| Message Content |
[What and Why]
Microsoft Purview Data Security Triage Agent in Data Loss Prevention (DLP) will include a sensitive data remediation capability to help organizations identify and remediate sensitive information across SharePoint and OneDrive at scale. This capability will automate user engagement by sending remediation requests directly to the last modifier of affected files through Microsoft Teams. By enabling a closed-loop remediation process, organizations will be able to reduce compliance risk, improve remediation rates, and gain better visibility into remediation progress.
[Rollout Schedule]
- Public Preview: Rollout will begin in late June 2026 and is expected to complete by late July 2026.
[Impact on Your Organization]
Who is affected
- Microsoft Purview administrators managing Data Loss Prevention
- Users who modify files containing sensitive data in SharePoint or OneDrive
Platforms/Services
- Microsoft Purview (Data Loss Prevention, Data Security Triage Agent)
- Microsoft Teams
- SharePoint Online
- OneDrive for Business
What will happen
- This capability will be off by default and will require admin opt-in in Data Security Triage Agent settings.
- After the capability is enabled:
- The agent will detect files associated with Data Loss Prevention alerts.
- Only alerts triaged as Needs attention will be eligible.
- A Microsoft Teams message will be sent to the user who last modified the file.
- Users will receive daily reminder messages until remediation is completed or the configured reminder duration is reached.
- Administrators will be able to configure the number of reminder days.
- Remediation progress will be tracked in the Data Security Posture Management dashboard.
- Scope limitations:
- Applies only to SharePoint and OneDrive workloads.
- Does not apply to Endpoint or Teams-originated alerts.
- Alerts marked as Less urgent or not triaged are not included.
[Action Required/Recommendations]
Action may be required if you plan to use this feature.
- Enable the Data Security Triage Agent in Data Loss Prevention settings if it is not already enabled.
- Enable the sensitive data remediation capability and configure reminder duration.
- Review your Data Loss Prevention policies and determine which policies will use remediation.
- Ensure that your Microsoft Teams environment is configured to support agent messaging.
- Coordinate with your Teams administrator to deploy and manage the required app.
- Review setup and configuration guidance.
- Communicate this change to your security and compliance stakeholders.
Learn more:
[Compliance considerations]
| Question |
Answer |
| Does the change alter how existing customer data is processed, stored, or accessed (for example, documents, emails, or chats)? |
Yes. Sensitive data identified through Data Loss Prevention alerts is processed to trigger remediation workflows, including notifying users and tracking remediation activity. |
| Does the change introduce or significantly modify AI, machine learning, or agent capabilities that interact with or provide access to customer data? |
Yes. The Data Security Triage Agent uses AI-assisted automation to triage alerts and orchestrate remediation workflows involving customer data. |
| Does the change provide a new way of communicating between users, tenants, or subscriptions? |
Yes. The feature introduces automated Microsoft Teams messages sent to users regarding remediation of sensitive data. |
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities? |
Yes. The feature adds remediation tracking and visibility in the Data Security Posture Management dashboard, enhancing compliance monitoring capabilities. |
| Does the change include an admin control, and can it be controlled through Entra ID group membership? |
Yes. The feature requires explicit admin opt-in and can be configured by administrators within the Data Security Triage Agent settings. |
|