Microsoft officially launched adaptive policy scopes for Microsoft Purview Communication Compliance on June 23, 2026, bringing dynamic, attribute-based policy targeting to organizations worldwide. The update, confirmed in Microsoft 365 Roadmap item 98186, moves the feature from public preview to general availability for the worldwide standard multi-tenant cloud. IT administrators and compliance officers can now assign communication compliance policies using Entra ID (formerly Azure AD) user attributes—such as department, location, or custom tags—rather than static user lists. The result is a more agile compliance framework that automatically adapts as personnel and organizational structures change.
This release addresses a long-standing friction point for enterprises managing internal communications oversight at scale. Until now, Communication Compliance policies required administrators to manually specify users or groups. Every team reorganization, new hire, or role change demanded manual updates—a process both time-consuming and prone to gaps. Adaptive scopes eliminate that toil by dynamically evaluating membership based on real-time user properties. The shift mirrors broader Microsoft Purview investments in context-aware compliance, following similar adaptive capabilities already available in data loss prevention (DLP) and retention policies.
What Is Microsoft Purview Communication Compliance?
Communication Compliance is a risk management tool inside the Microsoft Purview compliance portal that helps organizations detect, capture, and act on inappropriate messages across multiple channels. It scans communications in Microsoft Teams, Exchange Online email, Viva Engage, and third-party sources for policy violations such as harassment, sensitive information leaks, or regulatory breaches. Machine learning classifiers and trainable models assist reviewers by prioritizing high-risk content, and integrated workflows support investigation and remediation.
The service has evolved rapidly since its introduction in 2020. Recent additions include optical character recognition (OCR) for images, expanded language support, and integration with insider risk management. Yet, policy scope assignment remained fundamentally static: once you defined a group of users to monitor, that list stayed fixed until an admin intervened. For large organizations with thousands of employees across dozens of business units, maintaining accurate coverage was a Sisyphean task.
The Challenge of Static Policy Scopes
Under the old model, creating a Communication Compliance policy involved selecting specific users or mail-enabled security groups. While groups helped, they were still static snapshots. If a user moved from Sales to Marketing, they would remain in the Sales policy until manually removed. Conversely, a new marketing hire wouldn't be covered unless someone remembered to add them. In audit-driven industries, such gaps could lead to missed violations and compliance failures.
Moreover, sprawling enterprises frequently used multiple policies to segment monitoring—for example, one policy for the finance department, another for customer-facing roles. Each required its own membership enumeration. The result was an administrative burden that discouraged granular oversight. Many teams resorted to overly broad policies that created noise, or they shrank coverage to avoid maintenance, increasing risk.
| Aspect | Static Scopes | Adaptive Scopes |
|---|---|---|
| Definition | Fixed list of users or groups | Query based on user attributes |
| Updates | Manual | Automatic, periodic evaluation |
| Suitability | Stable, well-defined groups | Dynamic, changing organizations |
| Maintenance effort | High | Low |
| Example | "All Marketing dept security group" | "Department = Marketing" |
Enter Adaptive Policy Scopes
Adaptive policy scopes solve these problems by building a live query that defines the user set. Administrators construct a scope using conditions based on Entra ID user attributes. Typical attributes include:
- Department
- Job title
- Location (country, city)
- Manager
- Custom extension attributes
A scope such as “Department equals Finance AND Location equals Germany” will automatically include every user currently matching those conditions. When a user’s department changes to Finance, they are added; when they leave Germany, they fall out. The scope evaluation runs periodically, and any changes are reflected in policy application.
Communication Compliance now supports these adaptive scopes for all policy types—anti-harassment, sensitive information protection, regulatory compliance, and custom policies. This unification means the same dynamic grouping logic can be reused across multiple policies, reducing redundancy and ensuring consistent coverage.
How Adaptive Scopes Work with Communication Compliance
Behind the scenes, the adaptive scope engine queries Microsoft Graph to retrieve user profiles and membership. The scope is then processed by the Compliance service to determine which users to monitor. The evaluation interval is typically less than a few hours, though Microsoft notes that propagation can take up to 24 hours in large tenants.
When an adaptive scope is attached to a policy, the policy’s coverage becomes dynamic. Reviewers in the Communication Compliance portal will see a list of monitored users that updates automatically. Important for compliance managers: historical data and existing alerts are unaffected. A user who leaves the scope will no longer generate new alerts, but past violations remain in the case queue.
Policies can combine an adaptive scope with an exclusion scope—for example, include all “Full-time Employees” adaptive scope but exclude “Executives” adaptive scope. This layered approach gives fine-grained control without manual list juggling.
Setting Up Adaptive Scopes for Communication Compliance
Configuration occurs inside the Microsoft Purview compliance portal. Here’s a condensed walkthrough:
- Navigate to Communication Compliance > Policies.
- Create a new policy or edit an existing one.
- In the Supervised users and groups section, select Adaptive scope.
- If no adaptive scope exists, the wizard prompts you to create one. Provide a name and description.
- Define the attribute conditions. The UI offers a drop‑down with common Entra ID attributes and logical operators (equals, not equals, contains, etc.). You can add multiple conditions with AND/OR logic.
- Optionally, create an exclusion scope.
- Complete the policy configuration—choose locations to monitor, set conditions, and assign reviewers.
After saving, the system begins evaluating the scope. Admins can test the scope before applying to see a preview of matched users—a vital step for avoiding coverage surprises.
Global administrators, compliance administrators, and roles with the necessary Purview permissions can manage scopes. Large-scale deployments will benefit from PowerShell or Microsoft Graph SDK to script scope creation, but the initial GA release focuses on the portal experience.
Administrative Benefits
The move to adaptive scopes slashes operational overhead. Instead of reacting to every organizational change, compliance teams set the rule once and let Microsoft 365 handle the rest. This self‑adjusting model is particularly valuable for:
- Fast‑growing organizations: new hires in monitored roles are automatically included from day one.
- Companies with high internal mobility: employees rotating through divisions remain compliantly monitored without manual re‑assignment.
- Multinational enterprises: a single scope can target all users in a specific regulatory region, dynamically adjusting as the workforce footprint changes.
Moreover, adaptive scopes reduce the risk of “monitoring fatigue.” By keeping the monitored population precisely aligned with real‑world responsibilities, reviewers see more relevant alerts and fewer false positives. This efficiency gain can translate into faster resolution times and better overall compliance outcomes.
Real‑World Use Cases
Consider a bank that must monitor all traders for misuse of material non‑public information. With an adaptive scope based on job title containing “Trader” and department “Global Markets,” the policy automatically covers every individual with those attributes. When a new trader joins from another desk, they’re instantly in scope. If a trader moves to a non‑trading role, they fall out. The compliance team no longer needs to reconcile HR changes with policy membership.
Another scenario: a healthcare provider wants to scan communications from staff handling patient data. An adaptive scope targeting “Department = Clinical Services OR Department = Nursing” plus “Location = EU” ensures that only relevant employees under GDPR jurisdiction are monitored. Temporary staff and contractors can be included via custom attribute tags.
A third example: a global manufacturing firm uses adaptive scopes to monitor all employees in export‑controlled roles. By combining attributes like “Export Compliance = Yes” and “Country NOT USA,” the firm automatically tracks communications that might involve ITAR or EAR data without maintaining dozens of static lists.
Licensing and Prerequisites
Adaptive policy scopes for Communication Compliance require Microsoft 365 E5/G5 compliance licenses, or the relevant add‑on for organizations with lower‑tier plans. Because adaptive scopes rely on Entra ID attributes, a solid identity infrastructure is essential. Attributes used in scopes must be populated accurately—incomplete or stale data can cause coverage gaps.
Microsoft advises that tenants should have a well‑managed user provisioning process. Using HR‑driven provisioning or Microsoft Entra Connect to sync attributes from on‑premises directories ensures that scope evaluation reflects the actual organization. The feature is available globally in the standard multi‑tenant cloud; government clouds (GCC, GCC High, DoD) typically follow later, though no specific dates have been announced.
Performance testing in large tenants (>100,000 users) shows scope evaluation completes within acceptable windows, but administrators should verify timing before deploying critical policies.
Roadmap and What’s Next
The launch of adaptive scopes for Communication Compliance completes the feature cycle outlined in Microsoft 365 Roadmap item 98186, first added in early 2025. The roadmap entry had been watched closely by compliance managers who had tested the preview and provided feedback. Microsoft made several user‑requested improvements before GA, including the ability to preview scope membership and support for nested groups within adaptive scopes.
Looking ahead, Microsoft’s Purview strategy points toward deeper integration of adaptive scopes across all compliance workloads. Already, the same scope engine works in DLP, retention, and now Communication Compliance. Insider risk management is expected to gain adaptive scope support in a future update, allowing truly unified risk policies. Additionally, Microsoft is exploring real‑time scope evaluation to reduce the latency between attribute changes and monitoring adjustments.
What This Means for IT Pros
For IT administrators, the GA of adaptive scopes is a signal to revisit existing Communication Compliance configurations. Static policies won’t break, but they now represent technical debt. Migrating to adaptive scopes can streamline audits and reduce manual work. A phased approach works best: start by identifying high‑turnover units and converting those policies first. Use the scope preview to validate membership before switching over.
Training for compliance reviewers is minimal—the review experience remains unchanged. However, admins should update internal documentation and runbooks to include scope maintenance tasks, such as periodic checks of attribute hygiene.
The move also underscores Microsoft’s broader “compliance by design” approach, where systems adapt to the organization rather than forcing the organization to adapt to static rules. As regulatory pressures mount, tools that maintain accurate coverage with less human intervention become indispensable.
Microsoft Purview Communication Compliance with adaptive policy scopes is available now for all eligible tenants. To get started, navigate to the Microsoft Purview compliance portal and create your first adaptive scope. Detailed guidance is available in the official Microsoft documentation and the Microsoft 365 Roadmap.