check before: 2026-04-01
Product:
Purview, Purview Communication Compliance, Purview compliance portal, Purview Data Loss Prevention
Platform:
Online, Web, World tenant
Status:
In development
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Purview’s Data Security Investigations will include endpoint Data Loss Prevention (DLP) events as a queryable source, enabling admins to analyze related files automatically. Rolling out April–May 2026, this feature enhances investigation efficiency using AI tools without user impact or required admin action.
Details:
[Introduction]
We're introducing endpoint Data Loss Prevention (DLP) events as a queryable data source in Data Security Investigations (DSI) in Microsoft Purview. With this update, administrators can build endpoint DLP queries directly in DSI using filters such as date range, and DSI will automatically pull files associated with those events into the investigation for analysis. This integration helps security teams examine endpoint DLP activity at scale, reducing time and effort spent triaging individual alerts and improving the ability to identify patterns and potential data exfiltration scenarios.
This message is associated with Microsoft 365 Roadmap ID 558547.
[When this will happen]
Public Preview: Rollout begins in late April 2026 and completes in mid‑May 2026.
General Availability (Worldwide): Rollout begins in mid‑May 2026 and completes in mid‑May 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2026-03-22
updated:
2026-03-22
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Data Processing Changes
The introduction of queryable endpoint DLP events in DSI alters how existing customer data is processed, as it allows for automatic collection of files associated with DLP alerts for analysis, potentially leading to data privacy concerns if not managed properly.
- roles: Admins, Security Investigators
- references: https://learn.microsoft.com/purview/data-security-investigations, https://learn.microsoft.com/purview/endpoint-dlp-learn-about
AI/ML Capabilities Modification
The change significantly modifies AI/ML capabilities by integrating AI-assisted tools to analyze files gathered through endpoint DLP queries, which may lead to unexpected results if the AI tools are not properly calibrated or tested before deployment.
- roles: Admins, Security Investigators
- references: https://learn.microsoft.com/purview/data-security-investigations, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=558547
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 3 weeks ago ago
