MC1338823 – Microsoft Purview | Data Loss Prevention – Block external domain or user access for SharePoint and OneDrive

Product:

OneDrive, Purview, Purview Communication Compliance, Purview Data Loss Prevention, SharePoint

Platform:

Online, Web, World tenant

Status:

In development

Change type:

New feature, Admin impact

Links:

557191

Details:

Summary:
Microsoft Purview DLP will enable blocking external SharePoint and OneDrive access by domain or email, enhancing control over sensitive data sharing. Rolling out from May to July 2026, admins can configure block and allow lists in DLP policies to prevent unauthorized external file access.

Details:
[What and Why:]
Microsoft Purview Data Loss Prevention (DLP) is adding the ability to block access to sensitive SharePoint Online and OneDrive for Business files based on an external user's domain or specific email address (SMTP). This enhancement provides more granular, enterprise-ready control over external access and helps reduce the risk of unintended data exposure when collaborating outside your organization.
This message is associated with Microsoft 365 Roadmap ID 557191.
[Rollout Schedule:]
Public Preview: We will begin rolling out in late May 2026 and expect to complete by early June 2026.
General Availability (Worldwide): We will begin rolling out in early July 2026 and expect to complete by mid-July 2026.
[Impact on Your Organization:]
Who is affected: Microsoft 365 administrators who manage Microsoft Purview DLP policies and external users accessing SharePoint Online or OneDrive for Business content protected by DLP.
Platforms/Services:
Microsoft Purview
SharePoint Online
OneDrive for Business
What will happen:
Admins can configure DLP rules to block access for specific external domains or individual external email addresses.
External users who are blocked will:
See an access denied message
Be unable to open or download the file
Admins can optionally configure allow lists for trusted external domains or users.
If a domain or user appears in both allow and block lists, block takes precedence.
This capability is not enabled by default; it applies only when configured in a DLP policy.
Configuration steps:
Go to the Microsoft Purview portal.
Navigate to Data Loss Prevention -> Policies.
Create a new policy or edit an existing policy.
Ensure the policy scope includes SharePoint Online, OneDrive for Business, or both.
In the policy rule, after configuring conditions, go to the Actions section.
Select Restrict access or encrypt content.
Choose Block access to specific domains or users.
Configure one or more of the following:
Domains to block (Is), for example partner.com
Specific external users (Is), for example user@partner.com
Optionally configure allow lists using Is NOT for domains or users.
Save the rule.
[Action Required / Recommendations:]
Review existing DLP policies to identify scenarios where external access requires more granular control.
Identify sensitive or regulated data shared with external users that may need domain- or user-based restrictions.
Plan communications for internal users, helpdesk staff, and external partners who may experience new access restrictions.
Update internal documentation related to DLP and external sharing as appropriate.
Learn more: Data Loss Prevention policy reference | Microsoft Learn
[Compliance considerations:]
AreaExplanation
Processing and access to existing customer dataDLP enforcement can block external users from opening or downloading existing SharePoint Online and OneDrive for Business files based on domain or email address.
Data Loss Prevention (DLP) policies or enforcementThis change introduces new rule actions and conditions within Microsoft Purview DLP for controlling external access.
Admin controlsThe feature is fully controlled by admins through Microsoft Purview DLP policies.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2026-06-04

updated:
2026-06-04

Public Preview Start Date

XXXXXXX ... free basic plan only

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only