MC1326260 – Microsoft Purview Data Security Triage Agent will include sensitive data remediation through Microsoft Teams

Product:

Entra, OneDrive, Purview, Purview Communication Compliance, Purview Data Loss Prevention, SharePoint, Teams

Platform:

Online, World tenant

Status:

Change type:

New feature, User impact, Admin impact

Links:

Details:

Summary:
Microsoft Purview Data Security Triage Agent will add sensitive data remediation via Microsoft Teams for SharePoint and OneDrive files, automating user notifications and tracking remediation progress. This opt-in feature, launching in public preview late June 2026, aims to reduce compliance risk and improve remediation visibility.

Details:
[What and Why]
Microsoft Purview Data Security Triage Agent in Data Loss Prevention (DLP) will include a sensitive data remediation capability to help organizations identify and remediate sensitive information across SharePoint and OneDrive at scale. This capability will automate user engagement by sending remediation requests directly to the last modifier of affected files through Microsoft Teams. By enabling a closed-loop remediation process, organizations will be able to reduce compliance risk, improve remediation rates, and gain better visibility into remediation progress.
[Rollout Schedule]
Public Preview: Rollout will begin in late June 2026 and is expected to complete by late July 2026.
[Impact on Your Organization]
Who is affected
Microsoft Purview administrators managing Data Loss Prevention
Users who modify files containing sensitive data in SharePoint or OneDrive
Platforms/Services
Microsoft Purview (Data Loss Prevention, Data Security Triage Agent)
Microsoft Teams
SharePoint Online
OneDrive for Business
What will happen
This capability will be off by default and will require admin opt-in in Data Security Triage Agent settings.
After the capability is enabled:
The agent will detect files associated with Data Loss Prevention alerts.
Only alerts triaged as Needs attention will be eligible.
A Microsoft Teams message will be sent to the user who last modified the file.
Users will receive daily reminder messages until remediation is completed or the configured reminder duration is reached.
Administrators will be able to configure the number of reminder days.
Remediation progress will be tracked in the Data Security Posture Management dashboard.
Scope limitations:
Applies only to SharePoint and OneDrive workloads.
Does not apply to Endpoint or Teams-originated alerts.
Alerts marked as Less urgent or not triaged are not included.
[Action Required/Recommendations]
Action may be required if you plan to use this feature.
Enable the Data Security Triage Agent in Data Loss Prevention settings if it is not already enabled.
Review: Enable the agent - Get started with the Microsoft Purview Triage Agent in Data Loss Prevention | Microsoft Learn
Enable the sensitive data remediation capability and configure reminder duration.
Review: Remediation reminder (Preview) - Get started with the Microsoft Purview Triage Agent in Data Loss Prevention | Microsoft Learn
Review your Data Loss Prevention policies and determine which policies will use remediation.
Ensure that your Microsoft Teams environment is configured to support agent messaging.
Review: Configure Microsoft Teams for the Data Security Triage Agent remediation messages | Microsoft Learn
Coordinate with your Teams administrator to deploy and manage the required app.
Review setup and configuration guidance.
Communicate this change to your security and compliance stakeholders.
Learn more:
Configure Microsoft Teams for the Data Security Triage Agent remediation messages | Microsoft Purview | Microsoft Learn
Get started with the Microsoft Purview Triage Agent in Data Loss Prevention | Microsoft Purview | Microsoft Learn
[Compliance considerations]
QuestionAnswer
Does the change alter how existing customer data is processed, stored, or accessed (for example, documents, emails, or chats)?Yes. Sensitive data identified through Data Loss Prevention alerts is processed to trigger remediation workflows, including notifying users and tracking remediation activity.
Does the change introduce or significantly modify AI, machine learning, or agent capabilities that interact with or provide access to customer data?Yes. The Data Security Triage Agent uses AI-assisted automation to triage alerts and orchestrate remediation workflows involving customer data.
Does the change provide a new way of communicating between users, tenants, or subscriptions?Yes. The feature introduces automated Microsoft Teams messages sent to users regarding remediation of sensitive data.
Does the change alter how admins can monitor, report on, or demonstrate compliance activities?Yes. The feature adds remediation tracking and visibility in the Data Security Posture Management dashboard, enhancing compliance monitoring capabilities.
Does the change include an admin control, and can it be controlled through Entra ID group membership?Yes. The feature requires explicit admin opt-in and can be configured by administrators within the Data Security Triage Agent settings.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2026-05-30

updated:
2026-05-30

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Automated User Notifications
Without proper preparation, users may be overwhelmed by automated notifications regarding sensitive data remediation, leading to confusion and potential non-compliance.
   - roles: Microsoft Purview Administrators, End Users
   - references: https://learn.microsoft.com/purview/copilot-in-purview-triage-dlp-agent-get-started#enable-the-agent, https://learn.microsoft.com/purview/copilot-in-purview-triage-dlp-agent-get-started#remediation-reminder-preview " target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/copilot-in-purview-triage-dlp-agent-get-started#remediation-reminder-preview

Compliance Monitoring
The introduction of new tracking features may lead to gaps in compliance monitoring if administrators are not adequately prepared to utilize the new dashboard functionalities.
   - roles: Microsoft Purview Administrators, Compliance Officers
   - references: https://learn.microsoft.com/purview/copilot-in-purview-triage-dlp-agent-get-started#remediation-reminder-preview, https://learn.microsoft.com/purview/copilot-in-purview-triage-dlp-agent-teams-config

Configutation Options**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only