🔥 GA: Microsoft Purview Data Security Investigations
Microsoft has announced the General Availability of Purview Data Security Investigations (DSI), bringing AI‑driven, end‑to‑end data investigations into the Purview suite. DSI enables rapid scoping, deep content analysis, and direct remediation during investigations across Microsoft 365 data sources (Exchange, SharePoint, OneDrive, Teams, and Copilot artifacts).
- AI‑powered deep content analysis with natural‑language queries and semantic/vector search.
- Accelerated incident response: investigations that formerly took weeks can complete in hours.
- Integrated signals: link content findings to audit/user activity for end‑to‑end context.
- New purge action: delete overshared or sensitive content directly within an investigation.
- Usage‑based pricing for investigation storage and compute with cost estimators and usage tracking.
Sources:
Microsoft Community Hub (GA announcement) ·
Help Net Security (feature & pricing details) ·
Neowin (integrations & use cases)
📊 New Purview DSPM Experience (Preview → GA in Apr–May 2026)
Microsoft is introducing a modernized Data Security Posture Management (DSPM) experience for Purview, adding AI observability, Security Copilot agents, expanded risk assessments, and third‑party signal ingestion—without disrupting existing policies or onboarding steps.
Key Highlights for MSSPs
- Security Copilot automation for triage and policy workflows.
- Unified visibility with third‑party signals (BigID, Cyera, OneTrust, Varonis).
- Extended Data Risk Assessments (incl. Fabric, item‑level analysis, bulk link remediation).
- No admin action required: classic DSPM configurations carry over.
- Timeline: Public Preview rolling now; GA targeted for Apr–May 2026.
🆕 What’s New in Purview (January 2026)
- Adaptive scopes: new PowerShell cmdlet
Get‑AdaptiveScopeMembersfor very large scope exports. - Data Governance:
- Preview: Data Quality support for Azure SQL Managed Instance.
- Preview: Deleted asset notices propagate to data products/critical data elements.
- GA: Multiregion + VNet support for storing data‑quality error records locally.
- Preview: Author custom rules using SQL expression language alongside ADF expressions.
- GA: VNet support for self‑service analytics metadata storage.
- DLP: Restructured docs and workflows for device/inline data protection scenarios.
- Copilot Agents in Purview: Preview for the Purview Posture Agent in DSPM.
⚠️ Service Note: Jan 22 Microsoft 365 Outage Impacted Purview Access
During the Microsoft 365 outage on January 22, 2026, access to Purview and other admin portals was intermittently unavailable as North American infrastructure failed to process traffic, requiring load balancing and traffic redirection.
Sources:
CRN (cross‑service impact & timeline) ·
Hindustan Times (Purview listed among affected services)
💼 MSSP Action Plan for This Week
- Operationalize DSI (GA): Train analysts on natural‑language investigation workflows; define purge governance and change control.
- Forecast DSI costs: Enable cost estimators; tag investigation scopes per customer for showback/chargeback.
- Prepare for new DSPM: Map current controls to the new experience; plan to ingest third‑party signals for unified views.
- Harden outage communications: Pre‑draft Purview service advisories; document exports or alternate workflows when portals are unavailable.
- Leverage January roadmap: Use Azure SQL MI data‑quality preview and adaptive scope cmdlets in large tenants.
🔗 References
- Microsoft Community Hub — Purview Data Security Investigations GA
- Help Net Security — Purview DSI overview, GA & pricing
- Neowin — Purview DSI capabilities & integrations
- Microsoft 365 Admin — New Purview DSPM experience
- Microsoft Learn — What’s New in Microsoft Purview (Jan 2026)
- CRN — Microsoft outage impact including Purview
- Hindustan Times — Microsoft 365 outage with Purview listed
