[Introduction]
We’re enhancing Activity Explorer in the Microsoft Purview compliance portal to provide better visibility into sensitive data detected in Exchange Online. Today, admins can only view email message bodies when investigating Data Loss Prevention (DLP) or Information Protection events. With this update, admins will be able to preview flagged email attachments directly within Activity Explorer—without downloading the email—simplifying investigations and reducing risk exposure.
This message is associated with Microsoft Roadmap ID 543969.
[When this will happen]
General Availability (Worldwide) rollout will begin in early February 2026 and complete by early February 2026.
[How this affects your organization]
Who is affected: Admins who use Microsoft Purview Activity Explorer to investigate Data Loss Prevention (DLP) or Information Protection events in Exchange Online.
What will happen:
- Admins will be able to preview email attachments flagged for sensitive data directly within Activity Explorer:
- A preview pane will appear for supported file types.
- Email downloads will no longer be required for most investigations.
- The feature will be enabled by default; no configuration changes will be required.
- Existing DLP and Information Protection policies will remain unchanged.
[What you can do to prepare]
- No action is required. This update will take effect automatically after rollout.
- (Optional) Communicate this improvement to your security and compliance teams.
- (Optional) Update internal investigation workflows or documentation.
[Compliance considerations]
No compliance considerations identified. Review as appropriate for your organization.