![Microsoft Purview | Data Security Triage Agent Summaries for DLP Alerts in Microsoft Defender XDR [MC1255406]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-ivaivo-15109651-1024x683.webp "Microsoft Purview | Data Security Triage Agent Summaries for DLP Alerts in Microsoft Defender XDR [MC1255406] 1")
[Introduction]
We’re introducing Data Security Triage Agent summaries and categorizations for Data Loss Prevention (DLP) alerts directly within the Microsoft Defender XDR portal. This update helps security analysts triage DLP alerts more efficiently by surfacing AI-generated summaries and categorizations created by the Microsoft Purview Data Security Triage Agent.
Screenshot 1: Data Security Triage Agent outputs and summaries now available in DLP alerts in Microsoft Defender XDR
This message is associated with Roadmap ID 558860.
[When this will happen:]
- Public Preview: We will begin rolling out early April 2026 and expect to complete by mid-April 2026.
- General Availability (Worldwide): We will begin rolling out mid-August 2026 and expect to complete by late August 2026.
[How this affects your organization:]
Who is affected:
- Security analysts and admins triaging DLP alerts in Microsoft Defender XDR
- Organizations using Microsoft Purview Data Security Triage Agent
What will happen:
- DLP alerts in Defender XDR will display AI-generated summaries and categorizations when the Agent is deployed.
- If the Agent is not deployed, eligible analysts can deploy it from the DLP alert page in Defender XDR.
- Agent management (instructions, pause/deactivate, usage monitoring) remains in Microsoft Purview.
- Existing DLP policies and enforcement are not changed.
- There is no impact to users.
Screenshot 2: Security Analysts and Admins triaging DLP alerts in Defenders will be able to deploy the Data Security Triage Agent from the Microsoft Defender XDR portal
[What you can do to prepare:]
- Deploy the Data Security Triage Agent in Microsoft Purview to enable summaries in Defender XDR.
- Review role assignments to ensure analysts who triage DLP alerts have the appropriate permissions.
- Update internal security operations documentation to reflect the new triage experience.
- Familiarize security teams with where Agent deployment can occur (Defender XDR) and where ongoing management is performed (Purview).
Learn more: Before rollout, we will update this post with new documentation.
[Compliance considerations:]
| Compliance area | Explanation |
|---|---|
| AI/ML or agent capabilities interacting with customer data | This change introduces AI-generated summaries and categorizations for DLP alerts using the Microsoft Purview Data Security Triage Agent, which processes existing DLP alert data to assist analysts during triage. |
| Admin controls | Admins can deploy the Data Security Triage Agent from the Microsoft Defender XDR portal. Ongoing agent management, including custom instructions, pausing or deactivating the agent, and monitoring usage, remains available in the Microsoft Purview portal. |
| Admin monitoring and compliance reporting | The update enhances DLP alert investigations by adding AI-generated context, improving how admins monitor and assess data security incidents without changing underlying DLP policy enforcement or audit logging. |
Source: Microsoft
Latest Posts
- Minimax M2.5 and GLM 5 models now available on Amazon Bedrock
- (Updated) Microsoft Entra passkeys on Windows now support phishing-resistant sign-in [MC1247893]
- (Updated) Microsoft Teams: Improvements to “Activity in other accounts and orgs panel” [MC1184992]
- Updates available for Microsoft 365 Apps for Current Channel [MC1255412]
![Microsoft Edge for Business: Cross-tenant support using Intune Mobile Application Management (MAM) [MC1255405]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-nickcollins-1293006-150x150.webp "Microsoft Edge for Business: Cross-tenant support using Intune Mobile Application Management (MAM) [MC1255405] 9")