Microsoft Purview is expanding Endpoint Data Loss Prevention capabilities on Mac devices by increasing supported file types from approximately 40 to more than 100. This update brings endpoint coverage in line with protections already available across Exchange, SharePoint, and OneDrive, helping organizations eliminate gaps in sensitive data detection. Additional enhancements include improved detection of sensitivity labels, metadata-based classification, and support for formats such as PDF files. By extending DLP visibility and enforcement across a broader range of content, this update helps organizations reduce the risk of undetected data exposure and strengthen overall compliance posture. The feature is currently in development and expected to begin rolling out in April 2026.

Microsoft is introducing a new SharePoint admin policy that allows organizations to automatically expire “People in your organization” sharing links after a defined period. Administrators can configure expiration timelines—such as 30 days, 90 days, or a custom duration—to ensure internal sharing links do not remain active indefinitely. This update helps organizations strengthen data governance by reducing the risk of unintended long-term access to shared content, supporting better control over internal data exposure across SharePoint and OneDrive environments. The feature is rolling out beginning March 2026 for GCC High and DoD environments.

Microsoft Purview is expanding Data Security Posture Management (DSPM) capabilities with new item-level investigation and remediation tools for SharePoint data risk assessments. Administrators will gain deeper visibility into potentially overshared content through insights such as sensitivity labels and sharing link details. From the same interface, organizations will be able to take direct remediation actions, including notifying users, applying sensitivity labels, or removing sharing links for specific items. This update helps security and compliance teams quickly reduce data exposure, strengthen governance controls, and ensure sensitive information remains accessible only to the appropriate users. The feature is currently in development and expected to arrive in April 2026 for GCC and GCC High environments.

Microsoft is introducing recommended threshold guidance within the Insider Risk Management policy wizard in the Microsoft Purview compliance portal. Administrators will be able to receive tailored threshold recommendations for built-in insider risk indicators, helping organizations fine-tune policies and generate a more effective volume of alerts. By guiding administrators toward balanced alert thresholds, the update helps reduce noise while improving the detection of potential insider risks such as data leakage, IP theft, and policy violations. The feature is currently in development and expected to arrive in March 2026 across GCC and GCC High environments.

Microsoft Purview is enhancing Activity Explorer to provide greater visibility into sensitive data flagged in Exchange Online. With this update, administrators will be able to preview email attachments directly within Activity Explorer without needing to download the message. Previously, only the email body was viewable, limiting insight into the full scope of flagged content. This improvement allows compliance and security teams to investigate potential data exposure more quickly while keeping sensitive content within governed review workflows. The feature has launched for GCC and GCC High environments.

Microsoft Places is expanding support to GCC High and DoD environments, bringing its AI-powered workplace coordination capabilities into secure government clouds. Microsoft Places helps organizations plan and optimize in-person collaboration by connecting people, space, and schedules more effectively. With this expansion, regulated tenants gain access to modern workplace planning tools while maintaining the security and compliance standards required in GCC High and DoD environments. The feature is currently in development and is expected to begin rolling out in March 2026.

Microsoft Purview Insider Risk Management is introducing the ability to preview content directly within Insider Risk Management alerts, eliminating the need to create a case before reviewing referenced files. Administrators with appropriate permissions will be able to preview relevant content directly within Activity Explorer as part of the alert investigation workflow. This enhancement reduces investigative friction, accelerates triage, and keeps review processes contained within governed security tooling. The feature is currently in development with expected availability beginning June 2026 for GCC High and DoD environments.

Microsoft SharePoint is introducing an admin policy that allows organizations to automatically expire “People in your organization” sharing links after a defined period. Administrators can set organization-wide expiration timeframes—such as 30 days, 90 days, or a custom duration—to prevent internal links from remaining active indefinitely. This update strengthens internal data governance by reducing persistent access to shared content and supporting tighter control over information lifecycle management in regulated environments. The feature is currently in development with expected rollout beginning June 2026 for GCC High and DoD tenants.

Microsoft Purview Insider Risk Management is introducing user analytics to provide deeper visibility into potentially risky behavior across the tenant. These insights surface insider risk context directly within DLP investigations, Communication Compliance alerts, Microsoft Defender XDR user entity pages, and advanced hunting, helping security teams correlate activity across tools more effectively. User analytics can be enabled or disabled at the tenant level and are built with privacy by design, including pseudonymization, role-based access controls, and auditing to support compliance requirements. This update is rolling out beginning January 2026 for GCC High and DoD environments.

Microsoft is extending Insider Risk Management in GCC High to detect risky AI usage in highly regulated environments, giving administrators deeper visibility into how generative AI interacts with sensitive data. New detections focus on prompts and AI-generated responses that include sensitive information or draw from protected files or sites, helping identify potential insider risk tied to automated activity. Coverage spans Microsoft Copilots and third-party AI tools, with built-in privacy controls such as pseudonymization, role-based access, and auditing to support compliance requirements in GCC High and DoD tenants. The update begins rolling out in January 2026.