Services
Affected Platforms
Summary
Microsoft Purview introduces collection policies for granular control over data signals collected on Windows endpoints, enhancing targeted discovery without enforcement actions. This affects multiple Purview solutions and requires enabling DLP Always audit. Rollout begins late July for Gov Clouds, with no immediate impact until configured.
Details
We have introduced a new configuration option in Microsoft Purview called collection policies for targeted signal discovery and collection. Collection policies will allow administrators to fine tune the signals and data collected for Purview solutions at the tenant level. This includes specifying which Sensitive Information Types (SITs) are classified and what activities are collected on Windows endpoint devices.
This message is associated with Microsoft 365 Roadmap ID 493750.
When this will happen:
Gov Clouds: Gov Clouds rollout will begin in end of July and continue into mid August.
How this will affect your organization:
Key benefits of collection policies
- Granular control: Align with regulatory, regional, and organizational requirements that specify what types of data can be collected.
- Noise reduction: Focus on the most relevant data security risks by tailoring data discovery and signals to what’s important for your organization
Purview solutions impacted
- Unlike traditional Purview Data Loss Prevention (DLP) or Microsoft Purview Information Protection policies, collection policies are designed to streamline discovery of relevant information, rather than apply enforcement or take action on that information. There is no action taken from these policies to block content, as policies are meant to scope what content is collected and surfaces to administrators.
- Using collection policies to scope signal collection will impact what is surfaced in several Purview solutions, including Insider Risk Management (IRM), Data Security Posture Management (DSPM), eDiscovery, Data Lifecycle Management (DLM), Activity Explorer, and more. Learn more: Collection Policies Solution Overview (preview) | Microsoft Learn
There is no immediate impact of this feature release. If you choose to leverage collection policies, admins can now choose which signals to discover in devices.
After you enable collection policies, you may see various updates to the Purview DLP audit experience. These updates may affect your organizations current configuration in the following ways:
- Activities to audit on your tenant will be scoped to the selected SITs and user activities
- A new Location picker experience will be used to scope users and groups
- To use collection policies for endpoints, the DLP Always audit setting will still need to be enabled. However, once created, collection policies for endpoint devices adjust from an open policy to an allowlisting policy that supports inclusion and/or exclusion of specific users, groups, and specified activities to reduce load and address customer requirements.
This feature is available by default for admins to configure.
What you need to do to prepare:
There is no immediate impact of this feature release until you create an initial collection policy and Always audit is enabled in DLP (Windows endpoint devices only). To prepare for this upcoming enhancement to the Purview portal, we recommend you:
- Review Microsoft Learn docs on collection policies and required prerequisites: Collection Policies Solution Oerview (preview) | Microsoft Learn
- Help inform other Purview admins whose signal collection would be scoped, including the solutions in this message.
This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. You may want to notify your users about this change and update any relevant documentation.