Microsoft Purview | Data Security Investigations: Proactive AI insights in Data Security Posture Management

Microsoft Purview's Data Security Investigations (DSI) now integrates AI-powered insights directly into Data Security Posture Management (DSPM) to analyze potential data exfiltration risks across sensitive data categories, enhancing early risk detection, investigation efficiency, and response. Rollout begins June 2026, requiring DSI and DSPM configuration.

[Introduction]

Data Security Investigations (DSI) provides proactive AI-powered insights within the Data Security Posture Management (DSPM) experience. With this rollout, Microsoft Purview expands this capability so that when DSPM detects potential data exfiltration risks, DSI automatically analyzes the associated content across key sensitive data categories, such as intellectual property, financial data, and credentials, and surfaces results directly within DSPM. This integration helps security teams identify and prioritize risks earlier, streamline investigations, and act faster to protect sensitive data.

Important: These insights are available only when Data Security Investigations (DSI) is configured and Data Security Posture Management insights is activated.

This message is associated with Microsoft 365 Roadmap ID 560327.

[When this will happen]

General Availability (Worldwide): Rollout will begin in early June 2026 and is expected to complete by mid-June 2026.

[How this affects your organization]

Who is affected

• Security admins and analysts using Microsoft Purview Data Security Posture Management (DSPM) with Data Security Investigations (DSI) enabled
• Organizations with DSPM configured for exfiltration detection scenarios and access to DSI

What will happen

• When DSPM identifies potential data exfiltration, DSI analyzes the underlying content against sensitive data categories.
• This change brings DSI content analysis directly into the DSPM workflow, so analysts no longer need to switch tools to understand what data is at risk in a potential exfiltration event.
• AI-generated insights appear directly within the DSPM experience, allowing analysts to understand what sensitive data is at risk. Image 3. DSPM view showing proactive AI insights: 

  

• Once enabled, no additional action is required for the insights to appear.
• Analysts can investigate further using the Go to investigation option, which opens the relevant context in Data Security Investigations. Image 2. Go to investigation experience in DSI: 

  

• Admins can enable proactive AI insights within DSPM as part of the Prevent exfiltration to risk destinations objective. Image 3. Enable proactive AI insights setting in DSPM:

  

• This capability helps reduce triage time and improves prioritization of investigation efforts.
• There is no impact to users.
• This feature requires DSPM to be configured, the Prevent exfiltration to risk destinations objective enabled, and Data Security Investigations (DSI) to be available and enabled in your tenant.
• Proactive AI insights only appear when Data Security Investigations (DSI) is available and enabled.

[What you can do to prepare]

• No action is required if you are not using DSPM or DSI.
• Ensure Data Security Investigations and Data Security Posture Management are configured in your tenant.
• Assign appropriate roles for DSPM and DSI to your security team.
• Enable the Prevent exfiltration to risk destinations objective in DSPM.
• Enable proactive AI insights within DSPM.
• Educate your security team on the updated investigation workflow.

Learn more:

• Data Security Investigations | Microsoft Purview
• Data Security Posture Management | Microsoft Purview

[Compliance considerations]

Question	Answer
Does the change alter how existing customer data is processed, stored, or accessed?	Yes. DSI analyzes data involved in potential exfiltration events to classify sensitive content and surface insights within DSPM.
Does the change introduce or significantly modify AI or ML capabilities that interact with customer data?	Yes. The rollout expands AI analysis that evaluates potentially exfiltrated data and presents insights directly in DSPM.
Does the change alter how admins can monitor, report on, or demonstrate compliance activities?	Admins gain enhanced visibility and investigation context within DSPM, improving monitoring and response workflows.