Category
planForChange
Severity
normal
Major change
True
Last modified
2025-10-31 00:09:30
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
—
Action by (AI)
—
Services
Microsoft Purview
Tags
Feature update, User impact, Admin impact
Master tags
Security
Roadmap IDs
One-line summary
Microsoft Purview will enhance audit logging and enforce Entra conditional access for eDiscovery admins; non-compliant admins will be blocked from SharePoint content in Purview.
Similar updates
More like thisMC1115304 (Updated) Introduction of secure workflow to bypass retention/legal holds on OneDrive and SharePoint
What and Why: We're introducing a new capability in Microsoft Purview Data Lifecycle Management that allows admins to bypass existing retention policies and delete content from OneDrive and SharePoint Online before the retention or hold duration expires. ... admin policy authoring flows are introduced, governed by Microsoft Purview role groups .
MC1199765 Microsoft Purview: Role management update
Microsoft Purview: Role management update Microsoft Purview will map certain admin roles to new Microsoft Entra roles to enhance security and synchronize permissions automatically by March 2026. [Introduction] To strengthen security when Microsoft Purview interacts with Microsoft 365 services (Exchange, SharePoint, OneDrive, and Teams), we’re.
MC1183292 Microsoft Purview | Data Lifecycle Management - Introducing secure priority cleanup workflows for OneDrive/SharePoint
Microsoft Purview | Data Lifecycle Management - Introducing secure priority cleanup workflows for OneDrive/SharePoint Admins can now override retention policies to delete OneDrive and SharePoint content early using new Priority Cleanup policies in Microsoft Purview Data Lifecycle Management. ...Microsoft Purview Data Lifecycle Management that.
MC1148532 Microsoft Purview |eDiscovery - Graph APIs for Standard eDiscovery
Microsoft Purview |eDiscovery - Graph APIs for Standard eDiscovery Microsoft Graph APIs for Standard eDiscovery license tenants enable automated case, search, hold, and export management; public preview starts September 2025, GA in November 2025. Introduction We’re introducing Microsoft Graph APIs for tenants with Standard eDiscovery licenses ,.
MC1162273 Microsoft Purview | eDiscovery - Metadata field enhancements in process reporting
Microsoft Purview | eDiscovery - Metadata field enhancements in process reporting Microsoft Purview eDiscovery will enhance item.csv metadata reporting with new fields for improved traceability and automation, starting rollout in October 2025. ...item.csv files generated during Add to Review Set and Export processesLearn more: Learn about.
MC1182689 (Updated) Microsoft Purview | New Copilot Security Controls in Microsoft Admin Center
(Updated) Microsoft Purview | New Copilot Security Controls in Microsoft Admin Center Microsoft Purview adds new DLP and security features in Admin Center to help admins monitor and control Copilot data sharing, with public preview starting mid-November 2025. Updated November 12, 2025: We have updated the content. [Introduction] To help.
Details
Summary
Microsoft Purview will enforce Entra conditional access policies for eDiscovery admins by blocking non-compliant users from accessing SharePoint content and adding a new ‘FilePreviewed’ audit log activity. Rollout begins now and completes by November 2025, enhancing security and compliance monitoring.
Body (from Message Center)
To strengthen Microsoft’s security posture, we’re introducing updates to Microsoft Purview that enhance audit logging and enforce Entra conditional access policies for eDiscovery admins. These changes help ensure that sensitive content is accessed only by users who meet your organization’s security requirements.
[When this will happen:]
General Availability (Worldwide, GCC, GCCH, and DoD): Rollout will begin and is expected to conclude in late November 2025.
[How this affects your organization:]
Who is affected: Admins using Microsoft Purview for eDiscovery and subject to Entra conditional access policies.
What will happen:
- When eDiscovery admins preview a file in the Purview portal, the action will be logged under the FilePreviewed activity in Audit logs.
- eDiscovery and Compliance admins who do not meet Entra conditional access policies (such as MFA or Trusted Network Policy) will be blocked from accessing SharePoint Online content via the Purview portal.
- Access behavior is being altered. Previously, eDiscovery Admins could access SharePoint Online content in Purview regardless of their compliance with Entra Conditional Access policies. With this update, access will be restricted for non-compliant admins, representing a change in enforcement behavior.
- Microsoft recommends compliance with Entra policies to maintain uninterrupted access.
- As a temporary workaround, Global admins may use the exclude Users and groups option to exempt specific eDiscovery admins from conditional access enforcement.
[What you can do to prepare:]
- Ensure all eDiscovery admins comply with your organization’s Entra conditional access policies.
- Review and update your conditional access configurations if exemptions are needed.
Learn more:
- Audit log activities | Microsoft Purview | Microsoft Learn
- How To: Configure the multifactor authentication registration policy | Microsoft Entra ID Protection | Microsoft Entra | Microsoft Learn
[Compliance considerations:]
| Question | Answer |
| Does the change modify, interrupt, or disable Conditional Access policies? | Yes. Admins who do not meet Entra conditional access requirements will be blocked from accessing SharePoint content via the Purview portal. |
| Does the change modify, interrupt, or disable Audit logging capabilities? | Yes. A new audit log activity, ‘FilePreviewed’, will be recorded when eDiscovery Admins preview files in the Purview portal. |
| Does the change modify, interrupt, or disable eDiscovery or Content Search? | Yes. Access to SharePoint content via eDiscovery will be restricted for non-compliant admins. |
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities? | Yes. The addition of the ‘FilePreviewed’ audit log activity enhances visibility into admin actions and supports compliance reporting. |
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": null,
"ai_actions": [
"Ensure eDiscovery admins comply with Entra conditional access policies",
"Review and update conditional access configurations if exemptions are needed"
],
"ai_master_tags": [
"Security"
],
"ai_model": "gpt-4.1",
"ai_summary": "Microsoft Purview will enhance audit logging and enforce Entra conditional access for eDiscovery admins; non-compliant admins will be blocked from SharePoint content in Purview.",
"ai_topics": [
"Purview",
"Entra",
"SharePoint"
],
"category": "planForChange",
"details_map": {
"Summary": "Microsoft Purview will enforce Entra conditional access policies for eDiscovery admins by blocking non-compliant users from accessing SharePoint content and adding a new \u2018FilePreviewed\u2019 audit log activity. Rollout begins now and completes by November 2025, enhancing security and compliance monitoring."
},
"id": "MC1181768",
"importance": 4,
"is_major_change": true,
"last_modified": "2025-10-31T00:09:30Z",
"ms_products": [
"Purview"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"Microsoft Purview"
],
"severity": "normal",
"tags": [
"Feature update",
"User impact",
"Admin impact"
],
"title": "Microsoft Purview: eDiscovery admin content access restrictions when not in compliance with Entra policies"
}
}