Review risk examinations in Data Security Investigations (preview)

By examining impacted data for security risks, you can find network risks or data that presents continued security risks in your organization. Risk examinations provide reasoning for risk scores and recommended mitigation steps for each item so you can take the appropriate mitigation steps. Scores and explanations are summarized for the risk focus areas.

Analyze data for risk information

Complete the following steps to identify risks in data items included in the investigation scope:

1. Go to the Microsoft Purview portal and sign in using the credentials for a user account assigned Data Security Investigations permissions.
2. Select the Data Security Investigations (preview) solution card and then select Investigations in the left nav.
3. Select an investigation, then select Analysis on the navigation bar.
4. Use vector search or categorization tools to identify data for credentials examination.
5. Select one or more items, then select Examine on the command bar.
6. In the Examine with AI dialog, enter name for your examination process in the Job name field.
7. Enter a description for the examination process in the Job description field.
8. Select Risk: Analyze and score all active risks in selected items in the Choose a focus area field.
9. Select Examine to start the AI analysis.

Risk examinations include the following information for each item:

• Subject/Title: The subject or title of the data item.
• Privileged content: Indication if the data item is privileged content. Values are Yes or No.
• Overall security risk score: The risk score of the data item. Values from 0 to 4, higher values indicate higher risk items.
• Overall security risk explanation: A summary of the reasoning as to why the risks associated with the item are important.
• Errors: A summary of any processing errors encountered when the AI process was run.