Microsoft will ship a long-awaited compliance capability in its Purview suite in October 2026: a feature that automatically preserves emails, files, and documents deleted by users flagged as high-risk by Insider Risk Management. The milestone was published on the Microsoft 365 Roadmap on April 16, 2025, and gives compliance teams a critical new tool to prevent evidence destruction during investigations or after a user’s risk score spikes.

Known as Adaptive Preservation, the feature plugs into Data Lifecycle Management (DLM) inside Microsoft Purview. When an employee’s insider risk level crosses a threshold—say, after a series of suspicious downloads or an HR trigger—the system will immediately start retaining any content that user deletes from Exchange Online mailboxes, SharePoint Online sites, and OneDrive for Business. Microsoft has not yet published the full technical details, but the roadmap entry signals that a 120-day preservation period will be the default, effectively buying organizations a four-month window to review or export what a high-risk user tried to erase.

What Adaptive Preservation Actually Does

Today, Purview Data Lifecycle Management already helps organizations retain or delete content according to policy. What’s new is the tie into adaptive insider risk profiles. Until now, preservation was typically applied statically—to all users in a department, to content containing certain keywords, or to items during litigation holds. Adaptive Preservation makes the policy dynamic and person-centric.

When the feature goes live, a compliance administrator will configure an Insider Risk Management policy that detects high-risk users—those whose activity patterns, such as mass file deletions, unusual printing, or resignation indicators, push them above a defined severity level. That policy will then be linked to a retention label or a preservation rule inside DLM. The moment a user is classified as high-risk, the preservation rule activates automatically. If that user then soft-deletes a message from Outlook or sends a file to the OneDrive recycle bin, Purview intercepts the deletion and moves the content to a hidden, retained area where only authorized compliance investigators can access it.

Importantly, the user sees no warning. From their perspective, the delete action appears to succeed. The content vanishes from their inbox, site, or recycle bin. Behind the scenes, however, Purview is holding a copy. The experience is designed to be invisible, precisely because high-risk users should not be tipped off.

The preservation applies to:
- Exchange Online emails, calendar items, and tasks
- SharePoint Online documents, lists, and pages
- OneDrive for Business files

Microsoft’s roadmap entry does not specify whether Teams chats or Planner tasks will be covered at launch, though Purview’s broader roadmap suggests that adaptive protection will gradually roll across more workloads.

What It Means for Compliance Teams and IT Admins

For compliance officers, this is more than a feature checkbox. Adaptive Preservation closes a gap that has frustrated investigators for years: the period between a suspicious event and the moment a legal hold is manually applied. In that window—sometimes hours, sometimes days—a disgruntled employee or data thief can delete crucial evidence. With Adaptive Preservation, the moment Insider Risk Management elevates a user’s risk score, deleted content gets locked down immediately.

That means compliance teams need to think about two things right now:
- Their insider risk indicator thresholds: If thresholds are set too high, preservation may start too late. If set too low, the volume of preserved data could become overwhelming.
- The downstream impact on eDiscovery: Preserved deleted content will appear in eDiscovery searches if an administrator includes the preservation location. That could complicate legal holds and data culling, so teams should refine their eDiscovery workflows before 2026.

For IT admins who manage infrastructure, the feature introduces a small storage consideration. Data preserved by Adaptive Preservation counts against Exchange Online and SharePoint storage quotas. If a high-risk user deletes a large volume of content, the hidden retention could push a mailbox or site into quota warnings. Microsoft has not yet clarified whether preserved data will be metered separately or how long it will be held beyond the initial 120 days if an investigation continues.

Regular end users will likely only interact with this feature indirectly—if they ever become flagged as high-risk. And because the experience is invisible, they won’t know their deletions are being retained. The feature will not be exposed in Outlook or OneDrive client apps.

How We Got Here: The Compliance Timeline

Adaptive Preservation is the logical next step in Microsoft’s multi-year push to integrate security, compliance, and AI-driven risk management. The pieces have been falling into place for a while.

In 2023, Microsoft rebranded its compliance center into Purview and deepened the tie between Insider Risk Management and DLP. Adaptive Protection for Insider Risk Management reached general availability in early 2024, allowing organizations to dynamically adjust data loss prevention policies based on real-time risk levels. That same year, adaptive protection expanded to Conditional Access, so a high-risk user could be blocked from accessing SharePoint or Teams entirely. But a missing piece remained: what happens to content the user tries to delete before a hold is placed?

In mid-2024, Microsoft previewed “Adaptive Retention” in private preview, which is the technical foundation for what is now called Adaptive Preservation. Roadmap Item ID 394280 appeared in late 2024 with a private preview date, then shifted to general availability for October 2026 on the April 2025 update. The 18-month runway is longer than typical for Purview features, likely reflecting the complexity of scaling the feature across all Office 365 workloads without performance degradation.

The 2026 timeline also aligns with Microsoft’s broader compliance announcements at its annual security summits and events like Microsoft Build and Ignite. By then, organizations will have had several cycles to train their compliance teams on AI-driven risk scoring and adaptive policy tuning. Adaptive Preservation arrives when many large enterprises are beginning to demand more automated, behavior-driven compliance tools rather than static rule sets that require constant manual intervention.

What to Do Now

October 2026 feels distant, but the ramp requires preparation. Here are actionable steps for home users (who won’t be affected), power users managing their own labs, and enterprise IT pros.

For Enterprise Compliance Administrators

  • Audit your Insider Risk Management thresholds. If you haven’t tuned them in the last six months, do it now. Adaptive Preservation will fire the moment a user is classified as high-risk, so garbage-in, garbage-out applies. Use attack simulation in Insider Risk Management to validate thresholds.
  • Begin mapping out eDiscovery workflows. Meet with legal and eDiscovery managers to educate them on how automatically preserved deletions will appear in search results. Plan for training so forensic analysts aren’t surprised by a flood of “deleted but retained” items.
  • Review storage quotas. In large tenant trials, identified high-risk users can generate substantial retained data. Work with your Microsoft account team to understand whether any overage protections or dedicated storage pools will be offered.
  • Watch for public preview. Microsoft often launches a public preview six to nine months before GA. If that pattern holds, a preview could appear in early 2026. Plan to test Adaptive Preservation in a non-production tenant using synthetic data and simulated high-risk user actions.

For IT Architects and M365 Administrators

  • Update your compliance architecture diagrams. Adaptive Preservation effectively creates a new data location that eDiscovery and audits must account for. Include it in your data lifecycle schemas so new projects don’t overlook it.
  • Coordinate with the security team. If Conditional Access policies already block high-risk users from accessing services, ensure that Adaptive Preservation doesn’t create a conflict. For example, if a user is blocked from SharePoint but Purview still attempts to preserve deletions, test the behavior in a pilot.
  • Consider impact on third-party backup tools. Some backup solutions capture deletions from the recycle bin. If adaptive preservation hides deletions from the standard recycle bin flow, verify with your vendor that backups will still capture what you need.

For Power Users and Small Business Owners

If you’re running a Microsoft 365 Business Premium subscription, Insider Risk Management is not fully available without E5 licensing or the Insider Risk Management add-on. This feature will primarily serve mid-size and enterprise customers on E5 or Microsoft 365 E5 Compliance. Small shops can ignore it unless they scale up.

Home users on Microsoft 365 Personal or Family won’t see this feature at all; it’s an enterprise compliance tool.

What Comes Next

Adaptive Preservation won’t be the last word on automated compliance. Microsoft’s internal engineering, described at recent events, points toward a future where Purview can adjust preservation durations dynamically based on the severity of the risk and the user’s role. A C-suite executive exfiltrating data might trigger an indefinite hold; a temporary contractor might get a 30-day window. The platform’s ability to integrate with Microsoft Entra ID and Sentinel also opens the door for non-insider risks—such as a user account that gets compromised by an external attacker—triggering preservation automatically.

For now, the roadmap entry gives organizations a firm date to aim for. The next milestone to watch: a detailed tech community blog post or an Ignite 2025 session where Microsoft typically reveals the fine print. Between now and October 2026, expect the feature’s admin controls to surface in the Purview compliance portal, likely under the Data Lifecycle Management section with a new “Adaptive” tab.

The clock is ticking. High-risk users may be deleting evidence today, unaware that in 18 months, those deletions will stick—to a retention wall.