Effective May 2025, Microsoft Purview Data Security Investigations (DSI), a solution for rapidly identifying and mitigating risks from sensitive data exposure, is in public preview. Administrators will need to activate Purview PAYG billing and provision Security Compute Units to use this feature.
The Need for Data Security Investigations (DSI)
Data breaches involving stolen credentials take an average of 292 days to identify and contain. During this period, organizations struggle to understand their overall risk, leading to inefficient workflows, labor-intensive data reviews, and increased costs. Additionally, moving impacted data for analysis or sharing evidence with stakeholders can expose or leak sensitive information.
Introducing Purview Data Security Investigations
Microsoft Purview Data Security Investigations (DSI) is a unified solution that enables data security teams to identify incident-related data, investigate it with AI-powered deep content analysis, and mitigate risks within one platform. DSI builds on Microsoft Purview’s existing Data Security portfolio, including information protection, data loss prevention, and insider risk management solutions. DSI will continue to evolve, with future features including the ability to purge overshared risky files and more.
Key Benefits of DSI
- AI-Powered Analysis: DSI uses generative AI to rapidly analyze data, pinpointing major risks and categorizing impacted data to understand incident severity.
- Efficient Risk Mitigation: AI helps identify security risks within impacted data, such as credentials, network risks, or evidence of threat actor discussions.
- Proactive Data Hygiene: DSI can be used to examine datasets for sensitive information or security risks, helping prevent data security incidents.
- Vector-Based Semantic Search: This feature allows querying impacted data to discover assets related to specific subjects, even if keywords are missing.
How DSI Works
- Incident Detection: When a data breach occurs, DSI enables the security team to search the Microsoft 365 data estate for incident-relevant emails, Teams messages, Copilot prompts, and documents.
- AI Analysis: DSI’s AI capabilities categorize impacted data and identify high-risk assets, such as credentials and sensitive documents.
- Risk Visualization: DSI visualizes correlations between impacted data, users, and their activities, providing critical context for mitigation.
- Secure Collaboration: DSI facilitates secure collaboration between partner teams to address identified risks, such as resetting compromised accounts.
Integration with Existing Tools
DSI integrates with Microsoft Defender XDR and Microsoft Purview Insider Risk Management, which allows for pre-scoped data security investigations to be launched directly from these tools. This integration provides the Security Operations Center (SOC) with visibility into the impact of security incidents on data, enabling better prioritization based on data sensitivity and severity.
More information
Learn how to get started: https://learn.microsoft.com/en-us/purview/data-security-investigations-get-started.
Get help from the experts in licensing
Feel free to reach out to us to get expert licensing consultancy regarding Microsoft Purview. We show you the best options for your business case in order to help you compare all your options and to make an informed decision.