check before: 2025-02-28
Product:
Defender, Defender for Office 365, Defender XDR, Purview Communication Compliance, Purview Data Loss Prevention, Purview Information Protection
Platform:
Online, Web, World tenant
Status:
In development
Change type:
Admin impact, New feature, Updated message
Links:
Details:
Summary:
Microsoft Purview Data Loss Prevention (DLP) is introducing a new role, Data Classification Content Download, allowing admins to download endpoint-related evidence files. The rollout will occur from mid-March to late March 2025. Admins should review configurations and notify relevant personnel about this change. No action is required before the rollout.
Details:
Updated March 5, 2025: We have updated the rollout timeline below. Thank you for your patience.
Coming soon to Microsoft Purview | Data Loss Prevention (DLP): A new RBAC (role-based access control) role called Data Classification Content Download. When evidence collection is turned on from Endpoint DLP settings, this role lets admins download endpoint-related evidence files from activity explorer and DLP alerts in the Purview portal and Microsoft Defender XDR portal.
By default, the new role is available in these built-in role groups:
Data Security Management
Information Protection
Information Protection Investigators
To view the evidence, users can continue using the Data Classification Content Viewer role.
For more information on the roles and role groups in Microsoft Purview refer to Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview - Microsoft Defender for Office 365 | Microsoft Learn
This message is associated with Microsoft 365 Roadmap ID 478660.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out mid-March 2025 (previously late February) and expect to complete by late March 2025 (previously early March).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability
Created:
2025-02-08
updated:
2025-03-06
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Access Control Changes
Admins without the new Data Classification Content Download role will be unable to download endpoint DLP evidence, leading to potential delays in incident response and investigation.
- roles: DLP Investigators, IT Admins
- references: https://learn.microsoft.com/defender-office-365/scc-permissions, https://learn.microsoft.com/purview/purview-compliance-portal-permissions
User Experience Disruption
Users may encounter error messages when attempting to download evidence files, resulting in frustration and decreased productivity until roles are adjusted.
- roles: DLP Investigators, Compliance Officers
- references: https://learn.microsoft.com/purview/purview-compliance-portal-permissions#add-users-or-groups-to-a-microsoft-purview-built-in-role-group, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=478660
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-03-06 | MC Messages | Coming soon to Microsoft Purview | Data Loss Prevention (DLP): A new RBAC (role-based access control) role called Data Classification Content Download. When evidence collection is turned on from Endpoint DLP settings, this role lets admins download endpoint-related evidence files from activity explorer and DLP alerts in the Purview portal and Microsoft Defender XDR portal.
By default, the new role is available in these built-in role groups: Data Security Management Information Protection Information Protection Investigators To view the evidence, users can continue using the Data Classification Content Viewer role. For more information on the roles and role groups in Microsoft Purview refer to Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview - Microsoft Defender for Office 365 | Microsoft Learn This message is associated with Microsoft 365 Roadmap ID 478660. [When this will happen:] General Availability (Worldwide): We will begin rolling out late February 2025 and expect to complete by early March 2025. | Updated March 5, 2025: We have updated the rollout timeline below. Thank you for your patience.
Coming soon to Microsoft Purview | Data Loss Prevention (DLP): A new RBAC (role-based access control) role called Data Classification Content Download. When evidence collection is turned on from Endpoint DLP settings, this role lets admins download endpoint-related evidence files from activity explorer and DLP alerts in the Purview portal and Microsoft Defender XDR portal. By default, the new role is available in these built-in role groups: Data Security Management Information Protection Information Protection Investigators To view the evidence, users can continue using the Data Classification Content Viewer role. For more information on the roles and role groups in Microsoft Purview refer to Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview - Microsoft Defender for Office 365 | Microsoft Learn This message is associated with Microsoft 365 Roadmap ID 478660. [When this will happen:] General Availability (Worldwide): We will begin rolling out mid-March 2025 (previously late February) and expect to complete by late March 2025 (previously early March). |
| 2025-03-06 | MC Title | Microsoft Purview | Data Loss Prevention: New role for downloading original file evidence for Endpoint | (Updated) Microsoft Purview | Data Loss Prevention: New role for downloading original file evidence for Endpoint |
| 2025-03-06 | MC Last Updated | 02/08/2025 00:02:35 | 2025-03-05T17:20:10Z |
| 2025-03-06 | MC MessageTagNames | New feature, Admin impact | Updated message, New feature, Admin impact |
| 2025-03-06 | MC Summary | Microsoft Purview Data Loss Prevention (DLP) is introducing a new role, Data Classification Content Download, allowing admins to download endpoint-related evidence files. The rollout will occur from mid-March to late March 2025. Admins should review configurations and notify relevant personnel about this change. No action is required before the rollout. |
Last updated 2 weeks ago
