Message Center

MC1326260Microsoft Purview Data Security Triage Agent will include sensitive data remediation through Microsoft Teams

Summary

Microsoft Purview Data Security Triage Agent will add sensitive data remediation via Microsoft Teams for SharePoint and OneDrive files, automating user notifications and tracking remediation progress. This opt-in feature, launching in public preview late June 2026, aims to reduce compliance risk and improve remediation visibility.

More information

What and Why

Microsoft Purview Data Security Triage Agent in Data Loss Prevention (DLP) will include a sensitive data remediation capability to help organizations identify and remediate sensitive information across SharePoint and OneDrive at scale. This capability will automate user engagement by sending remediation requests directly to the last modifier of affected files through Microsoft Teams. By enabling a closed-loop remediation process, organizations will be able to reduce compliance risk, improve remediation rates, and gain better visibility into remediation progress.

Rollout Schedule

Public Preview: Rollout will begin in late June 2026 and is expected to complete by late July 2026.

Impact on Your Organization

Who is affected

Microsoft Purview administrators managing Data Loss Prevention
Users who modify files containing sensitive data in SharePoint or OneDrive

Platforms/Services

Microsoft Purview (Data Loss Prevention, Data Security Triage Agent)
Microsoft Teams
SharePoint Online
OneDrive for Business

What will happen

This capability will be off by default and will require admin opt-in in Data Security Triage Agent settings.
After the capability is enabled:
- The agent will detect files associated with Data Loss Prevention alerts.
- Only alerts triaged as Needs attention will be eligible.
- A Microsoft Teams message will be sent to the user who last modified the file.
- Users will receive daily reminder messages until remediation is completed or the configured reminder duration is reached.
- Administrators will be able to configure the number of reminder days.
- Remediation progress will be tracked in the Data Security Posture Management dashboard.
Scope limitations:
- Applies only to SharePoint and OneDrive workloads.
- Does not apply to Endpoint or Teams-originated alerts.
- Alerts marked as Less urgent or not triaged are not included.

Action Required/Recommendations

Action may be required if you plan to use this feature.

Enable the Data Security Triage Agent in Data Loss Prevention settings if it is not already enabled.
- Review: Enable the agent - Get started with the Microsoft Purview Triage Agent in Data Loss Prevention | Microsoft Learn
Enable the sensitive data remediation capability and configure reminder duration.
- Review: Remediation reminder (Preview) - Get started with the Microsoft Purview Triage Agent in Data Loss Prevention | Microsoft Learn
Review your Data Loss Prevention policies and determine which policies will use remediation.
Ensure that your Microsoft Teams environment is configured to support agent messaging.
- Review: Configure Microsoft Teams for the Data Security Triage Agent remediation messages | Microsoft Learn
Coordinate with your Teams administrator to deploy and manage the required app.
Review setup and configuration guidance.
Communicate this change to your security and compliance stakeholders.

Learn more:

Compliance considerations

Question	Answer
Does the change alter how existing customer data is processed, stored, or accessed (for example, documents, emails, or chats)?	Yes. Sensitive data identified through Data Loss Prevention alerts is processed to trigger remediation workflows, including notifying users and tracking remediation activity.
Does the change introduce or significantly modify AI, machine learning, or agent capabilities that interact with or provide access to customer data?	Yes. The Data Security Triage Agent uses AI-assisted automation to triage alerts and orchestrate remediation workflows involving customer data.
Does the change provide a new way of communicating between users, tenants, or subscriptions?	Yes. The feature introduces automated Microsoft Teams messages sent to users regarding remediation of sensitive data.
Does the change alter how admins can monitor, report on, or demonstrate compliance activities?	Yes. The feature adds remediation tracking and visibility in the Data Security Posture Management dashboard, enhancing compliance monitoring capabilities.
Does the change include an admin control, and can it be controlled through Entra ID group membership?	Yes. The feature requires explicit admin opt-in and can be configured by administrators within the Data Security Triage Agent settings.