check before: 2026-04-01
Product:
Purview, Purview Communication Compliance, Purview compliance portal
Platform:
Online, Web, World tenant
Status:
In development
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Purview's Data Security Investigations will add a new Audit tab for building audit log queries directly within DSI, automatically surfacing related files. This feature, replacing CSV uploads, rolls out April-May 2026, enabling faster, more accurate investigations for admins and investigators without requiring prior configuration.
Details:
[Introduction]
We're introducing a new audit log querying experience in Data Security Investigations (DSI) in Microsoft Purview. This update allows administrators and investigators to build audit log queries directly within DSI by specifying criteria such as date range, users, activities, and keywords. DSI will then automatically surface files associated with those activities. This removes the previous manual process of exporting and reviewing large audit log datasets and makes investigations faster and more accurate.
This message is associated with Microsoft 365 Roadmap ID 558548.
[When this will happen]
Public Preview: Rollout will begin in early April 2026 and is expected to complete by late April 2026.
General Availability (Worldwide): Rollout will begin in early May 2026 and is expected to complete by early May 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2026-03-24
updated:
2026-03-24
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Removal of CSV Upload Option
The removal of the CSV upload option may lead to confusion and delays in investigations as users adapt to the new audit tab functionality, potentially impacting the speed of incident response.
- roles: Admins, Investigators
- references: https://learn.microsoft.com/purview/audit-log-activities, https://learn.microsoft.com/purview/data-security-investigations
Increased Dependency on New Audit Tab
Without prior preparation, users may struggle with the new audit tab interface, leading to inefficiencies in investigations and a potential increase in user frustration during the transition period.
- roles: Admins, Investigators
- references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=558548, https://learn.microsoft.com/purview/data-security-investigations
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago ago
