check before: 2025-02-01
Product:
Defender, Purview, Purview Communication Compliance, Purview compliance portal, Purview Insider Risk Management
Platform:
US Instances, Web, World tenant
Status:
Launched
Change type:
Links:
Details:
With this update, any SOC analyst with the required customer-determined permissions can access an insider risk summary of user activities that may lead to potential data security incidents, as a part of the user entity investigation experience in Microsoft Defender. This feature can help SOC analysts gain insider risk context for a specific user and make more informed decisions on responses to potential incidents. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2023-12-21
updated:
2026-01-21
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Data Security Incident Risk
Without proper preparation, the implementation of insider risk management features may lead to misinterpretation of user activities, resulting in false positives for potential data security incidents. This can cause unnecessary investigations and strain on resources.
- roles: SOC Analyst, IT Security Manager
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-purview/ba-p/3651230, https://www.microsoft.com/en-us/security/blog/2021/06/24/insider-risk-management-in-microsoft-365/
User Privacy Concerns
If the insider risk management features are deployed without adequate communication and training, users may feel their activities are being excessively monitored, leading to decreased trust and morale within the organization.
- roles: End User, HR Manager
- references: https://www.forbes.com/sites/bernardmarr/2021/06/28/the-importance-of-user-privacy-in-the-age-of-data-analytics/?sh=5c1c1e1e7b5b, https://www.microsoft.com/en-us/security/blog/2021/06/24/insider-risk-management-in-microsoft-365/
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Imagine you're managing a large library. In this library, there are countless books and documents, some of which are highly sensitive and need to be protected. You have a team of librarians (think of them as your IT security team) who are responsible for ensuring that none of these sensitive materials are mishandled or stolen.
Now, Microsoft Purview's Insider Risk Management is like a sophisticated security system for your library. It helps your librarians (or in this case, your Security Operations Center analysts) keep an eye on the activities of people using the library, especially those who might be handling sensitive materials. This system provides a summary of each user's activities, which can be thought of as a report card that highlights any unusual behavior that might suggest someone is trying to sneak out a valuable book or document.
The update to Microsoft Defender allows these librarians to access this insider risk summary directly, giving them a clearer picture of what each user is doing. It's like giving them a pair of glasses that lets them see who might be lingering too long in the restricted section or who might be copying down too many notes from a sensitive document.
The system is designed to respect privacy, much like how a library respects the privacy of its patrons. Users are pseudonymized, meaning their identities are hidden, similar to how library records might use a code instead of a patron's name. Access to this information is controlled, ensuring that only those with the right permissions can see it, just like how only certain librarians might have the keys to the restricted section.
In essence, this update helps your team make informed decisions about how to respond to potential security incidents, ensuring that your library's most valuable materials remain safe and secure.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-01-21 | RM Product Tags | Microsoft Purview compliance portal | Microsoft Purview |
| 2025-05-06 | RM Status | In development | Launched |
| 2024-09-05 | RM Release | November CY2024 | February CY2025 |
| 2024-03-19 | RM Release | March CY2024 | November CY2024 |
| 2024-03-19 | RM Preview | December CY2023 | April CY2024 |
Last updated 4 weeks ago ago
