with integrated data security: What’s new in Microsoft Purview

Today, data moves across clouds, apps, and devices at an unprecedented speed, often outside the visibility of siloed legacy tools. The rise of autonomous agents, generative AI, and distributed data ecosystems means that traditional perimeter-based security models are no longer sufficient. Even though companies are spending more than $213 billion globally, they still face several persistent security challenges:  

• Fragmented tools don’t integrate together well and leave customers lacking full visibility of their data security risks 

• The growing use of AI in the workplace is creating new data risks for companies to manage 

• The shortage of skilled cybersecurity professionals is making it difficult to accomplish data security objectives  

Microsoft is a global leader in cloud, productivity, and security solutions. Microsoft Purview benefits from this breadth of offerings, integrating seamlessly across Microsoft 365, Azure, Microsoft Fabric, and other Microsoft platforms — while also working in harmony with complementary security tools. Unlike fragmented point solutions, Purview delivers an end-to-end data security platform built into the productivity and collaboration tools organizations already rely on. This deep understanding of data within Microsoft environments, combined with continually improving external data risk detections, allows customers to simplify their security stack, increase visibility, and act on data risks more quickly. At Ignite, we’re introducing the next generation of data security — delivering advanced protection and operational efficiency, so security teams can move at business speed while maintaining control of their data.   

Go beyond visibility into action, across your data estate  

Many customers today lack a comprehensive view of how to holistically address data security risks and properly manage their data security posture. To help customers strengthen data security across their data estate, we are excited to announce the new, enhanced Microsoft Purview Data Security Posture Management (DSPM). This new AI-powered DSPM experience unifies current Purview DSPM and DSPM for AI capabilities to create a central entry point for data security insights and controls, from which organizations can take action to continually improve their data security posture and prioritize risks. The new capabilities in the enhanced DSPM experience are: 

• Outcome-Based workflows: Choose a data security objective and see related metrics, risk patterns, a recommended action plan and its impact - going from insight to action.

• Expanded coverage and remediation on Data Risk Assessments: Conduct item-level analysis with new remediation actions like bulk disabling of overshared SharePoint links. 

• Out-of-box posture reports: Uncover data protection gaps and track security posture improvements with out-of-box reports that provide rich context on label usage, auto-labeling effectiveness, posture drift through label transitions, and DLP policy activities.  

• AI Observability: Surface an organization’s agent inventory with assigned agent risk level and agent posture metrics based on agentic interactions with the organization’s data.   

• New Security Copilot Agent: Accelerate the discovery and analysis of sensitive data to uncover hidden risks across files, emails, and messages. 

• Gain visibility of non-Microsoft data within your data estate: Enable a unified view of data risks by gaining visibility into Salesforce, Snowflake, Google Cloud Platform, and Databricks – available through integrations with external partners via Microsoft Sentinel. 

These DSPM enhancements will be available in Public Preview within the upcoming weeks. Learn more in our blog dedicated to the announcement of the new Microsoft Purview DSPM. 

Together, these innovations reflect a larger shift: data security is no longer about silos—it’s about unified visibility and control everywhere data lives and having a comprehensive understanding of the data estate to detect and prevent data risks. Organizations trust Microsoft for their productivity and security platforms, but their footprint spans across third-party data environments too. That’s why Purview continues to expand protection beyond Microsoft environments. 

In addition to bringing in 3rd party data into DSPM, we are also expanding auto-labeling to three new Data Map sources, adding to the data sources we previously announced. Currently in public preview, the new sources include Snowflake, SQL Server, and Amazon S3. Once connected to Purview, admins gain an “at-a-glance” view of all data sources and can automatically apply sensitivity labels, enforcing consistent security policies without manual effort. This helps organizations discover sensitive information at scale, reduce the risk of data exposure, and ensure safer AI adoption all while simplifying governance through centralized policy management and visibility across their entire data estate. 

Enable AI adoption and prevent data oversharing 

As organizations adopt more autonomous agents, new risks emerge, such as unsupervised data access and creation, cascading agent interactions, and unclear data activity accountability. Besides AI Observability in DSPM providing details on the inventory and risk level of the agents, Purview is expanding its industry-leading data security and compliance capabilities to secure and govern agents that inherit users’ policies and controls, as well as agents that have their own unique IDs, policies, and controls. This includes agent types across Microsoft 365 Copilot, Copilot Studio, Microsoft Foundry, and third-party platforms. Key enhancements include: 

• Extension of Purview Information Protection and Data Loss Prevention policies to autonomous agents: Scope autonomous agents with an Agent ID into Purview policies that work for users across Microsoft 365 apps, including Exchange, SharePoint, and Teams. 

• Microsoft Purview Insider Risk Management for Agents: With dedicated indicators and behavioral analytics to flag specific risky agent activities, enable proactive investigation by assigning risk levels to each agent. 

• Extension of Purview data compliance capabilities to agent interactions: Microsoft Purview Communication Compliance, Data Lifecycle Management, Audit, and eDiscovery extend to agent interactions, supporting responsible use, secure retention, and agentic accountability. 

• Purview SDK embedded in  Agent Framework SDK: Purview SDK embedded in Agent Framework SDK enables developers to integrate enterprise-grade security, compliance, and governance into AI agents. It delivers automatic data classification, prevents sensitive data leaks and oversharing, and provides visibility and control for regulatory compliance, empowering secure adoption of AI agents in complex environments. 

• Purview integration with Foundry: Purview is now enabled within Foundry, allowing Foundry admins to activate Microsoft Purview on their subscription. Once enabled, interaction data from all apps and agents flows into Purview for centralized compliance, governance, and posture management of AI data. 

• Azure AI Search honors Purview labels and policies: Azure AI Search now ingests Microsoft Purview sensitivity labels and enforces corresponding protection policies through built-in indexers (SharePoint, OneLake, Azure Blob, ADLS Gen2). This ensures secure, policy-aligned search over enterprise data, enabling agentic RAG scenarios where only authorized documents are returned or sent to LLMs, preventing oversharing and aligning with enterprise data protection standards. 

• Extension of Purview Data Loss Prevention policies to Copilot Mode in Edge for Business: This week, Microsoft Edge for Business introduced Copilot Mode, transforming the browser into a proactive, agentic partner. This is AI-assisted browsing will honor the user’s existing DLP protections, such as endpoint DLP policies that prevent pasting to sensitive service domains, or summarizing sensitive page content. 

A risk score will be assigned to each agent based on dedicated Insider Risk Management indicators and behavioral analytics to flag potentially risky activity.

Learn more in our blog dedicated to the announcements of Microsoft Purview for Agents.  

New capabilities in Microsoft Purview, now in public preview, to help prevent data oversharing and leakage through AI include: 

• Expansion of Microsoft Purview Data Loss Prevention (DLP) for Microsoft 365 Copilot: Previously, we introduced DLP for Microsoft 365 Copilot to prevent labeled files & emails from being used as grounding data for responses, therefore reducing the risk of oversharing. Today, we are expanding DLP for Microsoft 365 Copilot to safeguard prompts containing sensitive data. This real-time control helps organizations mitigate data leakage and oversharing risks by preventing Microsoft 365 Copilot, Copilot Chat, and Microsoft 365 Copilot agents from returning a response when prompts contain sensitive data or using that sensitive data for grounding in Microsoft 365 or the web. For example, if a user searches, “Can you tell me more about my customer based on their address: 1234 Main Street,” Copilot will both inform the user that organizational policies prevent it from responding to their prompt, as well as block any web queries to Bing for “1234 Main Street.” 

• Enhancements to inline data protection in Edge for Business: Earlier this year, we introduced inline data protection in Edge for Business to prevent sensitive data from being leaked to unmanaged consumer AI apps, starting with ChatGPT, Google Gemini, and DeepSeek. We are not only making this capability generally available for the initial set of AI apps, but also expanding the capability to 30+ new apps in public preview and supporting file upload activity in addition to text. This addresses potential data leakage that can occur when employees send organizational files or data to consumer AI apps for help with work-related tasks, such as document creation or code reviews. 

• Inline data protection for the network: For user activity outside of the browser, we are also enabling inline data protection at the network layer. Earlier this year, we introduced integrations with supported secure service edge (SSE) providers to detect when sensitive data is shared to unmanaged cloud locations, such as consumer AI apps or personal cloud storage, even if sharing occurs outside of the Edge browser. In addition to the discovery of sensitive data, these integrations now support protection controls that block sensitive data from leaving a user device and reaching an unmanaged cloud service or application. These capabilities are now generally available through the Netskope and iboss integrations, and inline data discovery is available in public preview through the Palo Alto Networks integration. 

• Extension of Purview protection to on-device AI: Purview DLP policies now extend to the Recall experience in Copilot+ PC devices to prevent sensitive organizational data from being undesirably captured and retained. Admins can now block Recall snapshots based on sensitivity label or the presence of Purview sensitive information types (SITs) in a document open on the device, or simply honor and display the sensitivity labels of content captured in the Recall snapshot library. For example, a DLP policy can be configured to prevent recall from taking snapshots of any documents labeled “Highly Confidential,” or a product design file that contains intellectual property. Learn more in the Windows IT Pro blog. 

Best-in-class data security for Microsoft environments 

Microsoft Purview sets the standard for data security within its own ecosystem. Organizations benefit from unified security policies and seamless compliance controls that are purpose-built for Microsoft environments, ensuring sensitive data remains secure without compromising productivity. We also are constantly investing in expanding protections and controls to Microsoft collaboration tools including SharePoint, Teams, Fabric, Azure and across Microsoft 365. 

• On-demand classification adds meeting transcript coverage and new enhancements: To help organizations protect sensitive data sitting in data-at-rest, on-demand classification now extends to meeting transcripts, enabling the discovery and classification of sensitive information shared in existing recorded meeting transcripts. Once classified, admins can set up DLP or Data Lifecycle Management (DLM) policies to properly protect and retain this data according to organizational policies. This is now generally available, empowering organizations to strengthen data security, streamline compliance, and ensure even sensitive information in data-at-rest is discovered, protected, and governed more effectively. In addition, on-demand classification for endpoints is also generally available, giving organizations even broader coverage across their data estate. 

• New usage posture and consumption reports: We’re introducing new usage posture and consumption reports, now in public preview. Admins can quickly identify compliance gaps, optimize Purview seat assignments, and understand how consumptive features are driving spend. With granular insights by feature, policy, and user type, admins can analyze usage trends, forecast costs, and toggle consumptive features on and off directly, all from a unified dashboard. The result: stronger compliance, easier cost management, and better alignment of Purview investments to your organization’s needs.  

• Enable DLP and Copilot protection with extended SharePoint permissions: Extended SharePoint permissions, now generally available, make it simple to protect and manage files in SharePoint by allowing library owners to apply a default sensitivity label to an entire document library. When this is enabled, the label is dynamically enforced across all unprotected files in the library, both new and existing, within the library. Downloaded files are automatically encrypted, and access is managed based on SharePoint site membership, giving organizations powerful, scalable access control. With extended SharePoint permissions, teams can consistently apply labels at scale, automate DLP policy enforcement, and confidently deploy Copilot, all without the need for manually labeling files. Whether for internal teams, external partners, or any group where permissions need to be tightly controlled, extended SharePoint permissions streamline protection and compliance in SharePoint.   

• Network file filtering via Entra GSA integration: We are integrating Purview with Microsoft Entra to enable file filtering at the network layer. These filtering controls help prevent sensitive content from being shared to unauthorized services based on properties such as sensitivity labels or presence of Purview sensitive information types (SITs) within the file. For example, Entra admins can now create a file policy to block files containing credit card numbers from passing through the network. Learn more here. 

• Expanded protection scenarios enabled by Purview endpoint DLP: We are introducing several noteworthy enhancements to Purview endpoint DLP to protect an even broader range of exfiltration or leakage scenarios from organizational devices, without hindering user productivity. These enhancements, initially available on Windows devices, include: 

• • Extending protection to unsaved files: Files no longer need to be saved to disk to be protected under a DLP policy. With this improvement, unsaved files will undergo a point-in-time evaluation to detect the presence of sensitive data and apply the appropriate protections. 

• • Expanded support for removable media: Admins can now prevent data exfiltration to broader list of removable media devices, including iPhones, Android devices, and CD-ROMs. 

• • Protection for Outlook attachments downloaded to removable media or network shares: Admins can now prevent exfiltration of email attachments when users attempt to drag and drop them into USB devices, network shares, and other removable media. 

• Expanded capability support for macOS: In addition to the new endpoint DLP protections introduced above, we are also expanding the following capabilities, already available for Windows devices, to devices running on macOS: Expanded file type coverage to 110+ file types, blanket protections for non-Office or PDF file types, addition of “allow” and “off” policy actions, device-based policy scoping to scope policies to specific devices or device groups (or apply exclusions), and integration with Power Automate.  

• Manageability and alert investigation improvements in Purview DLP: Lastly, we are also introducing device manageability and alert investigation improvements in Purview DLP to simplify the day-to-day experience for admins. These improvements include: 

• • Reporting and troubleshooting improvements for devices onboarded to endpoint DLP: We are introducing additional tools for admins to build confidence in their Purview DLP protections for endpoint devices. These enhancements, designed to maximize reliability and enable better troubleshooting of potential issues, include near real-time reporting of policy syncs initiated on devices and policy health insights into devices’ compliance status and readiness to receive policies.  

• • Enhancements to always-on diagnostics: Earlier this year, we introduced always-on diagnostics to automatically collect logs from Windows endpoint devices, eliminating the need to reproduce issues when submitting an investigation request or raising a support ticket. This capability is expanding so that admins now have on-demand access to diagnostic logs from users’ devices without intervening in their operations. This further streamlines the issue resolution process for DLP admins while minimizing end user disruption. 

• Simplified DLP alert investigation, including easier navigation to crucial alert details in just 1 click, and the ability to aggregate alerts originating from a single user for more streamlined investigation and response. For organizations who manage Purview DLP alerts within their broader incident management process in Microsoft Defender, we are pleased to share that alert severities will now be synced between the Purview portal and the Defender portal. 

• Expanding enterprise-grade data security to small and medium businesses (SMBs): Purview is extending its reach beyond large enterprises by introducing a new add-on for Microsoft 365 Business Premium, bringing advanced data security and compliance capabilities to SMBs. The Microsoft Purview suite for Business Premium brings the same enterprise-grade protection, such as sensitivity labeling, data loss prevention, and compliance management, to organizations with up to 300 users. This enables SMBs to operate with the same level of compliance and data security as large enterprises, all within a simplified, cost-effective experience built for smaller teams.   

Stepping into the new era of technology with AI-powered data security 

Globally, there is a shortage of skilled cybersecurity professionals. Simultaneously, the volume of alerts and incidents is ever growing. By infusing AI into data security solutions, admins can scale their impact. By reducing manual workloads, they enhance operational effectiveness and strengthen overall security posture – allowing defenders to stay ahead. In 2025, 82% of organizations have developed plans to use GenAI to fortify their data security programs.  

With its cutting-edge generative AI-powered investigative capabilities, Microsoft Purview Data Security Investigations (DSI) is transforming and scaling how data security admins analyze incident-related data. Since being released into public preview in April, the product has made a big impact with customers like Toyota Motors North America. "Data Security Investigations eliminates manual work, automating investigations in minutes. It’s designed to handle the scale and complexity of large data sets by correlating user activity with data movement, giving analysts a faster, more efficient path to meaningful insights,” said solution architect Dan Garawecki. This Ignite, we are introducing several new capabilities in DSI, including: 

• DSI integration with DSPM: View proactive, summary insights and launch a Data Security Investigation directly from DSPM. This integration brings the full power of DSI analysis to your fingertips, enabling admins to drill into data risks surfaced in DSPM with speed and precision. 

• Enhancements in DSI AI-powered deep content analysis capabilities: Admins can now add context before AI analysis for higher-quality, more efficient investigations. A new AI-powered natural language search function lets admins locate specific files using keywords, metadata, and embeddings. Vector search and content categorization enhancements allow admins to better identify risky assets. Together, these enhancements equip admins with sharper, faster tools for identifying buried data risks – both proactively and reactively. 

• DSI cost transparency report and in-product estimator: To help customers manage pay-as-you-go billing, DSI is adding a new lightweight in-product cost estimator and transparency report.  

We are also expanding Security Copilot in Microsoft Purview with AI-powered capabilities that strengthen both the protection and investigation of sensitive data by introducing the Data Security Posture Agent and Data Security Triage Agent.  

• Data Security Posture Agent: Available in preview, the new Data Security Posture Agent uses LLMs to help admins answer “Is this happening?” across thousands of files—delivering fast, intent-driven discovery and risk profiling, even when explicit keywords are absent. Integrated with Purview DSPM, it surfaces actionable insights and improves compliance, helping teams reduce risk and respond to threats before they escalate. 

• Data Security Triage Agent: Alongside this, the Data Security Triage Agent, now generally available, enables analysts to efficiently triage and remediate the most critical alerts, automating incident response and surfacing the threats that matter most. Together, these agentic capabilities convert high-volume signals into consistent, closed-loop action, accelerate investigations and remediation, reduce policy-violation dwell time, and improve audit readiness, all natively integrated within Microsoft 365 and Purview so security teams can scale outcomes without scaling headcount. 

The Data Security Triage Agent simplifies alert management by automating response workflows and surfacing the highest-priority threats. It also takes action by engaging document owners directly, identifying where sensitive data is exposed and guiding them through the cleanup process.

 To make the agents easily accessible and help teams get started more quickly, we are excited to announce that Security Copilot will be available to all Microsoft 365 E5 customers.    

Rollout starts today for  existing Security Copilot customers with Microsoft 365 E5 and will continue in the upcoming months for all Microsoft 365 E5 customers. Customers will receive advanced notice before activation. Learn more: https://aka.ms/SCP-Ignite25  

Data security that keeps innovating alongside you 

As we look ahead, Microsoft Purview remains focused on empowering organizations with scalable solutions that address the evolving challenges of data security. While we deliver best-in-class security for Microsoft, we recognize that today’s organizations rarely operate in a single cloud, many businesses rely on a diverse mix of platforms to power their operations and innovation. That’s why we have been extending Purview’s capabilities beyond Microsoft environments, helping customers protect data across their entire digital estate. 

In a world where data is the lifeblood of innovation, securing it must be more than a checkbox—it must be a catalyst for progress. As organizations embrace AI, autonomous agents, and increasingly complex digital ecosystems, Microsoft Purview empowers them to move forward with confidence. By unifying visibility, governance, and protection across the entire data estate, Purview transforms security from a fragmented challenge into a strategic advantage. The future of data security isn’t just about defense—it’s about enabling bold, responsible innovation at scale. Let’s build that future together.