500895 – Microsoft Purview compliance portal: Endpoint Data Loss Prevention – Endpoint DLP support classification of Azure RMS protected Office documents

Product:

Purview, Purview Communication Compliance, Purview compliance portal, Purview Data Loss Prevention, Windows

Platform:

Web, World tenant

Status:

In development

Change type:

Links:

Details:

Endpoint DLP can now classify Office files stored in Windows devices that have Azure RMS protection applied. Classification will be triggered when file is used in applications or when just-in-time classification is enabled

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2025-08-22

updated:
2026-01-21

Public Preview Start Date

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Data Loss Prevention Implementation
Without proper preparation, the implementation of Endpoint DLP may lead to unintentional data loss or access issues for users who rely on Azure RMS protected Office documents, as classification processes may disrupt normal file access and usage.
   - roles: IT Administrators, End Users
   - references: https://techcommunity.microsoft.com/t5/security-compliance-identity/endpoint-dlp-supports-classification-of-azure-rms-protected/ba-p/3701230" target="_blank" rel="nofollow noopener noreferrer">https://techcommunity.microsoft.com/t5/security-compliance-identity/endpoint-dlp-supports-classification-of-azure-rms-protected/ba-p/3701230, https://www.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention " target="_blank" rel="nofollow noopener noreferrer">https://www.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention

User Experience Disruption
If Endpoint DLP is deployed without adequate training and communication, users may experience confusion or frustration due to unexpected prompts or restrictions when accessing their documents, leading to decreased productivity.
   - roles: End Users, Support Staff
   - references: https://www.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention, https://techcommunity.microsoft.com/t5/security-compliance-identity/endpoint-dlp-supports-classification-of-azure-rms-protected/ba-p/3701230" target="_blank" rel="nofollow noopener noreferrer">https://techcommunity.microsoft.com/t5/security-compliance-identity/endpoint-dlp-supports-classification-of-azure-rms-protected/ba-p/3701230

Configutation Options**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

Imagine you have a filing cabinet where you store important documents. To keep them safe, you use a special lock that only certain people can open. This is similar to how Azure RMS (Rights Management Services) protects Office documents on your computer. It ensures that only authorized individuals can access the content.

Now, think of Endpoint Data Loss Prevention (DLP) as a diligent office assistant who helps you keep track of what's inside your filing cabinet. This assistant can now "read" the labels on your documents, even if they are locked with the special Azure RMS lock. This means that Endpoint DLP can identify and classify these protected documents based on their content, ensuring they are handled according to your organization's policies.

When you use an application to open or edit these documents, or if you have a system that checks the documents' classification status at specific times (just-in-time classification), Endpoint DLP steps in to make sure the documents are correctly labeled and managed. This is like your office assistant making sure that each document is in the right folder and has the correct label, even if it's locked.

This capability helps organizations maintain control over sensitive information, ensuring that even when documents are protected, they are still managed according to compliance requirements. It's like having an extra layer of security and organization for your digital filing cabinet, ensuring everything is in its right place and only accessed by those who should have access.