Microsoft 365 Message Center ArchiveM365 Archive
Microsoft 365 Roadmap

RM558547Microsoft Purview: Data Security Investigations – analyze files tied to endpoint DLP alerts

Summary

Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).

Description

Speed up analysis of exfiltrated content by launching Data Security Investigations (DSI) from endpoint Data Loss Prevention (DLP) alerts. In DSI, define your endpoint DLP query (for example, time range, users, and endpoints). DSI then automatically gathers the related files that triggered the alerts for review (for example, UserA downloaded a file on 3/1/2026).

GA date: June CY2026

Preview date: June CY2026

Version history

2 versions tracked

Updated 1 time since Mar 12, 2026. Microsoft 365 Message Center only shows the current version; this archive preserves tracked history.

Compare latest to previous (v1)

Compare any two versions

From
To
  1. May 19, 2026 - 10:45 PMLatest - v2

    Changed: Body

  2. Mar 12, 2026 - 11:00 PMOriginal - v1

    Changed: Initial version

    View this versionCompare to latest