Microsoft Purview | Data Security Investigations: Introducing new custom examination focus areas

Microsoft Purview Data Security Investigations will support custom examination focus areas from mid-May 2026, allowing admins to tailor AI-powered investigations to prioritize specific sensitive information. This feature respects existing permissions, requires no pre-rollout action, and enhances investigation efficiency without changing data storage or access.

[Introduction]

Microsoft Purview Data Security Investigations (DSI) is adding support for custom examination focus areas. This feature will empower admins to tailor examinations to their specific needs based on the type of investigation being performed and the types of information they want to prioritize. This capability extends DSI’s existing AI‑powered deep content analysis used to identify data security risks.

This message is associated with Microsoft 365 Roadmap ID 560598.

[When this will happen]

• Public Preview: Rollout begins in mid‑May 2026 and is expected to complete by mid‑June 2026.
• General Availability (Worldwide): Rollout begins in mid‑June 2026 and is expected to complete by late June 2026.

[How this affects your organization]

Who is affected

• Microsoft 365 admins and investigators using Microsoft Purview Data Security Investigations
• Tenants with access to DSI

What will happen

• Admins can create custom examination focus areas when running Data Security Investigations.
• Custom focus areas allow investigations to prioritize specific types of sensitive information relevant to the investigation.
• AI-powered deep content analysis uses these focus areas to surface potential data security risks more efficiently.
• The feature is available by default to eligible tenants once rolled out.
• Existing DSI permissions, policies, and workflows are respected.
• There is no change to user workflows unless an admin runs an investigation using custom focus areas.

[What you can do to prepare]

No action is required before this feature rolls out.

You may want to:

• Review how your organization currently uses Data Security Investigations.
• Update internal investigation playbooks or documentation to include custom examination focus areas.
• Inform security and compliance teams about the new capability.

Learn more: 

• Learn about Data Security Investigations | Microsoft Purview | Microsoft Learn
• Use examination tools - Use AI analysis in Data Security Investigations | Microsoft Purview | Microsoft Learn

[Compliance considerations]

Question	Answer
Does the change alter how existing customer data is processed, stored, or accessed?	Yes. Admins can define custom examination focus areas that influence how AI-powered analysis prioritizes and examines existing data during an investigation. This does not change where data is stored or who can access it.
Does the change introduce or significantly modify AI/ML capabilities that interact with customer data?	Yes. This feature extends existing AI-powered deep content analysis by allowing admins to configure custom focus areas that guide how AI analyzes investigation data.
Does the change alter how admins monitor, report on, or demonstrate compliance activities?	Yes. Admins can configure investigations with custom focus areas, which may change how investigations are conducted, but reporting, audit logs, and compliance evidence remain unchanged.
Does the change include an admin control, and can it be managed through Entra ID group membership?	Yes. The feature is available to admins and investigators with appropriate Microsoft Purview permissions. Access continues to be governed by existing role‑based access controls.