M365 Archive

RM558547 - Microsoft Purview: Data Security Investigations – analyze files tied to endpoint DLP alerts

Microsoft 365 Roadmap

Summary

Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).

Roadmap ID

558547

View in M365 Roadmap

Last Updated

May 19, 2026

Published Mar 12, 2026

View version history

Status

In development

Release

General Availability
Preview

Platforms

Web

Service

Microsoft Purview

Tag

In development
General Availability
Preview
Worldwide (Standard Multi-Tenant)

Cloud

Worldwide (Standard Multi-Tenant)

Description

Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).

GA date: June CY2026

Preview date: June CY2026

Version history

2 versions tracked

Updated 1 time since Mar 12, 2026. Microsoft Message Center only ever shows the current version; this archive preserves the history.

Compare latest to previous (v1)

Compare any two versions

From
To
  1. May 19, 2026 · 10:45 PMLatest · v2

    Changed: Body

  2. Mar 12, 2026 · 11:00 PMOriginal · v1

    Changed: Initial version

    View this versionCompare to latest