What's new in Microsoft Purview risk and compliance solutions

Whether it be adding new solutions to the Microsoft Purview compliance portal, updating existing features based on your feedback, or rolling out fresh and updated documentation, Microsoft 365 helps you stay on top of the ever-changing compliance landscape. Take a look below to see what's new in Microsoft Purview today.

Note

Some compliance features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, try adding yourself to targeted release.

Tip

Interested in what's going on in other admin centers? Check out these articles:

And visit the Microsoft 365 Roadmap to learn about Microsoft 365 features that were launched, are rolling out, are in development, have been cancelled, or previously released.

Tip

If you're not an E5 customer, you can try all the premium features in Microsoft Purview for free. Use the 90-day Purview solutions trial to explore how robust Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.

November 2022

eDiscovery

On-premises scanner

  • General availability (GA): Configuration for the Microsoft Purview Information Protection scanner (formerly named Azure Information Protection unified labeling scanner) in the Microsoft Purview compliance portal. For more information, see Configure & install the information protection scanner.

Sensitivity labels

  • General availability (GA): Trainable classifiers for auto-labeling policies. Trainable classifiers are now available for both auto-labeling for Office apps that use label settings (known as client-side auto-labeling) and auto-labeling policies (known as service-side auto-labeling). As a result, trainable classifiers are removed from the comparison table that lists only the differences between the two auto-labeling methods.

  • The automated email that has the subject Incompatible sensitivity label detected for when there's a labeling mismatch for a site now contains a link to an internal troubleshooting guide that you must specify as a URL with the LabelMismatchEmailHelpLink parameter from Set-SPOTenant.

  • If you need to, you can now disable co-authoring for your tenant by using PowerShell.

October 2022

Audit

  • Audit New Search - users can now run 10 concurrent audit search jobs with a max of one unfiltered search job, and review the progress %, result number, and job status in the UI. Historical search jobs results are now stored for 30 days and can be accessed after completion.)

Communication compliance

  • In preview: New communication compliance integration with insider risk management. Communication compliance can now provide risk signals detected in messages to insider risk management policies. Risky users detected in messages by the communication compliance policy act as a triggering event to bring users into scope for the insider risk management policies.

Data loss prevention

eDiscovery

Insider risk management

  • In preview: Insider risk management introduces forensic evidence, which enables customizable visual activity capturing across devices to help your organization better mitigate, understand, and respond to potential data risks like unauthorized data exfiltration of sensitive data.
  • In preview: Insider risk management integration with communication compliance when using the Data leaks by risky users or Security policy violations by risky users policy templates. Communication compliance can now provide risk signals detected in messages to insider risk management policies.
  • In preview: New inline alert customization allows analysts and investigators to quickly edit policies when reviewing alerts.
  • New priority content scoring updates that allow you to choose whether to assign risk scores to all activities detected by a policy or only activities that include priority content.
  • Security teams are now able to customize a security trigger in the 'data leaks' policy to surface when a user performs a sequence, enabling them to respond to user actions that might be considered riskier.
  • New updates now allow security teams to create policies with sequences without any other required underlying policy indicator selections.

Data lifecycle management and records management

Microsoft Priva

  • In preview: Data transfer policies in Privacy Risk Management now offers additional flexible boundary conditions: detecting transfers based on users' Azure Active Directory attributes, transfers between users in different Microsoft 365 groups, and transfers between SharePoint sites.

On-premises scanner

Sensitivity labels

Trainable classifiers

September 2022

Communication compliance

  • Get started with communication compliance: New updates for recommended actions and accelerated onboarding. Recommended actions can help your organization quickly get started with communication compliance.
  • Investigate and remediate communication compliance alerts: New update for keyword highlighting support for plain text view. Keyword highlighting, which is currently available for English language only, can help direct you to the area of interest in long messages and attachments.
  • Use communication compliance reports and audits: Clarifications on permissions needed to view and manage communication compliance reports. To view and manage reports, users must be assigned to the Communication Compliance Viewers role group.

Compliance Manager

Data Classification

  • Increase classifier accuracy (preview) - This article shows you how to confirm whether items matched by a classifier are true positive (a Match) or a false positive (Not a match) and provide Match, or Not a match feedback. You can use that feedback to tune your classifiers to increase accuracy. You can also send redacted versions of the document and the Match, Not a Match feedback to Microsoft if you want to help increase the accuracy of the classifiers that Microsoft provides.

Data lifecycle management and records management

  • In preview: Retention labels now support running a Power Automate flow at the end of the retention period to support custom actions and integration with other solutions. For more information, see Customize what happens at the end of the retention period.
  • For records management items undergoing disposition review, when you select that item in the Disposition area of the compliance portal, a new Progress column displays the item's status. That status can be "Approved for deletion, 'Awaiting deletion from SharePoint/OneDrive' or 'Awaiting deletion from Exchange', or "Permanently Deleted". When an item is approved for permanent deletion as part of the disposition review process, that deletion can take up to 15 days to complete and this new column helps you to track its progress.
  • The configuration to enable a mailbox for archiving is moving to the new Exchange admin center (EAC) and instructions have been updated accordingly.
  • Currently, trainable classifiers for auto-apply retention labels aren't supported with adaptive scopes. As a workaround, use static scopes for this configuration combination.
  • Instructions to Customize an archive and deletion policy for mailboxes are updated to include only retention tags that that have an outcome that can't be achieved with Microsoft 365 retention.

Data loss prevention

Sensitivity labels

  • PDF support in Word, Excel, and PowerPoint is now available to Windows Current Channel and Monthly Enterprise Channel.
  • Default label for existing documents is now fully rolled out to Mac and Windows in Current Channel and Monthly Enterprise Channel, providing parity with the AIP add-in.
  • In preview: The new sensitivity bar and support for label colors in Office apps, providing parity with the AIP add-in with additional functionality.
  • In preview: S/MIME support for Windows, providing parity with the AIP add-in. Support for Mac and mobile is now fully rolled out.
  • In preview: Trainable classifiers for auto-labeling policies (all workloads).

Trainable classifiers

  • Trainable classifiers definitions - more than 20 new classifiers have been added, so the definitions for all trainable classifiers have been broken out into this new article.

August 2022

Compliance Manager

Compliance offerings & service assurance

  • Microsoft 365 change management - new assurance topic that covers code and non-code changes to Microsoft services.
  • Japan CS Gold Mark offering topic - retired, certification not renewed.

Data lifecycle management and records management

  • Exchange (legacy) configuration is moving from the Classic Exchange admin center (EAC) to the Microsoft Purview compliance portal, under Data lifecycle management. Existing data lifecycle management features are located under a new subnode, Microsoft 365.
  • For cloud attachments (currently rolling out in preview), automatic and temporary retention of deleted files in the Preservation Hold library to safeguard against the original file being deleted by users before the copy can be created and labeled. For more information, see How retention works with cloud attachments.

Data loss prevention

Insider risk management

Microsoft Priva

Sensitive Information Types

Sensitivity labels

  • Generally available (GA) and no longer need to opt in: Mobile devices (iOS and Android, with minimal versions) support co-authoring for files encrypted with sensitivity labels.
  • GA with Current Channel 2208+ for Word, Excel, PowerPoint on Windows: Support for PDF. Support for Outlook to block print to PDF when required, is rolling out to Beta Channel.
  • Rolling out to GA with Current Channel 2208+ for Windows, and 16.63+ for macOS: Default label for existing documents.
  • In preview: Trainable classifiers for auto-labeling policies.
  • Guidance how to configure Azure AD for encrypted content, which includes information about External Identities cross-tenant access settings, Conditional Access policies, and guest accounts.

July 2022

Compliance Manager

Compliance offerings & service assurance

Data lifecycle management and records management

Data Loss Prevention

  • DLP policy reference - added new section on Blocking and notifications in SharePoint Online, and OneDrive for Business in response to customer escalations. Updated to support the public preview of sensitive services domains. Updated support for Power BI. Updated support for trainable classifiers.
  • Configure endpoint DLP settings - added new content in support of the public preview release of sensitive service domains public preview. Updated URL matching behavior.
  • Using endpoint DLP - new scenario content in support of the public preview release of sensitive services domains. Updated subscription information.

eDiscovery

Sensitive information types

  • Sensitive information type entity definitions - We added 41 new SIT entity definitions in support of the 41 new credential scanning SITs. SIT entity definitions content was completely reworked from a single monolithic article into more easily referenceable and supportable individual articles. There are now 303 articles in total including the 42 new credential scanning SITs.

Sensitivity labels

June 2022

Compliance Manager

Data Loss Prevention

  • Numerous page updates for Microsoft Purview branded screenshots.

Data lifecycle management and records management

Microsoft Priva

  • Subject Rights Requests - significant updates, and restructuring of SRR content to better assist users through each progress step; details below.
    • Learn about Priva Subject Rights Requests - clearer articulation of customer value prop and general outline of the SRR process.
    • Understand the workflow and details pages - articulates the steps in completing a request, indicating manual vs. automatic progression, and linking off to detailed content; a section explains how to interpret and work with a request's details page, including the new "History" tab.
    • Create a request and define search settings - new framing with subheads explaining there are now two ways to create a request: via a custom method using a guided process, and via the new feature of using a template, whose search parameters aim to retrieve the most relevant content for the situation.
    • Data estimate and retrieval - explains why some requests pause at the data estimate stage and how to adjust the search as a result; also explains how to set a request to pause first before automatically progressing to data retrieval.
    • Review data for a subject rights request - new import file features allows users to bring files from non-Microsoft 365 locations, or files otherwise not picked up by the search, into the Data collected tab.
    • Generate reports and close requests - clarifies when final data packages are generated and what types of files they include.
    • Integrate and extend through Microsoft Graph API and Power Automate - revised the title of this previous Power Automate page and expanded page content to include Graph API content and reference links that previously lived on another page.

Sensitive Information Types

Sensitivity labels

  • In preview: PDF support for Office apps, which includes converting documents to PDF format, inheriting the label with any visual markings and encryption. Print to PDF isn't supported, and this option becomes unavailable for users if their label policy is configured for mandatory labeling.
  • In preview: The dialog box that users see when their label policy is configured to require justification to remove or downgrade a label is updated to warn users that their typed response should not include sensitive data. The screenshot in the What label policies can do section shows this updated dialog box that will make its way into the Office deployment channels for production use.
  • In preview: Support for Outlook to apply S/MIME protection is just starting to roll out across client platforms.
  • For auto-labeling policies, a new setting that can automatically turn on the policy if not edited within a set number of days.

Trainable Classifiers

Changes to product names

To meet the challenges of today's decentralized, data-rich workplace, we're introducing Microsoft Purview, a comprehensive set of solutions which helps you understand, govern, and protect your entire data estate. This new brand family combines the capabilities of the former Microsoft Purview Data Map and the Microsoft 365 compliance portfolio that customers already rely on, providing unified data governance and risk management for your organization.

Former Name New Name Description
Microsoft 365 Advanced Audit

Microsoft 365 Basic Audit
Microsoft Purview Audit (Premium)

Microsoft Purview Audit (Standard)
Auditing solutions provide an integrated solution to help organizations effectively respond to security events, forensic investigations, internal investigations, and compliance obligations. To learn more, see Microsoft Purview Advanced Audit (Premium) and Microsoft Purview Advanced Audit (Standard).
Microsoft 365 Communication Compliance Microsoft Purview Communication Compliance Communication Compliance helps minimize risks by helping you quickly detect, capture, and take remediation actions for company communication channels and policy violations. To learn more, see Microsoft Purview Communication Compliance.
Microsoft Compliance Manager Microsoft Purview Compliance Manager Compliance Manager can help you throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors. To learn more, see Microsoft Purview Compliance Manager.
Microsoft 365 Customer Key Microsoft Purview Customer Key Customer Key provides extra protection against viewing of data by unauthorized systems or personnel, and complements BitLocker disk encryption in Microsoft data centers. To learn more, see Microsoft Purview Customer Key.
Office 365 Customer Lockbox Microsoft Purview Customer Lockbox Customer Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval. Customer Lockbox brings you into the approval workflow process that Microsoft uses to ensure only authorized requests allow access to your content. To learn more, see Microsoft Purview Customer Lockbox.
Data Loss Prevention Microsoft Purview Data Loss Prevention DLP helps protect sensitive data and reduce risk by preventing users from inappropriately sharing that data with people who shouldn't have it. To learn more, see Microsoft Purview Data Loss Prevention.
Double Key Encryption for Microsoft 365 Microsoft Purview Double Key Encryption Double Key Encryption (DKE) uses two keys together to access protected content. Microsoft stores one key in Microsoft Azure, and you hold the other key. To learn more, see Microsoft Purview Double Key Encryption
Microsoft 365 Information Barriers Microsoft Purview Information Barriers Information Barriers is a solution which restricts communication and collaboration between certain people inside your organization to safeguard internal information. To learn more, see Microsoft Purview Information Barriers.
Microsoft Information Protection Microsoft Purview Information Protection Information protection helps you discover, classify, and protect sensitive information wherever it lives or travels. To learn more, see Microsoft Purview Information Protection.
Microsoft Information Governance Microsoft Purview Data Lifecycle Management Data lifecycle management provides you with tools and capabilities to retain the content that you need to keep and delete the content that you don't. To learn more, see Microsoft Purview Data Lifecycle Management.
Microsoft 365 Insider Risk Management Microsoft Purview Insider Risk Management Insider risk management uses the full breadth of service and 3rd-party indicators to help you quickly identify, triage, and act on risky user activity. To learn more, see Microsoft Purview Insider Risk Management.
Office 365 Message Encryption Microsoft Purview Message Encryption With Message Encryption, your organization can send and receive encrypted email messages between people inside and outside your organization. To learn more, see Microsoft Purview Message Encryption.
Privileged Access Management in Microsoft 365 Microsoft Purview Privileged Access Management Privileged Access Management helps protect your organization from breaches and helps to meet compliance best practices by limiting standing access to sensitive data or access to critical configuration settings. To learn more, see Microsoft Purview Privileged Access Management.
Microsoft data connectors Microsoft Purview data connectors Microsoft 365 lets administrators use data connectors to import and archive non-Microsoft, third-party data from social media platforms, instant messaging platforms, and document collaboration platforms, to mailboxes in your Microsoft 365 organization. To learn more, see Microsoft Purview data connectors.
Microsoft 365 Advanced eDiscovery

Microsoft 365 Core eDiscovery
Microsoft Purview eDiscovery (Premium)

Microsoft Purview eDiscovery (Standard)
Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases. To learn more, see Microsoft Purview eDiscovery (Premium) and Microsoft Purview eDiscovery (Standard).
Microsoft 365 compliance center Microsoft Purview compliance portal Admin portal to access solutions and solution catalog within the Microsoft 365 E5 Compliance suite. To learn more, see Microsoft Purview compliance portal.