MC1000267 – (Updated) Microsoft Purview | Data Loss Prevention: New role for downloading original file evidence for Endpoint (archived)

Product:

Defender, Defender for Office 365, Defender XDR, Purview Communication Compliance, Purview Data Loss Prevention, Purview Information Protection

Platform:

Online, Web, World tenant

Status:

Launched

Change type:

Admin impact, New feature, Updated message

Links:

478660

Details:

Summary:
A new RBAC role, Data Classification Content Download, will be added to Microsoft Purview DLP, allowing admins to download endpoint-related evidence files. This role will be available in specific built-in role groups. The rollout will occur from mid-March to late April 2025. No admin action is required before the rollout.

Details:
Updated April 1, 2025: We have updated the content. Thank you for your patience.
Coming soon to Microsoft Purview | Data Loss Prevention (DLP): A new RBAC (role-based access control) role called Data Classification Content Download. When evidence collection is turned on from Endpoint DLP settings, this role lets admins download endpoint-related evidence files from activity explorer and DLP alerts in the Purview portal and Microsoft Defender XDR portal.
By default, the new role is available in these built-in role groups:
Data Security Management
Information Protection
Information Protection Investigators
To view the evidence, users can continue using the Data Classification Content Viewer role.
For more information on the roles and role groups in Microsoft Purview refer to Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview - Microsoft Defender for Office 365 | Microsoft Learn
This message is associated with Microsoft 365 Roadmap ID 478660.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out mid-March 2025 (previously late February) and expect to complete by late April 2025 (previously late March).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability

Created:
2025-02-08

updated:
2025-04-02

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

Microsoft is introducing a new role called Data Classification Content Download within its Purview DLP system, allowing specific administrators to download evidence files related to endpoint activities, with automatic rollout scheduled between mid-March and late April 2025.

Direct effects for Operations**

Access Control Issues
Admins without the new Data Classification Content Download role will be unable to download endpoint DLP evidence, leading to potential delays in incident response and investigation.
   - roles: DLP Investigators, IT Admins
   - references: https://learn.microsoft.com/defender-office-365/scc-permissions, https://learn.microsoft.com/purview/purview-compliance-portal-permissions

User Experience Disruption
Users may encounter error messages when attempting to download evidence files, resulting in frustration and decreased productivity until the necessary role is assigned.
   - roles: DLP Investigators, End Users
   - references: https://learn.microsoft.com/purview/purview-compliance-portal-permissions#add-users-or-groups-to-a-microsoft-purview-built-in-role-group, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=478660

Configutation Options**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only