MC1068273 - Microsoft Purview | Data Loss Prevention: New collection policies for scoping classifiers and activity tracking

We have introduced a new configuration option in Microsoft Purview called collection policies for targeted signal discovery and collection. Collection policies will allow administrators to fine tune the signals and data collected for Purview solutions at the tenant level. This includes specifying which Sensitive Information Types (SITs) are classified and what activities are collected on Windows endpoint devices.

This message is associated with Microsoft 365 Roadmap ID 479760.

When this will happen:

Public Preview: Available now.

General Availability (Worldwide): We will begin rolling out early June 2025 and expect to complete by late June 2025.

How this will affect your organization:

Key benefits of collection policies

• Granular control: Align with regulatory, regional, and organizational requirements that specify what types of data can be collected.
• Noise reduction: Focus on the most relevant data security risks by tailoring data discovery and signals to what’s important for your organization

Purview solutions impacted

• Unlike traditional Purview Data Loss Prevention (DLP) or Microsoft Purview Information Protection policies, collection policies are designed to streamline discovery of relevant information, rather than apply enforcement or take action on that information. There is no action taken from these policies to block content, as policies are meant to scope what content is collected and surfaces to administrators.
• Using collection policies to scope signal collection will impact what is surfaced in several Purview solutions, including Insider Risk Management (IRM), Data Security Posture Management (DSPM), eDiscovery, Data Lifecycle Management (DLM), Activity Explorer, and more. Learn more: Collection Policies Solution Overview (preview) | Microsoft Learn

There is no immediate impact of this feature release. If you choose to leverage collection policies, admins can now choose which signals to discover in devices.

After you enable collection policies, you may see various updates to the Purview DLP audit experience. These updates may affect your organizations current configuration in the following ways:

• Activities to audit on your tenant will be scoped to the selected SITs and user activities
• A new Location picker experience will be used to scope users and groups
• To use collection policies for endpoints, the DLP Always audit setting will still need to be enabled. However, once created, collection policies for endpoint devices adjust from an open policy to an allowlisting policy that supports inclusion and/or exclusion of specific users, groups, and specified activities to reduce load and address customer requirements.

This feature is available by default for admins to configure.

What you need to do to prepare:

There is no immediate impact of this feature release until you create an initial collection policy and Always audit is enabled in DLP (Windows endpoint devices only). To prepare for this upcoming enhancement to the Purview portal, we recommend you:

• Review Microsoft Learn docs on collection policies and required prerequisites: Collection Policies Solution Oerview (preview) | Microsoft Learn
• Help inform other Purview admins whose signal collection would be scoped, including the solutions in this message.

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. You may want to notify your users about this change and update any relevant documentation.