MC1317196 - Microsoft Purview | Data Security Investigations: Proactive AI insights in Data Security Posture Management

Introduction

Data Security Investigations (DSI) provides proactive AI-powered insights within the Data Security Posture Management (DSPM) experience. With this rollout, Microsoft Purview expands this capability so that when DSPM detects potential data exfiltration risks, DSI automatically analyzes the associated content across key sensitive data categories, such as intellectual property, financial data, and credentials, and surfaces results directly within DSPM. This integration helps security teams identify and prioritize risks earlier, streamline investigations, and act faster to protect sensitive data.

Important: These insights are available only when Data Security Investigations (DSI) is configured and Data Security Posture Management insights is activated.

This message is associated with Microsoft 365 Roadmap ID 560327.

When this will happen

General Availability (Worldwide): Rollout will begin in early June 2026 and is expected to complete by mid-June 2026.

How this affects your organization

Who is affected

• Security admins and analysts using Microsoft Purview Data Security Posture Management (DSPM) with Data Security Investigations (DSI) enabled
• Organizations with DSPM configured for exfiltration detection scenarios and access to DSI

What will happen

• When DSPM identifies potential data exfiltration, DSI analyzes the underlying content against sensitive data categories.
• This change brings DSI content analysis directly into the DSPM workflow, so analysts no longer need to switch tools to understand what data is at risk in a potential exfiltration event.
• AI-generated insights appear directly within the DSPM experience, allowing analysts to understand what sensitive data is at risk. Image 3. DSPM view showing proactive AI insights: 

  

• Once enabled, no additional action is required for the insights to appear.
• Analysts can investigate further using the Go to investigation option, which opens the relevant context in Data Security Investigations. Image 2. Go to investigation experience in DSI: 

  

• Admins can enable proactive AI insights within DSPM as part of the Prevent exfiltration to risk destinations objective. Image 3. Enable proactive AI insights setting in DSPM:

  

• This capability helps reduce triage time and improves prioritization of investigation efforts.
• There is no impact to users.
• This feature requires DSPM to be configured, the Prevent exfiltration to risk destinations objective enabled, and Data Security Investigations (DSI) to be available and enabled in your tenant.
• Proactive AI insights only appear when Data Security Investigations (DSI) is available and enabled.

What you can do to prepare

• No action is required if you are not using DSPM or DSI.
• Ensure Data Security Investigations and Data Security Posture Management are configured in your tenant.
• Assign appropriate roles for DSPM and DSI to your security team.
• Enable the Prevent exfiltration to risk destinations objective in DSPM.
• Enable proactive AI insights within DSPM.
• Educate your security team on the updated investigation workflow.

Learn more:

• Data Security Investigations | Microsoft Purview
• Data Security Posture Management | Microsoft Purview

Compliance considerations