Skip to Content

MC1217153 Information Protection: Email attachment preview in Activity Explorer

By: Author Alex Lim

Posted on

Categories Update

Home » Update » MC1217153 Information Protection: Email attachment preview in Activity Explorer

Summary

  • Activity Explorer in the Microsoft Purview compliance portal will allow admins to preview flagged email attachments without downloading emails.
  • A preview pane for supported file types will enhance investigations into Data Loss Prevention (DLP) and Information Protection events.
  • This feature will be enabled by default, requiring no configuration changes from admins.
  • Existing DLP and Information Protection policies will not be affected by this update.
  • No action is needed to prepare for this change, though optional communication to security and compliance teams is suggested.

Admin Impact: Low
User Impact: Medium
Release Start: 01 Feb 2026
Release End: 01 Feb 2026
Services: M365, Purview
Category: Stay informed
Tags: New Feature, User Adoption, Admin Action

History

1/13/2026 Item Added to Message Center

Microsoft Message

Introduction

We’re enhancing Activity Explorer in the Microsoft Purview compliance portal to provide better visibility into sensitive data detected in Exchange Online. Today, admins can only view email message bodies when investigating Data Loss Prevention (DLP) or Information Protection events. With this update, admins will be able to preview flagged email attachments directly within Activity Explorer—without downloading the email—simplifying investigations and reducing risk exposure.

This message is associated with Microsoft Roadmap ID 543969.

When this will happen

General Availability (Worldwide) rollout will begin in early February 2026 and complete by early February 2026.

How this affects your organization

Who is affected: Admins who use Microsoft Purview Activity Explorer to investigate Data Loss Prevention (DLP) or Information Protection events in Exchange Online.

What will happen:

  • Admins will be able to preview email attachments flagged for sensitive data directly within Activity Explorer:
  • A preview pane will appear for supported file types.
  • Email downloads will no longer be required for most investigations.
  • The feature will be enabled by default; no configuration changes will be required.
  • Existing DLP and Information Protection policies will remain unchanged.

What you can do to prepare

  • No action is required. This update will take effect automatically after rollout.
  • (Optional) Communicate this improvement to your security and compliance teams.
  • (Optional) Update internal investigation workflows or documentation.

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.