Microsoft 365 Message Center Archive

MC1267869 - Microsoft Purview compliance portal: Enforce DLP protection on new content before it’s saved

Message ID

MC1267869

View in Message Center

Service

Microsoft Purview

Published

Apr 1, 2026

Tag

New feature
User impact
Admin impact

Roadmap ID

511791

View in M365 Roadmap

Platforms

Web

Summary

Starting April 2026, Microsoft Purview Endpoint DLP will enable detection and blocking of egress activities on unsaved files before they're saved, enhancing data loss prevention. This feature is off by default, requires admin setup, and needs devices running anti-malware Client version 4.18.26020 or later.

More information

Introduction

Today, Endpoint Data Loss Prevention (DLP) can only protect content after it’s saved to disk. Based on customer feedback and ongoing security investments, we’re introducing the ability to detect and block egress activities on unsaved files. This enhancement helps organizations prevent data leakage earlier in the workflow by applying DLP protection before content is written to the device.

This message is associated with Microsoft 365 Roadmap ID 511791.

When this will happen

General Availability (Worldwide): We will begin rolling out this feature in early April 2026 and expect to complete by mid‑April 2026.

How this affects your organization

Who is affected

  • Organizations using Endpoint DLP in the Microsoft Purview compliance portal
  • Admins who configure or manage Endpoint DLP policies
  • Users on devices running anti‑malware Client version 4.18.26020 or later

What will happen

  • New policy controls will be available that allow admins to detect or block egress activities involving unsaved files.
  • When enabled:
    • Audit print and transfer activities for unsaved files: Endpoint DLP will log egress actions involving unsaved files.
    • Block print and transfer activities for unsaved files: Endpoint DLP will block egress actions involving unsaved files.
  • Policy evaluation will begin earlier in the process, before a file is saved to disk.
  • This feature is off by default and requires admin configuration to take effect.
  • Existing policies continue to function with no changes unless these new settings are configured.

What you can do to prepare

  • Ensure devices in scope are running anti‑malware Client version 4.18.26020 or later.
  • Review your existing Endpoint DLP policies and determine whether to enable the new unsaved‑file controls.
  • Update internal documentation or helpdesk materials that describe DLP behavior.
  • Communicate these upcoming policy options to your security and compliance teams.

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.