Message ID: MC1411431
[What and Why:]
Microsoft Purview is introducing the ability to assign a time limit when adding users or security groups to role groups. Administrators can specify a duration from 1 day to 2 years, enabling temporary administrative access and supporting least-privilege security practices. This enhancement helps organizations improve governance and compliance while reducing the risk of unnecessary long-term privileged access.
[Rollout Schedule:]
- General Availability (Worldwide): Beginning late July 2026; expected to complete by late August 2026
- General Availability (GCC, GCC High, DoD): Beginning late August 2026; expected to complete by late September 2026
[Impact on Your Organization:]
Who is affected:
- Microsoft Purview administrators
- Security and compliance administrators
- Organizations using Purview role groups in Worldwide, GCC, GCC High, and DoD environments
Platforms/Services:
- Microsoft Purview compliance portal
- Microsoft Purview RBAC
What will happen:
- Administrators can assign users or security groups to role groups with a defined expiration period.
- Assignment durations can range from 1 day to 2 years.
- The capability applies to existing and new assignments.
- Existing assignments are not modified automatically.
- No impact to user workflows.
- The feature is available by default after rollout.
- No policy or configuration changes are required.
[Action Required/Recommendations:]
No action is required.
We recommend that you:
- Review privileged access management processes.
- Consider using assignment expiration periods for temporary access scenarios.
- Update internal documentation where appropriate.
- Inform Purview administrators of the new capability.
[Compliance Considerations:]
| Compliance Consideration | Assessment |
|---|---|
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities? | Temporary role group assignment limits may support governance and audit reviews of administrative access, but the announcement does not describe new reporting, monitoring, or compliance reporting capabilities. |
| Does the change include an admin control and can it be controlled through Entra ID group membership? | Admins can configure a time limit (1 day to 2 years) for new or existing role group assignments. The feature applies to both users and security groups assigned to role groups assigned in Microsoft Purview portal. |
Source: Microsoft
Latest Posts
- AWS Security Agent now available in Asia Pacific (Mumbai), Asia Pacific (Singapore), and South America (São Paulo)

- Amazon Managed Service for Prometheus achieves FedRAMP High and DoD IL-4/5 authorization in AWS GovCloud (US)

- MC1307512: Microsoft Teams Adds AI-Powered Meeting Notes with Facilitator to Teams Rooms on Windows

- MC1307888: Microsoft Teams Adds AI‑Powered Notes for In‑Person Meetings in Teams Rooms on Android






