MC1091445 - Microsoft Purview compliance portal | Insider Risk Management: Data Security Investigation integration (preview)

Coming soon: A new integration between Insider Risk Management (IRM) and Data Security Investigation (DSI) in Microsoft Purview. This enhancement allows data security admins to launch a pre-scoped DSI directly from an IRM case, enabling deeper investigation into risky user behavior and better post-incident impact assessment.

DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI’s generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices.

This message is associated with Microsoft 365 Roadmap ID 486827.

When this will happen:

Public Preview: We will begin rolling out mid-July 2025 and expect to complete by late July 2025.

General Availability (Worldwide): We will begin rolling out late August 2025 and expect to complete by late September 2025.

How this will affect your organization:

After this rollout:

• Members of the Insider Risk Management Investigators role group can initiate a DSI directly from an IRM case.
• However, they must also be assigned the Data Security Investigation Investigator role to view the investigation results.
• This streamlines the investigation process by allowing admins to:
  • Go to Purview compliance portal > IRM
  • Go to Cases, and open any case listed
  • Select Case actions
  • Choose Investigate data security with AI from the dropdown menu
  • Name the investigation and select relevant content
  • Launch the investigation with a single click

This change will be available by default.

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. DSI will need to be set up for successful investigation in DSI once an investigation is created from an IRM case. Prerequisite steps to configure DSI: Get started with Data Security Investigations (preview) | Microsoft Learn. You may want to notify your admins about this change and update any relevant documentation.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

You can access the Insider Risk Management solution in the Microsoft Purview compliance portal.

Learn more

• Learn about Data Security Investigations (preview) | Microsoft Learn
• Accelerate data security investigations with AI-powered deep content analysis | Microsoft Community Hub
• Take action on insider risk management cases | Microsoft Learn (will be updated before rollout)
• Create an investigation in Data Security Investigations (preview) | Microsoft Learn (will be updated before rollout)