Microsoft Empowers Security Teams with AI Investigations
▼ Summary
– Microsoft Purview Data Security Investigations is a new tool designed for various security scenarios, including data breach investigations and sensitive data exposure in Teams.
– It significantly reduces investigation time from weeks to hours by automating manual processes and uncovering risks across large data estates.
– The tool works across Microsoft 365 data sources like emails and Teams, and investigations can be initiated via direct search or from security alerts.
– It uses GenAI to analyze content, supports natural language search, and groups related data to surface risks with explanations and mitigation suggestions.
– The solution features a collaborative interface with audit logs, allows administrators to take actions like content purging, and uses a usage-based pricing model.
Microsoft has launched a new tool designed to transform how security teams handle complex data investigations, significantly reducing the time required to uncover and address critical risks. Microsoft Purview Data Security Investigations is now generally available, offering a powerful solution for scenarios ranging from data breach and leak inquiries to internal fraud, credential exposure, and inappropriate content investigations within platforms like Microsoft Teams. This addition to the Microsoft Purview suite aims to turn lengthy, manual processes into efficient, AI-driven operations.
According to Katerina Athanasiou, a Senior Product Marketing Manager at Microsoft, the tool represents a major leap forward. Investigations that previously stretched over weeks, or were simply impossible to conduct at scale, can now be finalized in a matter of hours. The system eliminates cumbersome manual effort and brings hidden risks to the surface across vast and complex data environments. This empowers security teams to conduct deeper, more scalable investigations with greater confidence and efficiency.
The platform operates by pulling data from a wide array of Microsoft 365 sources. This includes emails, Teams messages, various documents, and even Copilot prompts and responses. Teams can initiate an investigation through a direct search across these data repositories or by launching one directly from an existing security alert, an insider risk management case, or a finding from a data security posture assessment.
Once the relevant data is collected, the solution leverages generative AI to analyze the content and surface potential security risks. Investigators can use natural language queries to search through massive datasets, making it easier to find pertinent information without complex syntax. The AI also groups related content together, helping teams quickly understand the scope and nature of the data involved in a case. The analysis provides clear results, including identified risk indicators, contextual explanations, and suggested mitigation actions for teams to consider.
A key feature of the investigation interface is its ability to link the analyzed data with comprehensive audit logs and user activity signals. This gives security professionals crucial visibility into how specific content was accessed, modified, or shared. The platform also supports collaboration, allowing administrators to work with other teams during an active investigation and take direct action on their findings. A notable mitigation action, introduced in early January 2026, is the purge function. This allows administrators to permanently delete sensitive or overshared content directly from within the investigation workflow, helping to immediately reduce data exposure.
With this general availability release, Microsoft has implemented a usage-based pricing model for Purview Data Security Investigations. Customers will be billed separately for the data storage utilized by their investigations and for the compute resources consumed during the AI analysis phase. To help organizations manage their investment, the platform includes built-in tools for cost estimation and detailed usage tracking, providing transparency and control over spending.
(Source: HelpNet Security)
