check before: 2025-04-01
Product:
Copilot, Purview Communication Compliance, Purview Information Protection, Purview Insider Risk Management, Teams
Platform:
Android, iOS, Mac, Online, Web, World tenant
Status:
In development
Change type:
Admin impact, New feature, Updated message, User impact
Links:
Details:
Summary:
Microsoft Purview Insider Risk Management will add a Data Security Investigation Contributor role, enabling investigators to launch AI-powered Data Security Investigations from IRM cases. Public preview starts April 2025; general availability begins October 2025. No admin action is needed before rollout.
Details:
Updated October 7, 2025: We have updated the timeline. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case.
DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices.
The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact.
This message is associated with roadmap ID 485707.
[When this will happen:]
Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025.
General Availability (Worldwide): We will begin rolling out in mid-October 2025 (previously mid-July) and expect to complete by mid-December 2025 (previously mid-August).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-03-27
updated:
2025-10-07
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Role Misalignment
The introduction of the Data Security Investigation Contributor role without prior preparation may lead to confusion among existing users regarding their permissions and responsibilities, potentially resulting in unauthorized access to sensitive data.
- roles: Data Security Admins, IRM Investigators
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=485707
Increased Incident Response Time
Without adequate training and documentation updates, the new role may slow down incident response times as users may not be familiar with the new tools and processes, leading to delays in addressing security incidents.
- roles: Data Security Admins, IRM Investigators
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=485707
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Microsoft is introducing a new role called the Data Security Investigation Contributor within its Purview Insider Risk Management system. Think of this as adding a new specialist to your team who can dig deeper into specific issues. This specialist uses advanced tools, like AI, to look at data and find potential security risks, much like a detective using the latest technology to solve a case.
The new feature, Data Security Investigation (DSI), acts like a magnifying glass for your data. It helps security teams quickly find and analyze emails, messages, and documents that might be related to a security incident. Imagine it as having a super-smart assistant who can quickly sift through all your files and highlight the ones that might be important for an investigation.
This new tool also helps visualize connections between data, users, and their activities, similar to how a detective might map out relationships between suspects in a case. This visualization helps teams understand the bigger picture and see how different pieces of information are related.
Once a potential risk is identified, DSI helps teams work together securely to address the issue, much like a group of experts coming together to solve a problem. After the investigation, the insights gained can be used to improve security policies, similar to how a company might update its rules after learning from a past mistake.
The integration between Insider Risk Management and DSI allows investigators to easily start a deeper investigation when they spot something suspicious. It's like having a button that, when pressed, instantly brings up all the relevant information about a case.
This update will be rolled out automatically, so there's no need for any manual changes beforehand. It's a bit like receiving an automatic software update on your phone that enhances its features without you having to do anything.
Overall, this change is designed to make it easier for organizations to manage and mitigate data security risks, using advanced tools to keep information safe and secure.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-10-07 | MC Last Updated | 07/03/2025 18:36:07 | 2025-10-07T16:57:15Z |
| 2025-10-07 | MC Messages | Updated July 3, 2025: We have updated the timeline below. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case. DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-July 2025 (previously mid-June) and expect to complete by mid-August 2025 (previously mid-July). | Updated October 7, 2025: We have updated the timeline. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case. DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-October 2025 (previously mid-July) and expect to complete by mid-December 2025 (previously mid-August). |
| 2025-10-07 | MC End Time | 10/27/2025 08:00:00 | 2026-01-26T08:00:00Z |
| 2025-10-07 | MC Summary | Microsoft Purview Insider Risk Management (IRM) is adding a new role, Data Security Investigation Contributor, to allow IRM Investigators to launch Data Security Investigations (DSI) from IRM cases. DSI is an AI-powered solution for identifying and analyzing incident-related data. The public preview starts in April 2025, with general availability in July 2025. No admin action is required before the rollout. | Microsoft Purview Insider Risk Management will add a Data Security Investigation Contributor role, enabling investigators to launch AI-powered Data Security Investigations from IRM cases. Public preview starts April 2025; general availability begins October 2025. No admin action is needed before rollout. |
| 2025-07-04 | MC Messages | Updated July 2, 2025: We have updated the timeline below. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case. DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-July 2025 (previously mid-June) and expect to complete by mid-August 2025 (previously mid-July). | Updated July 3, 2025: We have updated the timeline below. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case. DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-July 2025 (previously mid-June) and expect to complete by mid-August 2025 (previously mid-July). |
| 2025-07-04 | MC Last Updated | 07/02/2025 21:08:36 | 2025-07-03T18:36:07Z |
| 2025-07-04 | MC Summary | Microsoft Purview Insider Risk Management will add a new role, Data Security Investigation Contributor, to enable deeper investigations using the new AI-powered Data Security Investigation (DSI) tool. The public preview starts in April 2025, with general availability in July 2025. No admin action is required before the rollout. | Microsoft Purview Insider Risk Management (IRM) is adding a new role, Data Security Investigation Contributor, to allow IRM Investigators to launch Data Security Investigations (DSI) from IRM cases. DSI is an AI-powered solution for identifying and analyzing incident-related data. The public preview starts in April 2025, with general availability in July 2025. No admin action is required before the rollout. |
| 2025-07-03 | MC MessageTagNames | New feature, User impact, Admin impact | Updated message, New feature, User impact, Admin impact |
| 2025-07-03 | MC Summary | Microsoft Purview Insider Risk Management (IRM) will introduce a new role, Data Security Investigation Contributor, allowing IRM Investigators to launch Data Security Investigations (DSI) from IRM cases. DSI, an AI-powered solution, helps identify, analyze, and mitigate data security risks. The public preview begins in April 2025, with general availability in June 2025. No admin action is required before the rollout. | Microsoft Purview Insider Risk Management will add a new role, Data Security Investigation Contributor, to enable deeper investigations using the new AI-powered Data Security Investigation (DSI) tool. The public preview starts in April 2025, with general availability in July 2025. No admin action is required before the rollout. |
| 2025-07-03 | MC Last Updated | 03/26/2025 17:53:25 | 2025-07-02T21:08:36Z |
| 2025-07-03 | MC Messages | Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case.
DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-June 2025 and expect to complete by mid-July 2025. | Updated July 2, 2025: We have updated the timeline below. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case. DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-July 2025 (previously mid-June) and expect to complete by mid-August 2025 (previously mid-July). |
| 2025-07-03 | MC Title | Microsoft Purview: IRM RBAC Change (related to Data Security Investigations) Preview | (Updated) Microsoft Purview: IRM RBAC Change (related to Data Security Investigations) Preview |
| 2025-07-03 | MC End Time | 05/26/2025 09:00:00 | 2025-10-27T08:00:00Z |
Last updated 1 month ago ago
