Skip to main content
🦉
Message CenterMicrosoft 365 Updates
HomePermissionsTenant FinderM365 ReportPortfolio
🦉
M365 Message Centerby Cengiz YILMAZ

Track the latest updates, features, and announcements for Microsoft 365 services. Comprehensive archive of service updates and important changes.

Quick Links

HomePermissionsTenant FinderM365 ReportPortfolio

Connect

© 2026 M365 Message Center. Created with ❤ by Cengiz YILMAZ

Data sourced from Microsoft 365 Message Center • Not affiliated with Microsoft

  1. Home
  2. /
  3. MC1267869

Microsoft Purview compliance portal: Enforce DLP protection on new content before it’s saved

Informational

Message ID

MC1267869
View in Admin Center

Roadmap ID

511791
View in Roadmap

Services

Microsoft Purview

Affected Platforms

Web

Summary

Starting April 2026, Microsoft Purview Endpoint DLP will enable detection and blocking of egress activities on unsaved files before they're saved, enhancing data loss prevention. This feature is off by default, requires admin setup, and needs devices running anti-malware Client version 4.18.26020 or later.

Details

Introduction

Today, Endpoint Data Loss Prevention (DLP) can only protect content after it’s saved to disk. Based on customer feedback and ongoing security investments, we’re introducing the ability to detect and block egress activities on unsaved files. This enhancement helps organizations prevent data leakage earlier in the workflow by applying DLP protection before content is written to the device.

This message is associated with Microsoft 365 Roadmap ID 511791.

When this will happen

General Availability (Worldwide): We will begin rolling out this feature in early April 2026 and expect to complete by mid‑April 2026.

How this affects your organization

Who is affected

  • Organizations using Endpoint DLP in the Microsoft Purview compliance portal
  • Admins who configure or manage Endpoint DLP policies
  • Users on devices running anti‑malware Client version 4.18.26020 or later

What will happen

  • New policy controls will be available that allow admins to detect or block egress activities involving unsaved files.
  • When enabled:
    • Audit print and transfer activities for unsaved files: Endpoint DLP will log egress actions involving unsaved files.
    • Block print and transfer activities for unsaved files: Endpoint DLP will block egress actions involving unsaved files.
  • Policy evaluation will begin earlier in the process, before a file is saved to disk.
  • This feature is off by default and requires admin configuration to take effect.
  • Existing policies continue to function with no changes unless these new settings are configured.

What you can do to prepare

  • Ensure devices in scope are running anti‑malware Client version 4.18.26020 or later.
  • Review your existing Endpoint DLP policies and determine whether to enable the new unsaved‑file controls.
  • Update internal documentation or helpdesk materials that describe DLP behavior.
  • Communicate these upcoming policy options to your security and compliance teams.

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.

Timeline

Published
Apr 1, 2026
Message published to Message Center
Updated
Apr 1, 2026
Message content updated
End Date
May 18, 2026
Message timeline ends

Tags

#New feature#User impact#Admin impact

Category

Stay Informed

Related Messages

Similar updates

MC1263277

Microsoft Purview | DLP to safeguard sensitive data from external web search in Microsoft 356 Copilot and Copilot Chat

Mar 27, 2026
MC1261596

Notice: Security Copilot will be included as part of your Microsoft 365 E5 plan soon

Mar 25, 2026
MC1259828

Microsoft Purview: Credential scanning in Data Security Posture Agent

Mar 23, 2026
MC1259827

Microsoft Purview: Data Security Investigations – analyze files tied to audit log activities

Mar 23, 2026
MC1259826

Microsoft Purview: Data Security Investigations – role-based access simplification

Mar 23, 2026