Microsoft Purview compliance portal: Enforce DLP protection on new content before it’s saved

Originally posted by Microsoft Apr 2, 2026 Uncategorized 0 Comments

Starting April 2026, Microsoft Purview Endpoint DLP will enable detection and blocking of egress activities on unsaved files before they’re saved, enhancing data loss prevention. This feature is off by default, requires admin setup, and needs devices running anti-malware Client version 4.18.26020 or later.

Introduction

Today, Endpoint Data Loss Prevention (DLP) can only protect content after it’s saved to disk. Based on customer feedback and ongoing security investments, we’re introducing the ability to detect and block egress activities on unsaved files. This enhancement helps organizations prevent data leakage earlier in the workflow by applying DLP protection before content is written to the device.

This message is associated with Microsoft 365 Roadmap ID 511791.

When this will happen

General Availability (Worldwide): We will begin rolling out this feature in early April 2026 and expect to complete by mid‑April 2026.

How this affects your organization

Who is affected

  • Organizations using Endpoint DLP in the Microsoft Purview compliance portal
  • Admins who configure or manage Endpoint DLP policies
  • Users on devices running anti‑malware Client version 4.18.26020 or later

What will happen

What you can do to prepare

  • Ensure devices in scope are running anti‑malware Client version 4.18.26020 or later.
  • Review your existing Endpoint DLP policies and determine whether to enable the new unsaved‑file controls.
  • Update internal documentation or helpdesk materials that describe DLP behavior.
  • Communicate these upcoming policy options to your security and compliance teams.

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.

  • New policy controls will be available that allow admins to detect or block egress activities involving unsaved files.
  • When enabled:
    • Audit print and transfer activities for unsaved files: Endpoint DLP will log egress actions involving unsaved files.
    • Block print and transfer activities for unsaved files: Endpoint DLP will block egress actions involving unsaved files.
  • Policy evaluation will begin earlier in the process, before a file is saved to disk.
  • This feature is off by default and requires admin configuration to take effect.
  • Existing policies continue to function with no changes unless these new settings are configured.

Message ID: MC1267869

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

Trending Posts

%d bloggers like this: