MC1262573 - Microsoft Purview: Information Protection – Extended scoping capabilities for sensitivity label policies

Introduction

Purview Information Protection admins can now exclude modern Microsoft 365 groups and scope sensitivity label policies to dynamic and non-mail enabled security groups. These capabilities give admins more flexibility, expanding policy targeting beyond individual users and mail-enabled groups.

This message is associated with Microsoft 365 Roadmap ID 558685.

When this will happen:

Public Preview: We will begin rolling out late April 2026 and expect to complete by mid-May 2026.
General Availability: We will begin rolling out late May 2026 and expect to complete by late May 2026.

How this affects your organization:

Who is affected:

Information Protection admins managing sensitivity label publishing policies

What will happen:

Admins can exclude modern Microsoft 365 groups from label publishing policies
Admins can include non-mail-enabled security groups, including dynamic security groups
Existing policies and configurations remain unchanged
No user impact unless admins update policy scope

What you can do to prepare:

No action is required
Optionally review and update label publishing policies to take advantage of expanded scoping

Learn more: Create and publish sensitivity labels | Microsoft Learn (will be updated before rollout)

Compliance considerations:

Compliance question	Explanation
Does the change modify Information Protection labels or policy configuration capabilities?	This update expands how sensitivity label publishing policies can be scoped by allowing admins to exclude modern Microsoft 365 groups and include non-mail-enabled security groups.
Does the change include an admin control and can it be controlled through Entra ID group membership?	Admins can scope sensitivity label publishing policies using non-mail-enabled security groups, including dynamic security groups in Microsoft Entra ID.

Introduction

This message is associated with Microsoft 365 Roadmap ID 558685.

When this will happen:

Public Preview: We will begin rolling out late April 2026 and expect to complete by mid-May 2026.
General Availability: We will begin rolling out late May 2026 and expect to complete by late May 2026.

How this affects your organization:

Who is affected:

Information Protection admins managing sensitivity label publishing policies

What will happen:

Admins can exclude modern Microsoft 365 groups from label publishing policies
Admins can include non-mail-enabled security groups, including dynamic security groups
Existing policies and configurations remain unchanged
No user impact unless admins update policy scope

What you can do to prepare:

No action is required
Optionally review and update label publishing policies to take advantage of expanded scoping

Learn more: Create and publish sensitivity labels | Microsoft Learn (will be updated before rollout)

Compliance considerations:

Compliance question	Explanation
Does the change modify Information Protection labels or policy configuration capabilities?	This update expands how sensitivity label publishing policies can be scoped by allowing admins to exclude modern Microsoft 365 groups and include non-mail-enabled security groups.
Does the change include an admin control and can it be controlled through Entra ID group membership?	Admins can scope sensitivity label publishing policies using non-mail-enabled security groups, including dynamic security groups in Microsoft Entra ID.

Microsoft Purview: Information Protection – Extended scoping capabilities for sensitivity label policies

Message ID

Roadmap ID

Services

Affected Platforms

Summary

Details