Microsoft 365 Message Center Archive

MC1003342 - Microsoft Purview | Endpoint Data Loss Prevention: Labeling improvement for non-Office files and PDF files

Message ID

MC1003342

View in Message Center

Service

Microsoft Purview

Published

Feb 11, 2025

Tag

New feature
User impact
Admin impact

Roadmap ID

476494

View in M365 Roadmap

Platforms

Web

More information

Before this rollout, users can apply a sensitivity label to a non-Office file or a PDF file in Microsoft Windows to apply protection that encapsulates the file into a .pfile file type that can verify user authorization and rights on the file. A user who needs to modify and collaborate with others on a .pfile can use Microsoft Purview Information protection (MPIP) to remove the label and protection on the .pfile, make changes, and then reapply the label and protection to the updated file.

After this rollout, Microsoft Purview Endpoint Data Loss Prevention (EDLP) will be able to simplify and protect the collaboration experience in managed Windows devices in conjunction with the MPIP client. Non-Office files and PDF files stored on managed devices will be labeled while retaining their original file types to allow a user to modify and update the file on their device. When a user copies and uploads a labeled file to a destination external to their Windows device, EDLP will help enforce the rights protection by converting the file to a .pfile for secure sharing to other users. If the other users are also protected with EDLP, they can use MPIP to remove the label on the shared files before collaborating.

This message is associated with Microsoft 365 Roadmap ID 476494.

When this will happen:

Public Preview: We will begin rolling out mid-March 2025 and expect to complete by mid-April 2025.

General Availability (Worldwide): We will begin rolling out mid-May 2025 and expect to complete by mid-June 2025.

How this will affect your organization:

There is no change to your organization current’s use of labels on non-Office files and PDF files. This feature requires enablement by admins in the Purview portal.

In the Purview portal, go to the Data Loss Prevention settings to enable this feature for users.

user settings

After the feature is enabled, users with MPIP installed will be able to convert any .pfile that the users have permissions to access on their trusted Windows devices.

user settings

user settings

When users try to transfer an RMS-labeled file (Microsoft Azure Rights Management Services) to a destination outside the managed device, EDLP will notify the user that the file will be converted to a .pfile.

admin settings

What you need to do to prepare:

There is no impact to your current Data Loss Prevention configuration in your organization. Admins can look at public documentation to understand the feature. please provide helpful inks

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your users and admins about this change and update any relevant documentation.

Before rollout, we will update this post with new documentation.