💡 Our Technical Review in summary
Summary
- Microsoft is introducing Purview Data Security Investigations (DSI), a new AI-powered forensics and incident response solution within the Microsoft Purview suite.
- DSI is designed to help security teams identify, analyze, and mitigate risks associated with sensitive data across Microsoft 365 services, including Emails, Teams messages, Microsoft Copilot interactions, and documents.
- The tool utilizes generative AI to perform deep content analysis, vector searches, and automated data categorization to accelerate the investigation lifecycle.
- Timeline Update: Public Preview begins early April 2025. General Availability (GA) has been rescheduled to start in early October 2025, with completion expected by early January 2026.
Impact
- Enhanced Investigative Scoping: Admins can search the entire Microsoft 365 estate from a single interface to locate evidence related to security incidents.
- AI-Driven Insights: Generative AI capabilities allow investigators to summarize impacted data, understand the context of security risks, and perform vector searches to find similar or related content.
- Visualized Correlations: The solution provides visual mapping of correlations between specific data sets, user identities, and their activities, simplifying complex forensic tasks.
- Operational Efficiency: DSI facilitates collaboration between security and legal/compliance teams and provides actionable insights to refine existing Purview policies based on investigation findings.
- Cost Management: Usage will involve specific billing meters for non-AI storage and “security compute units” for AI-powered processing.
Action Required
- Review Role-Based Access Control (RBAC): Identify the users who will require access and prepare to assign the new DSI-specific roles (DSI Admin, DSI Investigator, and DSI Reviewer) within the Purview portal.
- Prepare for Enrollment: Admins will need to complete a “first-run experience” which includes enrolling the Purview subscription for non-AI storage processing and AI consumption meters.
- Evaluate Compute Requirements: Assess your organization’s readiness for “security compute units,” which are required to power the AI-driven analysis features.
- Monitor Timeline: Mark April 2025 for the Public Preview to test the solution in a non-production or evaluation environment.
- Documentation: Review the official Microsoft Purview DSI documentation and the Community Hub announcement to understand the technical prerequisites and investigative workflows.
Microsoft Official Update
Service: N/A
Category: stayInformed
Severity: normal
Updated November 14, 2025: We have updated the timeline. Thank you for your patience.
Microsoft Purview Data Security Investigations (DSI) is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution.
This message is associated with Microsoft 365 Roadmap ID 485707.
[When this will happen:]
Public Preview: We will begin rolling out early April 2025 and expect to complete by mid-May 2025.
General Availability (Worldwide): We will begin rolling out early October 2025 (previously early August) and expect to complete by early January 2026 (previously late October 2025).
[How this will affect your organization:]
DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Microsoft Teams messages, Microsoft Copilot prompts and responses, and documents.
After an admin scopes an investigation, DSI’s generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks.
DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen your organization’s security practices.
Get started with DSI on the overview page with information on enrollment and enabling RBAC (role-based access control):
Categorize your data to identify highest risk items and plan mitigation actions accordingly:
Understand investigation progress and insights with the Investigation summary view:
[What you need to do to prepare:]
Learn more: Accelerate data security investigations with AI-powered deep content analysis | Microsoft Community Hub
Public Preview documentation: Learn about Data Security Investigations (preview) | Microsoft Learn
Get started on the Purview DSI overview page (coming soon) to complete setup and get oriented in a few simple steps:
- Enable access in Microsoft Purview > Permission for DSI admins, DSI investigators and DSI reviewers in your organization.
- Complete the DSI first-run experience including:
- Enrolling your Purview subscription for non-AI storage and processing meter
- Enrolling for AI consumption using security compute units
- Get started with your first investigation.
