Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihbnnvz2a732cn3ryl2sqdvagwbo5iicubzsmf34j4xojgll5lwbq",
    "uri": "at://did:plc:xxrzfynfiasdpbxteqxi4jgq/app.bsky.feed.post/3mnsvcvrgiff2"
  },
  "description": "Microsoft Purview Data Security Investigations now includes pre-configured search templates for common data security scenarios, enabling faster, standardized investigations with minimal inputs. This feature is generally available worldwide, requires no admin action, and helps reduce setup time fo...",
  "path": "/m365-message-center/message/mc1384427/",
  "publishedAt": "2026-06-09T00:00:06.000Z",
  "site": "https://blog.tophhie.cloud",
  "tags": [
    "560326",
    "Data Security Investigations | Microsoft Purview",
    "Learn about Data Security Investigations | Microsoft Purview | Microsoft Learn"
  ],
  "textContent": "**[What and Why]**\n\nWe’re adding **search templates** to **Microsoft Purview Data Security Investigations** to provide pre-configured search queries for common data security scenarios such as data exfiltration, compromised mailboxes, personal data exposure, and risky AI interactions. These templates help investigators quickly and consistently scope investigations in just a few clicks instead of manually building queries, reducing setup time and lowering the barrier for less-experienced analysts. Users can select a template, provide minimal inputs (such as a user or site), and begin their investigation.\n\nThis message is associated with **Microsoft 365 Roadmap ID** 560326.\n\n**[Rollout Schedule]**\n\n**General Availability (Worldwide):** Available now\n\n**[Impact on Your Organization]**\n\n_Who is affected_\n\nSecurity analysts and investigators using Microsoft Purview Data Security Investigations\n\n _Platforms/Services_\n\n  * Microsoft Purview (web)\n  * Data Security Investigations solution\n\n\n\n _What will happen_\n\n  * Investigators can start a new investigation using prebuilt templates instead of creating search queries from scratch.\n  * Templates cover common data security scenarios and require only minimal inputs (for example, user, mailbox, or SharePoint site) to start an investigation.\n  * Investigations are automatically scoped and ready to run once inputs are provided.\n  * This reduces manual setup time and helps standardize investigation workflows.\n  * Existing investigations and custom queries are not affected.\n  * The feature will be**available by default** **where Data Security Investigations is enabled**.\n\n\n\n_Screenshot - Creating an investigation from a template in Data Security Investigations:_\n\nTypical workflow:\n\n  1. Create a new investigation in _Data Security Investigations_.\n  2. Select a template that matches your scenario.\n  3. Provide the required inputs.\n  4. Run the query to open a scoped investigation.\n\n\n\n**[Action Required/Recommendations]**\n\nNo admin action is required.\n\nRecommended actions:\n\n  * Inform your security and investigation teams about this capability\n  * Encourage teams to use templates to standardize investigation workflows\n  * Review internal investigation procedures and update documentation if needed\n\n\n\n**Learn more:**\n\n  * Data Security Investigations | Microsoft Purview\n  * Learn about Data Security Investigations | Microsoft Purview | Microsoft Learn\n\n\n\n**[Compliance considerations]**\n\nNo compliance considerations identified. Review as appropriate for your organization.",
  "title": "MC1384427: Microsoft Purview | Data Security Investigations: Investigation templates for common data security scenarios",
  "updatedAt": "2026-06-09T00:00:06.648Z"
}