Category
stayInformed
Severity
normal
Major change
False
Last modified
2026-07-02 18:45:51
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
—
Action by (AI)
2026-07-31 00:00:00
Services
Microsoft Purview
Tags
Updated message, Feature update, Admin impact
Master tags
Admin, Security, Compliance
Roadmap IDs
One-line summary
Microsoft Purview now allows admins to set assignment expiration (1 day-2 years) for users/groups in role groups, enhancing governance, compliance, and least-privilege security.
Similar updates
More like thisMC1183292 Microsoft Purview | Data Lifecycle Management - Introducing secure priority cleanup workflows for OneDrive/SharePoint
MC1192256 Microsoft Purview | Data Loss Prevention- Admin units support for Microsoft SharePoint Online
MC1197917 Power Platform admin center – Review security role descriptions and definitions
MC1199763 Microsoft Purview | Data Security Investigations – Introducing new purge mitigation action
MC1197128 New permissions report available in SharePoint admin center
MC1189685 Power Platform - Improved security for column-level audit events in Microsoft Purview
Details
Summary
Microsoft Purview will allow admins to set expiration dates (1 day to 2 years) for user or group role assignments, enabling temporary access to enhance security and compliance. This feature rolls out worldwide from late July 2026 and requires no action but supports improved governance.
Body (from Message Center)
Updated July 2, 2026: We have updated the content and timeline. Thank you for your patience.
[What and Why:]
Microsoft Purview is introducing the ability to assign a time limit when adding users or security groups to role groups. Administrators can specify an expiration date from 1 day up to 2 years, enabling temporary administrative access and supporting least-privilege security practices. This enhancement helps organizations improve governance and compliance while reducing the risk of unnecessary long-term privileged access.
[Rollout Schedule:]
- General Availability (Worldwide): Beginning late July 2026; expected to complete by late August 2026
- General Availability (GCC, GCC High, DoD): Beginning late August 2026; expected to complete by late September 2026
[Impact on Your Organization:]
Who is affected:
- Microsoft Purview administrators
- Security and compliance administrators
- Organizations using Purview role groups in Worldwide, GCC, GCC High, and DoD environments
Platforms/Services:
- Microsoft Purview compliance portal
- Microsoft Defender portal
- Microsoft Purview RBAC
What will happen:
- Administrators can assign users or security groups to role groups with a defined expiration period.
- Assignment durations can range from 1 day to 2 years.
- The capability applies to existing and new assignments.
- Existing assignments are not modified automatically.
- No impact to user workflows.
- The feature is available by default after rollout.
- No policy or configuration changes are required.
[Action Required/Recommendations:]
No action is required.
We recommend that you:
- Review privileged access management processes.
- Consider using assignment expiration periods for temporary access scenarios.
- Update internal documentation where appropriate.
- Inform Purview administrators of the new capability.
[Compliance Considerations:]
| Compliance Consideration | Assessment |
|---|---|
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities? | Temporary role group assignment limits may support governance and audit reviews of administrative access, but the announcement does not describe new reporting, monitoring, or compliance reporting capabilities. |
| Does the change include an admin control and can it be controlled through Entra ID group membership? | Admins can configure a time limit (1 day to 2 years) for new or existing role group assignments. The feature applies to both users and security groups assigned to role groups assigned in Microsoft Purview portal. |
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": "2026-07-31T00:00:00Z",
"ai_actions": [
"Review privileged access management processes",
"Consider using assignment expiration periods for temporary access",
"Update internal documentation",
"Inform Purview administrators of new capability"
],
"ai_master_tags": [
"Admin",
"Security",
"Compliance"
],
"ai_model": "gpt-4.1",
"ai_summary": "Microsoft Purview now allows admins to set assignment expiration (1 day-2 years) for users/groups in role groups, enhancing governance, compliance, and least-privilege security.",
"ai_topics": [
"Purview",
"Defender"
],
"category": "stayInformed",
"details_map": {
"Summary": "Microsoft Purview will allow admins to set expiration dates (1 day to 2 years) for user or group role assignments, enabling temporary access to enhance security and compliance. This feature rolls out worldwide from late July 2026 and requires no action but supports improved governance."
},
"id": "MC1411431",
"importance": 3,
"is_major_change": false,
"last_modified": "2026-07-02T18:45:51Z",
"ms_products": [
"Purview"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"Microsoft Purview"
],
"severity": "normal",
"tags": [
"Updated message",
"Feature update",
"Admin impact"
],
"title": "(Updated) Microsoft Purview compliance portal: Admin assignment time limit"
}
}