Forum Discussion

Abutalhakhan's avatar
Abutalhakhan
Copper Contributor
Jan 21, 2026

Microsoft Purview - Endpoint Data Discovery

Hi all, 

I wanted to understand Microsoft Purview’s capabilities around data discovery on Windows endpoints, specifically in a legacy data scenario.

Use case:
We have data residing on Windows machines/endpoints that is:

  • Legacy in nature
  • Not being actively moved, migrated, or modified
  • Sitting at rest on local disks (user endpoints)

Questions:

  1. Can Microsoft Purview perform data discovery or classification on such endpoint‑resident data?
  2. Does Purview support scanning or discovering data on Windows endpoints at rest, without requiring the data to be uploaded, migrated, or modified?
  3. If not directly, are there any supported approaches or workarounds (e.g., via integrations with Microsoft Defender for Endpoint, Information Protection scanners, or other Purview components) to achieve this?
  4. What are the current limitations of Purview when it comes to endpoint-based data discovery?

2 Replies

  • Pbv85's avatar
    Pbv85
    MCT
    Mar 26, 2026

    Hi Abutalhakhan​ 

    Microsoft Purview does not provide comprehensive discovery or classification of data at rest on Windows endpoints.

    Endpoint DLP can classify data utilising sensitivity labels when it is accessed or modified, but Purview does not crawl local endpoint storage to discover idle data.

    I would also like to call the practical approach here on how this can be tackled.   

    The focus should be on the type of data (sensitive vs non sensitive) at users endpoint.  This can be achieved by applying sensitivity label to the content.

    Now to do that you should consider moving the data at endpoints to respective users one drive  which is the easiest and recommended approach.  

    Utilize Microsoft feature that provides Known Folder Move (KFM) to redirect and move key endpoint folders to OneDrive: Desktop, Documents and Pictures (including Screenshots).  IF the endpoints are managed you can utilize a Intune or Group Policy to deploy the Known Folder Move (KFM).  This ensures endpoint data drains to OneDrive without user action, which is critical for security and compliance

     

    If you find the answer useful, please do not forget to like and mark it as a solution 🙂

     

  • Ajeeth_Muthu's avatar
    Ajeeth_Muthu
    Brass Contributor
    Jan 30, 2026
    1. No. Microsoft Purview cannot perform discovery or classification on data at rest on Windows endpoints.
    2. No. Purview does not scan or crawl local disks on endpoints without the data being moved or accessed.
    3. Partial only. Defender for Endpoint and Endpoint DLP can detect and act on data when it is used (opened, copied, shared), not discover it while idle.
    4. Limitation. Purview does not support endpoint-based data discovery; it is limited to cloud and supported scanned data sources.