Microsoft brings AI-powered investigations to security teams

Microsoft Purview Data Security Investigations is now available. The tool is part of Microsoft Purview and is intended for scenarios such as data breach and leak investigations, credential exposure, internal fraud and bribery, sensitive data exposure in Teams, and inappropriate content investigations.

Microsoft Purview Data Security Investigations (Source: Microsoft)

“Investigations that once took weeks, or weren’t possible at all, can now be completed in hours. By eliminating manual effort and surfacing hidden risks across sprawling data estates, Data Security Investigations empowers teams to investigate more efficiently and confidently, making deep, scalable investigations a reality,” said Katerina Athanasiou, Senior Product Marketing Manager at Microsoft.

Purview Data Security Investigations works across Microsoft 365 data sources, including emails, Teams messages, documents, and Copilot prompts and responses. Investigations can be started through direct search across data repositories or launched from security alerts, insider risk cases, or data security posture findings.

Once data is collected, the solution uses GenAI to analyze content and surface potential security risks. Investigators can use natural language search to find relevant information across large datasets. Related content is grouped to help teams understand the types of data involved in an investigation. Analysis results include risk indicators, explanations, and suggested mitigation actions.

The investigation interface links analyzed data with audit logs and user activity signals, giving security teams visibility into how content was accessed or shared. Administrators can collaborate with other teams during an investigation and take action on findings. A purge mitigation action, launched in early January 2026, allows administrators to delete sensitive or overshared content directly within an investigation to reduce exposure.

With general availability, Microsoft introduced usage-based pricing for Purview Data Security Investigations. Customers are billed separately for data storage used by investigations and for compute resources consumed during AI analysis. Cost estimation and usage tracking tools are included to help organizations monitor spending.