MC1254556 - Purview DSPM’s Data Risk Assessments now support item-level investigation and remediation of SharePoint

Introduction

Purview DSPM’s Data Risk Assessments now support item-level investigation and remediation for SharePoint data, helping organizations more precisely identify and reduce oversharing risk. New item-level insights such as sensitivity label status and sharing link details make it easier to pinpoint overshared content. Admins can take direct remediation actions on selected items, including resolving findings, notifying owners, applying sensitivity labels, or removing sharing links. These enhancements help organizations proactively reduce data exposure, strengthen compliance posture, and ensure sensitive data is accessible only to the right people.

This message is associated with Microsoft 365 Roadmap ID 523202.

When this will happen:

General Availability (Worldwide): We began rolling out early March 2026 and expect to complete by mid-March 2026.

How this affects your organization:

Who is affected:

Microsoft 365 administrators using Microsoft Purview DSPM Data Risk Assessments
Organizations that create custom assessments for SharePoint data

What will happen:

Admins can scan SharePoint data at the item level to detect potential oversharing risks.

Custom assessment results include a new Potentially overshared items tab.

Admins can remediate individual items by resolving findings, notifying owners, applying sensitivity labels, or removing sharing links.

The feature requires admin setup and is not enabled by default.

What you can do to prepare:

Work with your Entra administrator to configure an Entra application (service principal) to enable item-level scanning.
The setup process enables key item-level remediation actions like assigning sensitivity labels or removing sharing links from overshared items.
- Learn more: Prerequisites for Microsoft 365 item-level scanning for data risk assessments | Microsoft Learn
Review and complete prerequisites required for item-level remediation actions.
Update internal documentation for Purview administrators.
Notify security and compliance stakeholders of the new capabilities.

Compliance considerations

Compliance area	Impact and explanation
Modification of Information Protection labels or enforcement	Admins can apply sensitivity labels directly to individual SharePoint items as part of remediation.
Audit, monitoring, or compliance reporting capabilities	Admins gain new item-level visibility and remediation workflows within Purview DSPM Data Risk Assessments.
Admin controls	Item-level scanning and remediation require configuration of an Entra application (service principal) and explicit admin setup.

Introduction

This message is associated with Microsoft 365 Roadmap ID 523202.

When this will happen:

General Availability (Worldwide): We began rolling out early March 2026 and expect to complete by mid-March 2026.

How this affects your organization:

Who is affected:

Microsoft 365 administrators using Microsoft Purview DSPM Data Risk Assessments
Organizations that create custom assessments for SharePoint data

What will happen:

Admins can scan SharePoint data at the item level to detect potential oversharing risks.

Custom assessment results include a new Potentially overshared items tab.

Admins can remediate individual items by resolving findings, notifying owners, applying sensitivity labels, or removing sharing links.

The feature requires admin setup and is not enabled by default.

What you can do to prepare:

Work with your Entra administrator to configure an Entra application (service principal) to enable item-level scanning.
The setup process enables key item-level remediation actions like assigning sensitivity labels or removing sharing links from overshared items.
- Learn more: Prerequisites for Microsoft 365 item-level scanning for data risk assessments | Microsoft Learn
Review and complete prerequisites required for item-level remediation actions.
Update internal documentation for Purview administrators.
Notify security and compliance stakeholders of the new capabilities.

Compliance considerations

Compliance area	Impact and explanation
Modification of Information Protection labels or enforcement	Admins can apply sensitivity labels directly to individual SharePoint items as part of remediation.
Audit, monitoring, or compliance reporting capabilities	Admins gain new item-level visibility and remediation workflows within Purview DSPM Data Risk Assessments.
Admin controls	Item-level scanning and remediation require configuration of an Entra application (service principal) and explicit admin setup.

Purview DSPM’s Data Risk Assessments now support item-level investigation and remediation of SharePoint

Message ID

Roadmap ID

Services

Affected Platforms

Summary

Details