Microsoft Purview compliance portal: Information Protection – Email attachment preview in Activity Explorer

Originally posted by Microsoft Jan 13, 2026 Uncategorized 0 Comments

Starting early February 2026, Microsoft Purview Activity Explorer will let admins preview flagged email attachments in Exchange Online directly within the portal, without downloading emails. This feature is enabled by default, requires no action, and maintains existing DLP and Information Protection policies.

Introduction

We’re enhancing Activity Explorer in the Microsoft Purview compliance portal to provide better visibility into sensitive data detected in Exchange Online. Today, admins can only view email message bodies when investigating Data Loss Prevention (DLP) or Information Protection events. With this update, admins will be able to preview flagged email attachments directly within Activity Explorer—without downloading the email—simplifying investigations and reducing risk exposure.

This message is associated with Microsoft Roadmap ID 543969.

When this will happen

General Availability (Worldwide) rollout will begin in early February 2026 and complete by early February 2026.

How this affects your organization

Who is affected: Admins who use Microsoft Purview Activity Explorer to investigate Data Loss Prevention (DLP) or Information Protection events in Exchange Online.

What will happen:

What you can do to prepare

  • No action is required. This update will take effect automatically after rollout.
  • (Optional) Communicate this improvement to your security and compliance teams.
  • (Optional) Update internal investigation workflows or documentation.

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.

  • Admins will be able to preview email attachments flagged for sensitive data directly within Activity Explorer:

    • user settingsView image in new tab

  • A preview pane will appear for supported file types.
  • Email downloads will no longer be required for most investigations.
  • The feature will be enabled by default; no configuration changes will be required.
  • Existing DLP and Information Protection policies will remain unchanged.

Message ID: MC1217153

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

Trending Posts

%d bloggers like this: