NewMicrosoft Purview · Data Loss Prevention
Microsoft Purview: Data Security Investigations – analyze files tied to endpoint DLP alerts
Microsoft Purview will add Data Security Investigations capability to analyze files associated with endpoint DLP alerts, enabling faster review of exfiltrated content by automatically gathering related files based on DLP query parameters.
Key dates
- 2026-03-01 — preview (Example date referenced in feature description (illustrative of usage scenario, not rollout date))
Microsoft's description
Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).