💡 Our Technical Review in summary
Summary
- Microsoft Purview Data Security Posture Management (DSPM) is introducing item-level investigation and remediation for SharePoint data risk assessments.
- This update (Roadmap ID 523202) allows administrators to move beyond broad assessments to identify specific files that are overshared or improperly secured.
- The feature provides granular insights, including the status of sensitivity labels and specific sharing link details for individual items.
- Rollout is expected to be completed by mid-March 2026.
Impact
- Granular Visibility: Admins can now access a “Potentially overshared items” tab within custom assessments to pinpoint specific data risks.
- Direct Remediation: From within the Purview console, admins can now take action on individual items, such as removing sharing links, applying sensitivity labels, or notifying file owners.
- Operational Change: This feature is not enabled by default. It requires manual configuration of an Entra application (service principal) to facilitate item-level scanning and remediation actions.
- Enhanced Compliance: Provides better audit and monitoring capabilities by allowing for precise modification of Information Protection labels at the item level.
Action Required
- Configure Entra ID: Coordinate with your Entra administrator to set up a service principal (Entra application) to authorize Purview to perform item-level scanning and remediation.
- Review Permissions: Ensure that the service principal has the necessary API permissions to modify SharePoint item properties and sensitivity labels.
- Update Procedures: Revise internal security and compliance workflows to include the new item-level remediation steps for SharePoint oversharing risks.
- Verify Prerequisites: Review the official Microsoft documentation for “Prerequisites for Microsoft 365 item-level scanning” to ensure your environment meets all technical requirements before the rollout completes.
Microsoft Official Update
Service: N/A
Category: stayInformed
Severity: normal
[Introduction]
Purview DSPM’s Data Risk Assessments now support item-level investigation and remediation for SharePoint data, helping organizations more precisely identify and reduce oversharing risk. New item-level insights such as sensitivity label status and sharing link details make it easier to pinpoint overshared content. Admins can take direct remediation actions on selected items, including resolving findings, notifying owners, applying sensitivity labels, or removing sharing links. These enhancements help organizations proactively reduce data exposure, strengthen compliance posture, and ensure sensitive data is accessible only to the right people.
This message is associated with Microsoft 365 Roadmap ID 523202.
[When this will happen:]
- General Availability (Worldwide): We began rolling out early March 2026 and expect to complete by mid-March 2026.
[How this affects your organization:]
Who is affected:
- Microsoft 365 administrators using Microsoft Purview DSPM Data Risk Assessments
- Organizations that create custom assessments for SharePoint data
What will happen:
- Admins can scan SharePoint data at the item level to detect potential oversharing risks.
- Custom assessment results include a new Potentially overshared items tab.
- Admins can remediate individual items by resolving findings, notifying owners, applying sensitivity labels, or removing sharing links.
- The feature requires admin setup and is not enabled by default.
[What you can do to prepare:]
- Work with your Entra administrator to configure an Entra application (service principal) to enable item-level scanning.
- The setup process enables key item-level remediation actions like assigning sensitivity labels or removing sharing links from overshared items.
- Review and complete prerequisites required for item-level remediation actions.
- Update internal documentation for Purview administrators.
- Notify security and compliance stakeholders of the new capabilities.
[Compliance considerations]
| Compliance area | Impact and explanation |
| Modification of Information Protection labels or enforcement | Admins can apply sensitivity labels directly to individual SharePoint items as part of remediation. |
| Audit, monitoring, or compliance reporting capabilities | Admins gain new item-level visibility and remediation workflows within Purview DSPM Data Risk Assessments. |
| Admin controls | Item-level scanning and remediation require configuration of an Entra application (service principal) and explicit admin setup. |
