Summary
Table of Contents
- Microsoft Purview is retiring the **Instances** policy location for DLP and auto-labeling policies.
- Organizations using Instances for non-Microsoft apps such as Google Workspace, Box, Dropbox, Salesforce, ServiceNow, AWS, or Cisco Webex must migrate to the new dedicated application locations.
- Existing policies based on Instances should be reviewed and recreated in Microsoft Purview using the corresponding dedicated app location before the retirement cutoff.
- Policies that are not migrated may stop being enforced or supported, affecting compliance and data protection coverage.
Primary Service: Purview
Admin Impact: High
User Impact: Low
Release Start: 06 Jan 2027
Release End: 06 Jan 2027
Services: Defender, Purview, Security
Category: Plan for change
Tags: Admin Action, Retirement, User Adoption
History
7/15/2026 Item Added to Message Center
Microsoft Message
What and Why
Microsoft is retiring the Instances policy location in Microsoft Purview Data Loss Prevention (DLP) on January 6, 2027. Policies created using the Instances location currently rely on Microsoft Defender for Cloud Apps file policy infrastructure for enforcement. To provide a unified, enterprise-ready compliance experience, Microsoft is introducing dedicated policy locations within Microsoft Purview for supported non-Microsoft applications including Google Workspace, Box, Dropbox, Salesforce, ServiceNow, AWS, and Cisco Webex.
Migration guidance: Migrate file policies to Microsoft Purview | Microsoft Learn
Rollout Schedule
- Dedicated application locations introduced prior to retirement.
- Retirement rollout begins in early January 2027 and completes by mid-January 2027.
- Instances location retirement date is January 6, 2027.
Impact on Your Organization
Who is affected:
- Microsoft Purview administrators.
- Organizations currently using the Instances location.
- Organizations protecting data in Google Workspace, Box, Dropbox, Salesforce, ServiceNow, AWS, or Cisco Webex.
Platforms/Services:
- Microsoft Purview Data Loss Prevention
- Microsoft Purview Information Protection
- Microsoft Defender for Cloud Apps
- Google Workspace
- Box
- Dropbox
- Salesforce
- ServiceNow
- AWS
- Cisco Webex
What will happen:
- The Instances policy location will remain available until January 6, 2027.
- After this date:
- New policies can no longer be created using the Instances location.
- Existing policies configured using the Instances location will no longer be supported.
- Dedicated non-Microsoft app locations for supported applications are being introduced in Microsoft Purview over the coming weeks.
- Customers should use the dedicated non-Microsoft app locations in Microsoft Purview for future DLP and auto-labeling policies.
- If your organization currently uses the Instances location, policies created using the Instances location should be reviewed and, if still required, recreated using the corresponding dedicated application location in Microsoft Purview before January 6, 2027.
Examples include:
| Current location | Future location |
|---|---|
| Instances (Box) | Box |
| Instances (Google Workspace) | Google Workspace |
| Instances (Dropbox) | Dropbox |
| Instances (Salesforce) | Salesforce |
| Instances (ServiceNow) | ServiceNow |
| Instances (AWS) | AWS |
| Instances (Cisco Webex) | Cisco Webex |
- After January 6, 2027, policies that continue to rely on the retired Instances location may no longer be enforced or supported.
- If your organization does not use the Instances location:
- No action is required.
- You can continue creating DLP and auto-labeling policies using supported Microsoft Purview locations and future dedicated non-Microsoft app locations as they become available.
Action Required/Recommendations
- Review existing DLP policies that use the Instances location.
- Review existing auto-labeling policies that use the Instances location.
- Identify affected non-Microsoft applications.
- Recreate policies using dedicated application locations.
- Validate policy behavior before retiring legacy policies.
- Complete migration before January 6, 2027.
- Update internal documentation and operational procedures.
- Communicate this change to compliance and support teams.
Learn more:
- Migrate file policies to Microsoft Purview | Microsoft Learn
- Learn about data loss prevention | Microsoft Learn
- Learn about auto-labeling policies | Microsoft Learn
Compliance Considerations
Compliance Consideration: Existing customer data processing changes
Explanation: Data protection enforcement transitions from Defender for Cloud Apps file policy infrastructure to Microsoft Purview dedicated policy locations.
Compliance Consideration: DLP policies or enforcement affected
Explanation: The Instances policy location is retired and existing policies must be recreated using dedicated application locations.
Compliance Consideration: Information Protection labels or auto-labeling affected
Explanation: Existing auto-labeling policies should be recreated using dedicated application locations.
Compliance Consideration: Compliance monitoring and reporting changes
Explanation: Administrators will manage policies through dedicated application locations in Microsoft Purview.
Compliance Consideration: Third-party integrations added or changed
Explanation: Dedicated policy locations are introduced for Google Workspace, Box, Dropbox, Salesforce, ServiceNow, AWS, and Cisco Webex.
Compliance Consideration: Administrative controls
Explanation: Administrators manage DLP and auto-labeling policy creation, scope, testing, and enforcement through Microsoft Purview.