Microsoft Purview is updating permissions so all roles with DLP policy view access can also run diagnostics, enhancing troubleshooting and visibility without changing enforcement. This rollout begins late April 2026 and affects various admin and compliance roles. No action is required from organizations.
Introduction
We’re updating permissions in Microsoft Purview so that all roles that can view Data Loss Prevention (DLP) policies can also run diagnostics on those policies. This change improves visibility and helps authorized users more easily troubleshoot, validate, and understand DLP policy behavior without requiring elevated permissions.
This message is associated with Microsoft 365 Roadmap ID 557192.
When this will happen
How this affects your organization
Who is affected
Administrators and security or compliance roles that already have permission to view DLP policies in Microsoft Purview.
What will happen
Users in the following roles will be able to run DLP diagnostics in addition to viewing DLP policies:
This change does not modify DLP policy enforcement or behavior. It only expands diagnostic access for existing, authorized roles.
What you can do to prepare
No action is required.
Learn more:
Compliance considerations
| Question | Answer |
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities? | Yes. The change expands diagnostic access so that more existing roles can run DLP diagnostics, improving visibility and troubleshooting without changing enforcement or audit behavior. |