Microsoft Purview: The March 11 DLP Policy Failure

At approximately 00:50 UTC on March 11, 2026, Microsoft reported intermittent failures in **Purview Data Loss Prevention (DLP)** policies specifically affecting tenants in the **Australia Southeast** and **Australia East** regions. This incident, occurring during a major service update, has critical implications for organizations relying on Purview to prevent unauthorized data exfiltration by both human users and AI agents.

Technical Root Cause: Policy Sync Drift

Preliminary analysis suggests the failure was triggered by a Schema Mismatch in the distributed policy synchronization engine. As Microsoft rolled out updates to support the new **Agentic Governance** features in the Frontier Suite (M365 E7), the edge nodes in Australia failed to correctly parse existing regex-based DLP rules.

This led to a "Fail-Open" state where sensitive documents containing PII (Personally Identifiable Information) or proprietary code snippets bypassed the classification engine, allowing them to be shared via Teams and external email connectors.

Impact on AI Agent Governance

The failure is particularly concerning given today's launch of **Agent 365**. Organizations that had already enabled agentic write-access discovered that their "Agentic Guardrails"—which depend on Purview DLP—were non-functional for nearly 45 minutes. This highlights the danger of Monolithic Security Dependencies in the agentic era.

Recovery & Remediation

Microsoft successfully rolled back the service update for the affected regions by 01:35 UTC. However, security teams are advised to perform a Retrospective Audit of all data transfers initiated during the failure window. Microsoft has committed to providing a full Post-Incident Report (PIR) within 48 hours, detailing the improvements to their fail-safe mechanisms.