check before: 2025-04-01
Product:
Copilot, Purview, Purview Communication Compliance, Purview compliance portal, Purview Information Protection, Purview Insider Risk Management, Teams
Platform:
Android, iOS, Mac, Online, Web, World tenant
Status:
Launched
Change type:
Admin impact, New feature, Updated message, User impact
Links:
Details:
Summary:
Microsoft Purview Insider Risk Management will add a Data Security Investigation Contributor role, enabling investigators to launch AI-powered Data Security Investigations from IRM cases. Public preview starts April 2025; general availability begins October 2025. No admin action is needed before rollout.
Details:
Updated October 7, 2025: We have updated the timeline. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case.
DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices.
The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact.
This message is associated with roadmap ID 485707.
[When this will happen:]
Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025.
General Availability (Worldwide): We will begin rolling out in mid-October 2025 (previously mid-July) and expect to complete by mid-December 2025 (previously mid-August).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-03-27
updated:
2025-10-07
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Role Misalignment
Without preparation, existing users may not have the necessary permissions to access the new Data Security Investigation features, leading to confusion and potential delays in incident response.
- roles: Insider Risk Management Investigators, Data Security Admins
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=485707
Increased Incident Response Time
The lack of prior training and understanding of the new AI-powered Data Security Investigations could result in slower incident response times, as users may struggle to utilize the new tools effectively.
- roles: Data Security Teams, IT Support Staff
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=485707
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-10-07 | MC Last Updated | 07/03/2025 18:36:07 | 2025-10-07T16:57:15Z |
| 2025-10-07 | MC Messages | Updated July 3, 2025: We have updated the timeline below. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case. DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-July 2025 (previously mid-June) and expect to complete by mid-August 2025 (previously mid-July). | Updated October 7, 2025: We have updated the timeline. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case. DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-October 2025 (previously mid-July) and expect to complete by mid-December 2025 (previously mid-August). |
| 2025-10-07 | MC End Time | 10/27/2025 08:00:00 | 2026-01-26T08:00:00Z |
| 2025-10-07 | MC Summary | Microsoft Purview Insider Risk Management (IRM) is adding a new role, Data Security Investigation Contributor, to allow IRM Investigators to launch Data Security Investigations (DSI) from IRM cases. DSI is an AI-powered solution for identifying and analyzing incident-related data. The public preview starts in April 2025, with general availability in July 2025. No admin action is required before the rollout. | Microsoft Purview Insider Risk Management will add a Data Security Investigation Contributor role, enabling investigators to launch AI-powered Data Security Investigations from IRM cases. Public preview starts April 2025; general availability begins October 2025. No admin action is needed before rollout. |
| 2025-07-04 | MC Messages | Updated July 2, 2025: We have updated the timeline below. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case. DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-July 2025 (previously mid-June) and expect to complete by mid-August 2025 (previously mid-July). | Updated July 3, 2025: We have updated the timeline below. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case. DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-July 2025 (previously mid-June) and expect to complete by mid-August 2025 (previously mid-July). |
| 2025-07-04 | MC Last Updated | 07/02/2025 21:08:36 | 2025-07-03T18:36:07Z |
| 2025-07-04 | MC Summary | Microsoft Purview Insider Risk Management will add a new role, Data Security Investigation Contributor, to enable deeper investigations using the new AI-powered Data Security Investigation (DSI) tool. The public preview starts in April 2025, with general availability in July 2025. No admin action is required before the rollout. | Microsoft Purview Insider Risk Management (IRM) is adding a new role, Data Security Investigation Contributor, to allow IRM Investigators to launch Data Security Investigations (DSI) from IRM cases. DSI is an AI-powered solution for identifying and analyzing incident-related data. The public preview starts in April 2025, with general availability in July 2025. No admin action is required before the rollout. |
| 2025-07-03 | MC MessageTagNames | New feature, User impact, Admin impact | Updated message, New feature, User impact, Admin impact |
| 2025-07-03 | MC Summary | Microsoft Purview Insider Risk Management (IRM) will introduce a new role, Data Security Investigation Contributor, allowing IRM Investigators to launch Data Security Investigations (DSI) from IRM cases. DSI, an AI-powered solution, helps identify, analyze, and mitigate data security risks. The public preview begins in April 2025, with general availability in June 2025. No admin action is required before the rollout. | Microsoft Purview Insider Risk Management will add a new role, Data Security Investigation Contributor, to enable deeper investigations using the new AI-powered Data Security Investigation (DSI) tool. The public preview starts in April 2025, with general availability in July 2025. No admin action is required before the rollout. |
| 2025-07-03 | MC Last Updated | 03/26/2025 17:53:25 | 2025-07-02T21:08:36Z |
| 2025-07-03 | MC Messages | Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case.
DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-June 2025 and expect to complete by mid-July 2025. | Updated July 2, 2025: We have updated the timeline below. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case. DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices. The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact. This message is associated with roadmap ID 485707. [When this will happen:] Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025. General Availability (Worldwide): We will begin rolling out in mid-July 2025 (previously mid-June) and expect to complete by mid-August 2025 (previously mid-July). |
| 2025-07-03 | MC Title | Microsoft Purview: IRM RBAC Change (related to Data Security Investigations) Preview | (Updated) Microsoft Purview: IRM RBAC Change (related to Data Security Investigations) Preview |
| 2025-07-03 | MC End Time | 05/26/2025 09:00:00 | 2025-10-27T08:00:00Z |
Last updated 2 days ago ago
