Introduction
Today, Endpoint Data Loss Prevention (DLP) can only protect content after it’s saved to disk. Based on customer feedback and ongoing security investments, we’re introducing the ability to detect and block egress activities on unsaved files. This enhancement helps organizations prevent data leakage earlier in the workflow by applying DLP protection before content is written to the device.
This message is associated with Microsoft 365 Roadmap ID 511791.
When this will happen
General Availability (Worldwide): We will begin rolling out this feature in early April 2026 and expect to complete by mid‑April 2026.
How this affects your organization
Who is affected
- Organizations using Endpoint DLP in the Microsoft Purview compliance portal
- Admins who configure or manage Endpoint DLP policies
- Users on devices running anti‑malware Client version 4.18.26020 or later
What will happen
- New policy controls will be available that allow admins to detect or block egress activities involving unsaved files.
- When enabled:
- Audit print and transfer activities for unsaved files: Endpoint DLP will log egress actions involving unsaved files.
- Block print and transfer activities for unsaved files: Endpoint DLP will block egress actions involving unsaved files.
- Policy evaluation will begin earlier in the process, before a file is saved to disk.
- This feature is off by default and requires admin configuration to take effect.
- Existing policies continue to function with no changes unless these new settings are configured.
What you can do to prepare
- Ensure devices in scope are running anti‑malware Client version 4.18.26020 or later.
- Review your existing Endpoint DLP policies and determine whether to enable the new unsaved‑file controls.
- Update internal documentation or helpdesk materials that describe DLP behavior.
- Communicate these upcoming policy options to your security and compliance teams.
Compliance considerations
No compliance considerations identified. Review as appropriate for your organization.