Microsoft 365 Message Center item MC1404319
MC1404319 - Microsoft Purview: Endpoint data loss prevention support for FTP and SFTP
Microsoft Purview Endpoint DLP will support monitoring and protecting FTP and SFTP transfers on managed Windows devices starting late July 2026 (preview) and mid-August 2026 (GA). Admins must enable this in policies to audit or block transfers, enhancing data loss prevention across common file transfer methods.
- Message Center ID
- MC1404319
- Category
- stay Informed
- Severity
- normal
- Services
- Microsoft Purview
- Tags
- New feature, User impact, Admin impact
- Roadmap ID
- 565868
- Platforms
- Web
- Published
- 2026-06-25
- Last updated
- 2026-06-25
- Expires
- 2026-09-17
[What and Why]Microsoft is introducing support for FTP and SFTP in Endpoint data loss prevention (DLP) in Microsoft Purview. This capability helps organizations monitor and protect sensitive data transferred using FTP and SFTP from managed Windows devices. It prevents unauthorized data exfiltration while maintaining visibility and control and closes a gap in protection across common transfer methods.[Rollout Schedule]Public Preview: Beginning late July 2026 and expected to complete early August 2026General Availability (Worldwide, GCC, GCC High, and DoD): Beginning and completing mid-August 2026[Impact on Your Organization]Who is affectedAdmins managing Microsoft Purview Endpoint DLPUsers on managed Windows devicesPlatforms/ServicesMicrosoft PurviewEndpoint DLPWindows devicesWhat will happenEndpoint DLP will support monitoring and protection of files transferred over FTP and SFTP.FTP and SFTP events will appear as a new activity type in Activity Explorer.Admins can apply DLP actions such as audit, block, and block with override to FTP and SFTP transfer activities after enabling the capability in policy settings: FTP and SFTP protection is not enabled by default. Administrators must configure FTP/SFTP transfer activities in Endpoint DLP policies to apply protection.Once enabled, FTP and SFTP transfer activities are evaluated using the conditions, scope, and enforcement actions configured in Endpoint DLP policies.[Action Required / Recommendations]No immediate action is required before rollout.Recommended actions:Review your existing Endpoint DLP policies for devices.Identify where FTP and SFTP transfer protection should be applied.Start with audit only mode before enabling blocking actions.Use Activity Explorer to monitor FTP and SFTP events after rollout.Refine policies based on observed activity.Learn more:Create and deploy data loss prevention policies | Microsoft Purview | Microsoft LearnGet started with activity explorer | Microsoft Purview | Microsoft LearnGet started with Endpoint data loss prevention | Microsoft Purview | Microsoft LearnHelp protect against sharing of a defined set of unsupported files | Microsoft Purview | Microsoft LearnLearn about Endpoint data loss prevention | Microsoft Purview | Microsoft Learn[Compliance Considerations]This change extends existing Endpoint DLP policy enforcement to additional data transfer channels and may affect how sensitive data movement is monitored and controlled across endpoints. Review as appropriate for your organization.