Microsoft has launched optical character recognition support for Microsoft Purview Data Security Investigations, extending the service’s ability to extract text embedded in images and include it in investigation data.
The change is intended to make visual content searchable and available to the product’s AI-powered content analysis. In practical terms, security teams using Data Security Investigations can now expect text in image-based material to be considered during investigations, rather than treating an image as an opaque attachment or document element.
Microsoft lists the feature as Microsoft 365 Roadmap ID 561489. The entry moved to Launched on July 14, 2026, with general availability scheduled for July 2026. Preview availability began in May 2026. The rollout applies to Microsoft Purview on the web for the worldwide standard multi-tenant cloud, across both General Availability and Preview release rings.
Sensitive material does not always arrive as selectable text. It may be captured in screenshots, scanned paperwork, exported reports, photos of whiteboards, or images inserted into otherwise ordinary files. OCR turns recognizable text in those visuals into investigation data, allowing Purview’s analysis to account for it.
That matters most where investigators are looking for evidence of accidental exposure, policy violations, or suspicious handling of sensitive information. A screenshot containing account details, a photographed document, or an image-based report may now produce useful context that was previously harder to surface through text-led analysis alone.
Microsoft describes the feature as supporting “deep content analysis” intended to uncover data-security risks hidden within visual content. The roadmap entry does not specify supported file types, image-quality thresholds, languages, retention changes, licensing requirements, or any new administrator controls.
Security and compliance teams should:
For Purview customers already using Data Security Investigations, the immediate next step is to verify that image-based evidence is appearing in current investigation workflows.
The change is intended to make visual content searchable and available to the product’s AI-powered content analysis. In practical terms, security teams using Data Security Investigations can now expect text in image-based material to be considered during investigations, rather than treating an image as an opaque attachment or document element.
Microsoft lists the feature as Microsoft 365 Roadmap ID 561489. The entry moved to Launched on July 14, 2026, with general availability scheduled for July 2026. Preview availability began in May 2026. The rollout applies to Microsoft Purview on the web for the worldwide standard multi-tenant cloud, across both General Availability and Preview release rings.
Why OCR changes the investigation picture
Sensitive material does not always arrive as selectable text. It may be captured in screenshots, scanned paperwork, exported reports, photos of whiteboards, or images inserted into otherwise ordinary files. OCR turns recognizable text in those visuals into investigation data, allowing Purview’s analysis to account for it.That matters most where investigators are looking for evidence of accidental exposure, policy violations, or suspicious handling of sensitive information. A screenshot containing account details, a photographed document, or an image-based report may now produce useful context that was previously harder to surface through text-led analysis alone.
Microsoft describes the feature as supporting “deep content analysis” intended to uncover data-security risks hidden within visual content. The roadmap entry does not specify supported file types, image-quality thresholds, languages, retention changes, licensing requirements, or any new administrator controls.
What administrators should do
There is no separate Windows client update implied by this roadmap item. The feature is delivered through the Microsoft Purview web service, so organizations using Data Security Investigations should treat it as a cloud capability change.Security and compliance teams should:
- Test representative image-heavy investigation material and compare results with prior cases.
- Review analyst workflows so OCR-derived text is evaluated as evidence, not assumed to be perfect transcription.
- Check internal procedures for handling screenshots, scans, and image attachments that may now be more readily discoverable.
- Watch Purview documentation and Message Center communications for details Microsoft did not include in the roadmap entry, particularly around supported content and configuration.
For Purview customers already using Data Security Investigations, the immediate next step is to verify that image-based evidence is appearing in current investigation workflows.
References
- Primary source: Microsoft 365 Roadmap
Published: 2026-07-14T22:41:38.6349466Z
Microsoft 365 Roadmap | Microsoft 365
The Microsoft 365 Roadmap lists updates that are currently planned for applicable subscribers. Check here for more information on the status of new features and updates.www.microsoft.com