Microsoft has officially launched the Microsoft Purview Data Security Investigations tool, designed to enhance the efficiency of security investigations related to data breaches, credential exposure, internal fraud, and more. This new solution enables security teams to conduct investigations that previously took weeks, or were not feasible, in just hours.
According to Katerina Athanasiou, Senior Product Marketing Manager at Microsoft, “By eliminating manual effort and surfacing hidden risks across sprawling data estates, Data Security Investigations empowers teams to investigate more efficiently and confidently.” This significant advancement transforms the landscape of data security investigations, making detailed and scalable inquiries a reality.
Enhanced Investigation Processes
The tool integrates seamlessly with various Microsoft 365 data sources, including emails, Teams messages, documents, and responses generated by Copilot. Investigations can be initiated through a straightforward search across data repositories or triggered by security alerts, insider risk cases, or findings related to data security posture.
Once data is gathered, the solution utilizes Generative AI to analyze content and identify potential security risks. Investigators can perform natural language searches to locate pertinent information within large datasets. The tool organizes related content, assisting teams in understanding the types of data implicated in an investigation. Key analysis results include risk indicators, explanations, and recommendations for mitigation actions.
The user interface links analyzed data with audit logs and user activity signals, providing security teams with visibility into how content was accessed or shared. This feature is crucial for understanding the context of security incidents and addressing vulnerabilities quickly.
Collaboration and Cost Management
Administrators have the ability to collaborate with other teams during investigations and take decisive actions based on findings. A notable mitigation action, set to launch in January 2026, allows administrators to delete sensitive or overshared content directly within an investigation, thereby reducing exposure and enhancing data security.
With the tool’s general availability, Microsoft has introduced usage-based pricing for Purview Data Security Investigations. Customers will be billed separately for data storage utilized during investigations and for the compute resources consumed during AI analysis. To assist organizations in managing expenses, Microsoft has included cost estimation and usage tracking tools.
This innovative approach to security investigations by Microsoft promises to streamline the process, enhance data protection, and empower teams with the resources they need to address security threats effectively. As organizations increasingly prioritize data security, tools like Microsoft Purview Data Security Investigations are set to play a pivotal role in safeguarding sensitive information.