Microsoft is updating Purview Content Explorer with new summary metrics that promise to eliminate a longstanding blind spot for compliance administrators: the number of files that haven’t been scanned for sensitive data. The change, part of the data governance platform’s 2026 roadmap, will also introduce a classification history view, letting teams track how labels and sensitive information types change over time.
A long-missing visibility gap closes
For years, Content Explorer has shown administrators which sensitive information types and classification labels exist across their Microsoft 365 data estate—but only for files that had been successfully scanned. It never answered a deceptively simple question: “How many files are we missing?”
Two new summary tiles will change that. The first, “Unscanned files,” displays a count of documents, emails, and other items that have not yet been processed by Purview’s classification engine. The second, “Classification history,” surfaces a timeline view of how classifications have evolved, revealing when labels were applied, changed, or removed. Both metrics appear directly in the Content Explorer dashboard, rolling up across SharePoint, OneDrive, Exchange, and other connected data sources.
The unscanned count is more than a curiosity. Large organizations routinely discover that significant portions of their data repositories lag in classification—sometimes because of throttling, configuration gaps, or simply the sheer volume of content. Until now, admins had to infer coverage gaps by comparing total item counts from usage reports with what Content Explorer displayed. The new metric makes the gap explicit, categorizing unscanned items so teams can decide which data sources to prioritize for scanning.
The classification history metric addresses a different, equally critical problem: auditability. Regulators and internal auditors often ask not just what data is classified, but whether that classification changed and when. Previously, administrators could only see the current state of a file’s labels—not whether a document was once tagged “Confidential” and later downgraded to “General.” With history tracking, Purview records each change event, including timestamp and the identity of the user or policy that triggered it. That audit trail can be essential for demonstrating compliance with regulations like GDPR or HIPAA, where misclassification carries steep fines.
Microsoft has not publicly released exact version numbers or a specific rollout date, but the update is tied to the broader Purview 2026 wave. Early-access tenants in the Insider program may see the features first. When the metrics go live, they will be available to all organizations with an active Microsoft 365 E5 compliance subscription or the equivalent Purview add-on. No additional licensing is required for the base metrics, though advanced analytics that depend on classification history may remain gated behind higher-tier plans.
What the changes mean for different audiences
Compliance and data governance teams
For the people accountable for regulatory compliance, the two metrics solve two distinct pain points. The unscanned files count lets them quantify classification coverage for the first time. In heavily regulated industries like finance or healthcare, where an unscanned file could conceal payment card numbers or protected health information, real-time visibility into the scanning backlog is a must. Teams can now build dashboards that alert them when unscanned counts exceed a threshold, and tie those alerts to remediation workflows in Purview Data Loss Prevention or Microsoft Defender.
The classification history metric, meanwhile, turns audits from a fire drill into a reportable KPI. Instead of reacting to an auditor’s request with manual forensics, compliance officers can produce a timeline of every classification change on a sensitive document. This makes it easier to prove that an organization has maintained appropriate data handling practices over time.
Both features also reduce the temptation to blanket-label entire repositories “Confidential” as a conservative measure—a practice that undermines data discoverability and increases storage costs. With better visibility, teams can apply more granular, risk-based labeling.
IT and security operations
IT administrators responsible for the health of the scanning infrastructure will benefit directly from the unscanned files metric. It surfaces root causes such as throttling limits on SharePoint uploading, misconfigured crawler settings, or authentication failures for on-premises data sources connected via the Purview Information Protection scanner. Instead of combing through logs, an admin can see at a glance that 12% of files in a specific SharePoint site library remain unscanned, drill down, and adjust the scan settings or allocate more processing capacity.
Security operations centers (SOCs) can also use classification history to detect anomalies. A sudden wave of files being downgraded from “Highly Confidential” to “Public” could indicate a misbehaving script, a compromised service principal, or an insider threat. The history feed provides the data points necessary to trigger investigation playbooks.
End users and business stakeholders
Most knowledge workers won’t interact with these metrics directly, but they’ll feel the downstream effects. More complete scanning means that data loss prevention policies will catch sensitive files that previously slipped through. Users who rely on automatic labeling will see more consistent classification, and those who manually apply labels will have a clearer understanding of the organization’s data hygiene because the improved metrics often lead to better policy tuning. In organizations that expose classification history to content owners—a configuration option Purview allows—employees will be able to check whether a label change was policy-driven or accidental, reducing confusion and support tickets.
The road to smarter data classification visibility
Microsoft Purview Content Explorer launched in 2019 as a simple heat map of sensitive information types across the Microsoft 365 tenant. Its initial value was straightforward: show admins where credit card numbers, social security numbers, or other predefined patterns live. Over time, it gained support for custom sensitive information types, trainable classifiers, and exact data match capabilities. Each update made the tool better at telling you what had been found, but not what had been missed or how classifications were evolving.
The push to add unscanned files and classification history metrics appears to trace back to feedback from heavily regulated customers who felt the tool was only telling half the story. Microsoft’s own compliance specialists have long recommended that organizations aim for a classification coverage rate above 95%, but without a numerator and denominator, that goal was hard to measure. The new metrics close that gap. The classification history feature aligns with broader industry trends toward continuous compliance monitoring, where point-in-time checks are replaced by ongoing attestation.
This update lands in a competitive landscape. Platforms like Varonis, BigID, and Netwrix have offered similar “dark data” visibility for years, often across multi-cloud environments. Microsoft’s advantage is its deep integration with the native Microsoft 365 stack—no agents, no separate connectors—and the ability to feed these metrics into the broader Purview compliance dashboard, which also covers insider risk, communication compliance, and eDiscovery.
How to prepare for the update
While the features will appear automatically once rolled out, proactive administrators can take several steps to hit the ground running:
- Review current classification coverage manually. Before the unscanned metric arrives, use existing tools like the Content Explorer export feature or PowerShell to estimate how many items are unlabeled. The
Get-FilePlanPropertyAuthorityandGet-ContentExplorerDatacmdlets can provide ballpark figures. Compare those against storage totals from the SharePoint admin center or Exchange admin center to gauge the magnitude of the gap. - Optimize your scanning infrastructure. If you use the on-premises scanner, ensure it’s on the latest version and that its service account has proper permissions. In the cloud, check that Azure Information Protection (AIP) analytics are logging correctly and that no data sources are excluded unintentionally. The new metric will rely on the same underlying telemetry, so gaps today will be gaps tomorrow.
- Educate your compliance team on the history metric. Classification history events will be queryable via the Purview audit log. Review audit log retention settings and consider enabling extended retention if you have regulatory requirements. Also, map out internal processes for responding to classification change alerts.
- Configure alerts and automation. Once the metrics are live, create alert policies in the Microsoft 365 Defender portal that trigger on high unscanned file counts or on classification history events matching risky patterns. Use Power Automate to post these alerts to a Teams channel or ticketing system for rapid triage.
No mandatory action is required before the update, but teams that prepare will be better positioned to move from reactive scanning to a proactive data hygiene posture the moment the dashboard tiles appear.
What to watch next
Microsoft hasn’t indicated whether the unscanned files metric will eventually support automated remediation—such as triggering rescan of flagged items—but industry observers expect that to follow. The classification history feed could also become a building block for AI-driven risk scoring, where Purview’s machine learning models assign trust levels to content based on how often its classification changes. For now, the immediate win is clarity: admins will finally know how much of their data estate remains in the dark, and they’ll have the audit trail to prove they’re doing something about it.