check before: 2025-04-01
Product:
Copilot, Purview Communication Compliance, Purview Information Protection, Purview Insider Risk Management, Teams
Platform:
Android, iOS, Mac, Online, Web, World tenant
Status:
In development
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Purview Insider Risk Management (IRM) will introduce a new role, Data Security Investigation Contributor, allowing IRM Investigators to launch Data Security Investigations (DSI) from IRM cases. DSI, an AI-powered solution, helps identify, analyze, and mitigate data security risks. The public preview begins in April 2025, with general availability in June 2025. No admin action is required before the rollout.
Details:
Microsoft Purview Insider Risk Management (IRM) will be adding a new role--Data Security Investigation Contributor--to the Insider Risk Management Investigators role group. This will allow members of the Insider Risk Management Investigators role group to launch a Data Security Investigation (DSI) from an IRM case.
DSI is a new AI-powered solution that enables data security teams to identify incident-related data, conduct deep content analysis, and mitigate risk within one unified solution. DSI enables data security admins to efficiently identify incident-relevant content by searching their Microsoft 365 data estate to locate emails, Teams messages, Copilot prompts and responses, and documents. Once the investigation is scoped, DSI's generative AI capabilities allow admins to gain deeper insights into the impacted data, revealing critical security risks and sensitive information. Investigative capabilities include the ability to categorize evidence, perform vector searches, and examine impacted data for security and sensitive data risks. DSI visualizes correlations between investigation data, users, and their activities. To mitigate identified risks, DSI facilitates secure collaboration between partner teams. Post-investigation learnings can be used to refine existing policies to strengthen an organization's security practices.
The integration between IRM and DSI allows an IRM investigator to identify when a risky user needs deeper investigation to launch a pre-scoped investigation directly from the user activity pane, allowing them to view content analysis related to that user and better assess post-incident data impact.
This message is associated with roadmap ID 485707.
[When this will happen:]
Public Preview (Worldwide): We will begin rolling out early April 2025 and expect to complete by late April 2025.
General Availability (Worldwide): We will begin rolling out in mid-June 2025 and expect to complete by mid-July 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-03-27
updated:
2025-03-27
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft is introducing a Data Security Investigation (DSI) feature in its Purview Insider Risk Management tool, enabling investigators to use AI to analyze and mitigate data security risks more effectively, with a new role called "Data Security Investigation Contributor" allowing direct investigations from IRM cases; this feature will be available for public preview in April 2025 and generally available by June 2025.
Direct effects for Operations**
Role Misalignment
The introduction of the Data Security Investigation Contributor role may lead to confusion among existing IRM Investigators if they are not adequately informed about the new role's capabilities and limitations, potentially resulting in ineffective investigations.
- roles: IRM Investigators, Data Security Admins
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=485707
Increased Security Risks
Without proper preparation and understanding of the new DSI capabilities, organizations may inadvertently overlook critical data security risks during investigations, leading to potential data breaches or compliance violations.
- roles: Data Security Admins, Compliance Officers
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=485707
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 3 weeks ago
