MC1218710 – Microsoft Purview Data Loss Prevention | Enforcement plane rename from Entra to Application

Product:

Purview, Purview Communication Compliance, Purview Data Loss Prevention

Platform:

Online, World tenant

Status:

Change type:

New feature, Admin impact

Links:

Details:

Summary:
Microsoft Purview DLP is renaming the Enforcement plane from "Entra" to "Application" starting mid-January 2026, with no functional or user impact. Admins should update scripts and documentation accordingly. New audit logs will reflect "Application," while existing logs keep "Entra." No compliance issues identified.

Details:
[Introduction]
We are updating the Enforcement plane terminology in Microsoft Purview Data Loss Prevention (DLP) and Collection Policies. The Enforcement plane identifies the application or environment where a DLP policy is evaluated and enforced, indicating where user actions are inspected and where policy outcomes-such as blocking, replacing, or auditing-are applied. Because policy enforcement happens on the application where activity occurs, we are renaming the Enforcement plane from Entra to Application. This update aligns terminology with how policies function and clarifies that enforcement applies across both AI and non‑AI applications.
[When this will happen:]
General Availability (Worldwide): Rollout begins mid-January 2026 and is expected to complete by mid-February 2026.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2026-01-17

updated:
2026-01-17

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Terminology Change Impact
Admins may face confusion or errors in scripts and documentation due to the terminology change from 'Entra' to 'Application' without prior preparation, leading to potential misconfigurations.
   - roles: Admins, IT Support
   - references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-purview-data-loss-prevention-enforcement-plane-rename/ba-p/3851230

Audit Log Discrepancy
Existing audit logs will still reference 'Entra', which may lead to discrepancies in reporting and analysis if not properly managed, potentially affecting compliance tracking.
   - roles: Compliance Officers, Data Analysts
   - references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-purview-data-loss-prevention-enforcement-plane-rename/ba-p/3851230

Training Material Updates
Failure to update training materials and internal documentation may result in misinformation among staff, leading to improper usage of the DLP system and potential policy violations.
   - roles: Training Coordinators, Admins
   - references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-purview-data-loss-prevention-enforcement-plane-rename/ba-p/3851230

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Documentation and Training Updates
With the renaming of the Enforcement plane from 'Entra' to 'Application', there is an opportunity to streamline and improve internal documentation and training materials. This will ensure that all stakeholders have access to the most current terminology and processes, enhancing clarity and reducing confusion.
   - next-steps: Conduct an audit of existing documentation and training materials to identify all instances of 'Entra'. Create a project plan to update these materials and communicate changes to all relevant teams.
   - roles: IT Administrators, Compliance Officers, Training Coordinators
   - references: https://techcommunity.microsoft.com/t5/security-compliance-identity/whats-new-in-microsoft-purview-data-loss-prevention/ba-p/3663458

Script Optimization
Admins are required to update scripts to reference 'Application' instead of 'Entra'. This presents an opportunity to optimize and refactor existing scripts for better performance and maintainability, potentially introducing best practices in scripting across the organization.
   - next-steps: Gather all existing scripts that reference 'Entra'. Analyze them for optimization opportunities, and then implement changes while testing for functionality. Consider establishing a review process for future script updates.
   - roles: IT Administrators, DevOps Engineers
   - references: https://docs.microsoft.com/en-us/purview/data-loss-prevention

Audit Log Management
The introduction of new audit logs reflecting 'Application' provides a chance to enhance audit log management practices. This can lead to improved monitoring and analysis of DLP policy enforcement, allowing for better compliance tracking and incident response.
   - next-steps: Review current audit log management practices and identify how the new logs can be integrated. Develop a strategy for analyzing the new audit logs and train relevant staff on how to interpret and utilize this data effectively.
   - roles: Compliance Officers, IT Security Analysts
   - references: https://learn.microsoft.com/en-us/purview/data-loss-prevention/audit-logs

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

Microsoft is making a small but important change to its Purview Data Loss Prevention (DLP) service by renaming the "Enforcement plane" from "Entra" to "Application." Think of this change like renaming a department in your law firm or company to better reflect what it actually does. For example, if you had a department called "Client Interaction" but everyone referred to it as "Customer Service" because that's what it really does, you might decide to officially change the name to "Customer Service" to avoid confusion.

In this case, the Enforcement plane is the part of the DLP service that checks where and how policies are applied to user actions. By renaming it to "Application," Microsoft is making it clearer that this enforcement applies across all types of applications, whether they involve artificial intelligence or not. It's like making sure everyone knows that the "Customer Service" department handles all client-related issues, not just specific ones.

This change will start rolling out in mid-January 2026 and finish by mid-February 2026. For most users, there will be no noticeable difference in how the DLP service works. However, if you're an admin managing these policies, you'll need to update any scripts or documentation that mention "Entra" to now say "Application." This is similar to updating your contact list or company directory to reflect a department's new name.

New audit logs will show "Application," while older logs will still show "Entra." This is like updating a sign on a door but leaving older documents unchanged. There are no compliance issues with this change, but it's always a good idea to review any changes to ensure they align with your organization's policies.

In summary, this is a straightforward name change designed to make things clearer without affecting how the service works. Just like renaming a department to better describe its function, this update helps ensure everyone is on the same page.