Microsoft 365 Message Center item MC1384427

MC1384427 - Microsoft Purview | Data Security Investigations: Investigation templates for common data security scenarios

Microsoft Purview Data Security Investigations now includes pre-configured search templates for common data security scenarios, enabling faster, standardized investigations with minimal inputs. This feature is generally available worldwide, requires no admin action, and helps reduce setup time for security analysts using the solution.

Message Center ID
MC1384427
Category
stay Informed
Severity
normal
Services
Microsoft Purview
Tags
New feature, User impact, Admin impact
Roadmap ID
560326
Platforms
Web
Published
2026-06-08
Last updated
2026-06-08
Expires
2026-07-05

[What and Why]We’re adding search templates to Microsoft Purview Data Security Investigations to provide pre-configured search queries for common data security scenarios such as data exfiltration, compromised mailboxes, personal data exposure, and risky AI interactions. These templates help investigators quickly and consistently scope investigations in just a few clicks instead of manually building queries, reducing setup time and lowering the barrier for less-experienced analysts. Users can select a template, provide minimal inputs (such as a user or site), and begin their investigation.This message is associated with Microsoft 365 Roadmap ID 560326.[Rollout Schedule]General Availability (Worldwide): Available now[Impact on Your Organization]Who is affectedSecurity analysts and investigators using Microsoft Purview Data Security InvestigationsPlatforms/ServicesMicrosoft Purview (web)Data Security Investigations solutionWhat will happenInvestigators can start a new investigation using prebuilt templates instead of creating search queries from scratch.Templates cover common data security scenarios and require only minimal inputs (for example, user, mailbox, or SharePoint site) to start an investigation.Investigations are automatically scoped and ready to run once inputs are provided.This reduces manual setup time and helps standardize investigation workflows.Existing investigations and custom queries are not affected.The feature will be available by default where Data Security Investigations is enabled.Screenshot - Creating an investigation from a template in Data Security Investigations: Typical workflow:Create a new investigation in Data Security Investigations.Select a template that matches your scenario.Provide the required inputs.Run the query to open a scoped investigation.[Action Required/Recommendations]No admin action is required.Recommended actions:Inform your security and investigation teams about this capabilityEncourage teams to use templates to standardize investigation workflowsReview internal investigation procedures and update documentation if neededLearn more:Data Security Investigations | Microsoft PurviewLearn about Data Security Investigations | Microsoft Purview | Microsoft Learn[Compliance considerations]No compliance considerations identified. Review as appropriate for your organization.