Microsoft Purview Gets AI Tool to Accelerate Data Breach Investigations

Microsoft has made its Purview Data Security Investigations solution generally available for commercial customers. The new tool is built to expose hidden data risks and reduce investigation timelines from weeks to just hours.

According to Microsoft, traditional data investigations often require manual, file‑by‑file reviews, which are no longer practical due to the scale of data and frequency of breaches. The Microsoft Purview Data Security Investigations solution is built to streamline and accelerate investigations by bringing discovery, analysis, and remediation into a single, unified experience.

How does Microsoft Purview Data Security Investigations work?

Since launching in public preview, Microsoft Purview Data Security Investigations has evolved based on customer feedback to speed up investigations, strengthen risk mitigation, and give organizations clearer control over costs. The solution streamlines three major phases of an investigation by helping security teams quickly identify relevant data across Microsoft 365, integrate with tools like Defender XDR and Insider Risk Management, and apply new entry points from Data Security Posture Management.

Once scoped, the generative AI capabilities help admins in identifying sensitive data and security risks with features such as AI search, categorization, vector search, risk examination, and context‑driven analysis across more than 95 languages. Additionally, the platform supports smoother collaboration, enhanced with visual correlation through the Microsoft Sentinel graph integration and the newly added purge action that lets security teams remove sensitive or overshared content directly within the workflow.

Microsoft has also introduced built‑in cost management tools to help organizations manage expenses confidently. These include a lightweight cost estimator and a usage dashboard that offers detailed visibility into storage and compute consumption.

What are the common use cases?

Organizations are using the solution for both reactive and proactive security scenarios. These include evaluating the severity and business impact of data breaches or leaks, identifying exposed passwords and credentials across SharePoint and other data repositories, and detecting signs of internal fraud, bribery, or suspicious vendor communications.

It also helps security teams determine who accessed and potentially redistributed sensitive files that were accidentally shared in Microsoft Teams, as well as locate inappropriate or policy‑violating content even when only minimal details (such as a timeframe or channel) are available.

Lastly, Microsoft Purview Data Security Investigations follows a flexible pay‑as‑you‑go and capacity‑based pricing model, which allows organizations to pay only for the storage and AI capabilities they actually use. This approach eliminates the need for a separate enterprise license, making the solution more accessible while still scalable. For those who want to explore costs in more detail, Microsoft has provided information about the available billing options on its support page.