Microsoft 365 Message Center Archive

MC1085582 - Microsoft Purview | Data Loss Prevention: True file types detected in Microsoft Exchange Online DLP (preview)

Message ID

MC1085582

View in Message Center

Service

Microsoft 365 suite

Published

May 30, 2025

Tag

New feature
User impact
Admin impact

Roadmap ID

493291

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Purview Data Loss Prevention for Exchange Online will enhance detection by evaluating the actual content of files, not just their extensions. This update, rolling out from mid-July to mid-October 2025, ensures more robust compliance and security. Admins can configure rules based on true file types without prior action.

More information

Coming soon for Microsoft Purview | Data Loss Prevention for Microsoft Exchange Online:

Before this rollout, Exchange Online relies only on the file extension (such as .docx and .pdf) to identify the type of an attachment but this approach can be bypassed if a file is renamed with a misleading extension. To address this, we’re enhancing our detection logic to go beyond just the visible file extension. After this rollout, even if a file’s extension is altered, Exchange will evaluate the actual content of the file to determine its true type. This ensures that policies based on file type (such as File extension is…) will remain effective and secure, even when attachments are renamed or disguised. This improvement provides you with a more robust and reliable way to enforce compliance and security rules around file sharing.

This message is associated with Microsoft 365 Roadmap ID 493291.

When this will happen:

Public Preview: We will begin rolling out mid-July 2025 and expect to complete by late August 2025.

General Availability (Worldwide): We will begin rolling out late August 2025 and expect to complete by late September 2025.

General Availability (GCC, GCC High): We will begin rolling out late August 2025 and expect to complete by mid-October 2025.

How this will affect your organization:

After this rollout, you can configure rules in the Purview portal based on the true file type using the File Extension is predicate in Data Loss Prevention for Exchange Online, and then you will start to see seeing the relevant details for rule matches in all the experiences, such as Alerts and Activity explorer.

To set up this feature for Exchange, go to Data Loss Prevention > Policy Settings > Create rule and use the File extension is condition:

admin controls

How the configured rule appears in other Purview experiences. For example, in Incident reports:

admin controls

How the configured rule appears in Alerts:

admin controls

How the configured rule appears in Activity explorer:

admin controls

This feature will be available by default for admins to configure.

What you need to do to prepare:

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. You may want to notify your users about this change and update any relevant documentation.

If you are already using the File Extension is predicate in Data Loss Prevention for Exchange Online, be prepared to see increase in number of detections for these predicates because we will validate these predicates for both visible and the true file extensions after this rollout.

Learn more: New-DlpComplianceRule (ExchangePowerShell) | Microsoft Learn