Services
Affected Platforms
Summary
Starting early February 2026, Microsoft Purview Activity Explorer will let admins preview flagged email attachments in Exchange Online directly within the portal, without downloading emails. This feature is enabled by default, requires no action, and maintains existing DLP and Information Protection policies.
Details
Introduction
We’re enhancing Activity Explorer in the Microsoft Purview compliance portal to provide better visibility into sensitive data detected in Exchange Online. Today, admins can only view email message bodies when investigating Data Loss Prevention (DLP) or Information Protection events. With this update, admins will be able to preview flagged email attachments directly within Activity Explorer—without downloading the email—simplifying investigations and reducing risk exposure.
This message is associated with Microsoft Roadmap ID 543969.
When this will happen
General Availability (Worldwide) rollout will begin in early February 2026 and complete by early February 2026.
How this affects your organization
Who is affected: Admins who use Microsoft Purview Activity Explorer to investigate Data Loss Prevention (DLP) or Information Protection events in Exchange Online.
What will happen:
- Admins will be able to preview email attachments flagged for sensitive data directly within Activity Explorer:
- A preview pane will appear for supported file types.
- Email downloads will no longer be required for most investigations.
- The feature will be enabled by default; no configuration changes will be required.
- Existing DLP and Information Protection policies will remain unchanged.
What you can do to prepare
- No action is required. This update will take effect automatically after rollout.
- (Optional) Communicate this improvement to your security and compliance teams.
- (Optional) Update internal investigation workflows or documentation.
Compliance considerations
No compliance considerations identified. Review as appropriate for your organization.