M365 Archive

RM558547 - Microsoft Purview: Data Security Investigations – analyze files tied to endpoint DLP alerts

Microsoft 365 Roadmap

Roadmap ID

558547

View in M365 Roadmap

Status

In development

Release

General Availability
Preview

Published

Mar 12, 2026

Platforms

Web

Service

Microsoft Purview

Tag

In development
General Availability
Preview
Worldwide (Standard Multi-Tenant)

Cloud

Worldwide (Standard Multi-Tenant)

Summary

Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).

Description

Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).

GA date: May CY2026

Preview date: April CY2026