Microsoft Introduces New IT Admin Tool to Analyse Security Breaches

Microsoft Purview Data Security Investigations (DSI) are now widely accessible. This AI-powered solution is intended to assist cybersecurity teams and IT administrators in rapidly identifying, evaluating, and mitigating data dangers hidden within large databases. 

It is necessary to establish and sustain a strong cybersecurity posture, which is typically a key component of successful organisations. Although many suppliers provide a wide range of security solutions, the majority of businesses typically stick to the options which are provided by the ecosystem in which they are already well-established. In order to lower the risk of breaches, having a strong data governance system is just as crucial as cybersecurity. Microsoft has now added a new tool to its Purview suite to help with data-related investigations.

The Redmond based company is now prepared to make this unified solution widely accessible, even if certain clients have been utilising Microsoft Purview Data Investigations for a while through the public preview. In essence, data investigations are services that use AI to help IT administrators and security staff find and look into data linked to breaches and reduce risks.

Customers in time past made use of data investigations to scan files on SharePoint at scale during the public preview, according to Microsoft, to find out if sensitive credentials were being exposed, comprehend the risks of the data exposed after a breach, find suspicious communications related to fraudulent activities, identify who accessed sensitive files, and spot “inappropriate content” in online communication channels. Microsoft claims that investigations that used to take weeks or were impossible at all can now be finished in a matter of hours.

Semantic search, vector search, contextual analysis, content categorisation, and other AI technologies power this complete infrastructure. Additionally, it has connections with Microsoft Sentinel, Microsoft Defender XDR incident, Microsoft Purview Insider Risk Management, and Microsoft Purview Data Security Posture Management. In order to prevent clients from going over budget while doing thorough scans and inspections, the Redmond company has also provided cost estimators and a utilisation dashboard.

According to Microsoft, Purview Data Investigations is both a proactive and reactive tool, as demonstrated by some of the previously provided instances. More information on the tool, which is currently widely accessible, may be found here.

The important aspects of DSI (Data Security Investigations) helps IT admins.

• AI-Powered Analysis: Performs deep content analysis on emails, Teams messages, documents, and Copilot prompts/responses using generative AI and Large Language Models (LLMs).
• Natural Language Search: Instead of utilising complicated search strings, administrators can use conversational enquiries (keywords, metadata, and semantic embeddings) to locate pertinent information.
• Automated Categorisation: To help prioritise the most serious threats, impacted data is automatically sorted into risk categories (such as credentials, financial information, and trade secrets).
• New “Purge” Action: This was introduced in January 2026, and this feature enables administrators to rapidly minimise exposure by removing sensitive or excessively shared content straight from the investigation interface.
• Cross-Platform Integration: Administrators can initiate investigations straight from Data Security Posture Management insights, Microsoft Defender XDR events, or Microsoft Purview Insider Risk Management cases.

For the AI analysis, DSI employs a pay-as-you-go consumption model based on compute units (CUs) and storage (GB), and cost management tools include a use dashboard and a lightweight in-product cost calculator to assist businesses in tracking and forecasting their expenditures.

Other additonal updates on security tools are;

• Phishing Triage Agent, which is presently  accessible in Microsoft Defender, this agent independently evaluates reported emails to differentiate between genuine threats and false positives.
• Threat Hunting Agent: A new public preview tool that replaces KQL searches with natural language queries to enable analysts to perform intricate real-time hunts.
• Microsoft Sentinel’s Sentinel Behaviours Layer is a public preview feature that converts unprocessed information into behavioural descriptions that can be read by humans to clarify “who did what to whom” during an incident.