Services
Affected Platforms
Summary
Microsoft Purview introduces a File Quarantine action for SharePoint and OneDrive DLP policies, isolating violating files in an admin-controlled quarantine site with a tombstone placeholder. Rolling out mid-April to June 2026, it requires admin configuration, manual restore, and enhances data protection and compliance monitoring.
Details
Introduction
We are introducing the File Quarantine action in Microsoft Purview Data Loss Prevention (DLP) for SharePoint and OneDrive to help organizations better protect sensitive data. When a file violates a Purview DLP policy, it can be automatically isolated to prevent further access or sharing, allowing administrators to review and take appropriate action. This capability adds an additional layer of protection against accidental data exposure while supporting everyday collaboration.
This message is associated with Microsoft 365 Roadmap ID 557190.
When this will happen:
- Public Preview: Rolling out in mid‑April 2026 and expected to complete by early May 2026
- General Availability (Worldwide): Rolling out in early June 2026 and expected to complete by mid‑June 2026
How this affects your organization:
Who is affected:
- Admins managing Microsoft Purview DLP policies for:
- SharePoint Online
- OneDrive for Business
- Compliance and security administrators responsible for data protection and investigation workflows
What will happen:
- A new Quarantine action will be available when creating or editing DLP policies for SharePoint and OneDrive.
- When a file violates a DLP policy configured with the Quarantine action:
- The file is automatically isolated in an admin‑controlled quarantine location.
- Access to the original file is prevented to stop further sharing or exposure.
- A tombstone file replaces the original file at its source location:
- Contains admin‑defined messaging
- Informs users the file has been quarantined
- Preserves collaboration context
- Administrators retain visibility through:
- Audit logs
- DLP alerts
- Activity Explorer
- Files must be restored manually by an administrator.
- Original sharing permissions are not automatically reinstated upon restore.
- This feature is not enabled by default and requires configuration within a DLP policy.
What you can do to prepare:
- Create an admin‑owned SharePoint site to serve as the quarantine location.
- Configure quarantine settings in Purview DLP settings:
- Destination folder
- Tombstone message
- Review and restrict access permissions for the quarantine site.
- Validate behavior using DLP policies in simulation mode before broad enforcement.
- Update internal operational processes for quarantine reviews and restore requests.
- Communicate this change to your helpdesk and compliance teams.
Learn more:
- Get started with DLP file quarantine for SharePoint and OneDrive | Microsoft Learn
- Create a DLP policy to quarantine files in SharePoint and OneDrive | Microsoft Learn
Compliance considerations:
| Compliance consideration | Explanation |
|---|---|
| Does the change store new customer data? | Files that violate DLP policies may be moved to an admin‑owned SharePoint quarantine site where they are stored until restored or otherwise remediated. |
| Does the change alter how existing customer data is processed, stored, or accessed (e.g. documents, emails, chats, etc.)? | Files matching configured DLP policies can be automatically relocated from their original SharePoint or OneDrive location to a quarantine site, restricting access and sharing. |
| Does the change modify, interrupt, or disable Purview Data Loss Prevention (DLP) policies or enforcement? | Introduces a new enforcement action (Quarantine) that changes how policy matches are remediated when violations occur. |
| Does the change modify, interrupt, or disable audit logging capabilities? | Audit logs will continue to capture investigation data including original file location, ownership, and policy match details after quarantine. |