Summary
Table of Contents
- Microsoft Defender for Cloud Apps file policies are being retired, and DLP file policies configured there will no longer be supported or enforced after the retirement date.
- Organizations using these policies should migrate any policies they want to keep into Microsoft Purview to preserve DLP coverage and administration.
- SharePoint and OneDrive file DLP capabilities already exist in Microsoft Purview; non-Microsoft SaaS file DLP is also moving into Purview, including support for Box and Google and more connectors.
- If your tenant does not use Defender for Cloud Apps file DLP policies, no immediate action is required and other policies remain unaffected.
Primary Service: Defender
Admin Impact: High
User Impact: Low
Release Start: 06 Jan 2027
Release End: 06 Jan 2027
Services: Defender, DLP, OneDrive, Purview, SharePoint
Category: Plan for change
Tags: Admin Action, Retirement
History
7/6/2026 Item Added to Message Center
Microsoft Message
What and Why
File policies in Microsoft Defender for Cloud Apps are being retired on January 6th 2027. After this date, data loss prevention (DLP) file policies configured in Defender will no longer be supported or enforced.
Equivalent file policy capabilities for SharePoint and OneDrive previously supported by Microsoft Defender for Cloud Apps are now generally available in Microsoft Purview. No cost options are available for customers without the required Purview licenses. This will enable a unified experience in Purview for securing enterprise data, where there will be continued investment in discovering, classifying, and protecting sensitive data across the organization.
Rollout Schedule
DLP file policies within Microsoft Defender will no longer be supported or enforced after January 6th 2027.
DLP policies to protect files in SharePoint and Onedrive are generally available in Microsoft Purview today. DLP policies to protect files in non-Microsoft SaaS apps will be available in public preview in Purview for Box and Google in the coming weeks. These capabilities, as well as additional connectors for other non-Microsoft SaaS apps will become generally available in the coming weeks. Please see our documentation for more information.
Impact to your organization
- If the organization currently uses DLP file policies in Microsoft Defender for Cloud Apps: Any policies customers wish to maintain must be migrated to Microsoft Purview before the deadline. After January 6th, 2027 any policies that have not been migrated will no longer be enforced or supported. If the customer is not already using Microsoft Purview or do not have the required licenses, they need to reach out to your Microsoft account team.
- If the organization does not use DLP in Microsoft Defender for Cloud Apps: No action is required at this time. Other policies and user experiences will remain unaffected. If customers choose to implement DLP in the future, Microsoft Purview will serve as the unified solution for labeling and DLP policy management.
What you need to do to prepare
For current DLP file policy users – Admins should begin planning migration to ensure continuity:
- Review existing file policies in Defender for Cloud Apps. Visit https://security.microsoft.com/ Navigate to Cloud Apps → Policies → Policy management.
- If admin would like to maintain these policies: Map and recreate them in Microsoft Purview using its DLP policy tools. Please see our Learn documentation for detailed migration steps. Microsoft FastTrack resources are available to help eligible customers with this migration.
- If admin’s current File policies are no longer needed, they may disable them manually. Please see Control cloud apps with policies – Microsoft Defender for Cloud Apps | Microsoft Learn.
For non-DLP file policy users:
- No immediate action is needed.
- If planning to implement DLP, review Microsoft Purview documentation to understand available controls and policy options. Please see Create and deploy a data loss prevention policy | Microsoft Learn.
Compliance considerations
- DLP enforcement for both SharePoint Online and Non-Microsoft SaaS apps will transition from Defender for Cloud Apps to Microsoft Purview, changing the service responsible for data inspection and policy enforcement.
- Administrators will use Microsoft Purview portal for auditing, protecting, and reporting on sensitive data instead of the Defender portal.
- No compliance concerns are identified for non-DLP users, but organizations should review as appropriate.
The no-cost offer is provided to support customers transitioning from Microsoft Defender for Cloud Apps for data loss prevention (DLP) capabilities to Microsoft Purview by enabling access to the Purview E5 Information
Protection & Governance license aligned to the core functionality previously used. While the license may provide access to additional capabilities, this offer is scoped to support those transition use cases and is not intended to expand usage beyond that aligned functionality.
Support
For guidance and assistance, contact your Microsoft account team or Support.