Microsoft is rolling out a great new capability that will make life much easier for anyone who works with Data Loss Prevention (DLP) alerts. You’ll now start seeing AI‑generated summaries and categorizations, produced by the Microsoft Purview Data Security Triage Agent, directly inside the Microsoft Defender XDR portal.
This means faster triage, clearer insights, and less time manually digging through alert details.
What’s new?
When a DLP alert fires, analysts will now see:
- A concise AI‑generated summary of what happened
- A suggested categorization of the alert
- Context pulled directly from the incident to help speed up investigation
If you’ve already deployed the Triage Agent in Purview, these summaries will show up automatically in your Defender XDR alerts. If not, eligible analysts will be able to deploy it directly from the alert page super handy.
Rollout timeline
Public Preview
Starts: Early April 2026
Completed by: Mid‑April 2026
General Availability (Worldwide)
Starts: Mid‑August 2026
Completed by: Late August 2026
Who is impacted?
This update is especially helpful for:
- Security analysts and administrators triaging DLP alerts in Defender XDR
- Organizations already using (or planning to use) Microsoft Purview’s Data Security Triage Agent
Existing DLP policies, enforcement, and user experience remain unchanged.