Microsoft 365 Message Center item MC1267869

MC1267869 - Microsoft Purview compliance portal: Enforce DLP protection on new content before it’s saved

Starting April 2026, Microsoft Purview Endpoint DLP will enable detection and blocking of egress activities on unsaved files before they're saved, enhancing data loss prevention. This feature is off by default, requires admin setup, and needs devices running anti-malware Client version 4.18.26020 or later.

Message Center ID
MC1267869
Category
stay Informed
Severity
normal
Services
Microsoft Purview
Tags
New feature, User impact, Admin impact
Roadmap ID
511791
Platforms
Web
Published
2026-04-01
Last updated
2026-04-01
Expires
2026-05-18

[Introduction]Today, Endpoint Data Loss Prevention (DLP) can only protect content after it’s saved to disk. Based on customer feedback and ongoing security investments, we’re introducing the ability to detect and block egress activities on unsaved files. This enhancement helps organizations prevent data leakage earlier in the workflow by applying DLP protection before content is written to the device.This message is associated with Microsoft 365 Roadmap ID 511791.[When this will happen]General Availability (Worldwide): We will begin rolling out this feature in early April 2026 and expect to complete by mid‑April 2026.[How this affects your organization]Who is affectedOrganizations using Endpoint DLP in the Microsoft Purview compliance portalAdmins who configure or manage Endpoint DLP policiesUsers on devices running anti‑malware Client version 4.18.26020 or laterWhat will happenNew policy controls will be available that allow admins to detect or block egress activities involving unsaved files.When enabled:Audit print and transfer activities for unsaved files: Endpoint DLP will log egress actions involving unsaved files.Block print and transfer activities for unsaved files: Endpoint DLP will block egress actions involving unsaved files.Policy evaluation will begin earlier in the process, before a file is saved to disk.This feature is off by default and requires admin configuration to take effect.Existing policies continue to function with no changes unless these new settings are configured.[What you can do to prepare]Ensure devices in scope are running anti‑malware Client version 4.18.26020 or later.Review your existing Endpoint DLP policies and determine whether to enable the new unsaved‑file controls.Update internal documentation or helpdesk materials that describe DLP behavior.Communicate these upcoming policy options to your security and compliance teams.[Compliance considerations]No compliance considerations identified. Review as appropriate for your organization.