409965 – Microsoft Purview compliance portal: Insider Risk Management- Adaptive scopes

Product:

Entra, Purview, Purview Communication Compliance, Purview compliance portal, Purview Information Protection, Purview Insider Risk Management

Platform:

US Instances, Web, World tenant

Status:

Rolling out

Change type:

Links:

Details:

Ability to target IRM policies using global Adaptive Scopes. Adaptive scopes within IRM policies allow admins to use existing adaptive scopes created on the Microsoft Purview compliance portal within IRM policies, Adaptive scopes can be created using queries to define user groups dynamically. This feature provides more powerful targeting for policies, allowing different settings to be assigned to users based on attributes from Entra ID without the administrative burden of creating and maintaining groups. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2024-09-17

updated:
2026-01-21

Public Preview Start Date

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Insider Risk Management Policy Misconfiguration
Without proper preparation, the implementation of adaptive scopes may lead to misconfigured insider risk management policies, resulting in either over-targeting or under-targeting of users, which can cause unnecessary alerts or missed risks.
   - roles: Compliance Officer, IT Security Manager
   - references: https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-365/ba-p/1941230, https://www.microsoft.com/en-us/microsoft-365/blog/2021/06/24/introducing-insider-risk-management-in-microsoft-365/

User Experience Disruption
Changes made without adequate preparation can lead to confusion among users regarding their data access and privacy settings, potentially resulting in decreased productivity and trust in the system.
   - roles: End User, IT Support Specialist
   - references: https://www.forbes.com/sites/bernardmarr/2021/06/28/the-impact-of-technology-on-user-experience/?sh=4c1b1c4e7c3b, https://www.microsoft.com/en-us/security/blog/2021/06/24/insider-risk-management-in-microsoft-365/

Configutation Options**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

Imagine you're managing a large law firm or corporation, and you need to ensure that sensitive information is protected from potential internal threats, like data leaks or unauthorized access. Think of Microsoft Purview's Insider Risk Management (IRM) as a sophisticated security system for your office, but instead of cameras and alarms, it uses digital tools to keep an eye on potential risks from within your organization.

Adaptive scopes are like customizable security zones within this system. Normally, you might have to manually set up different security measures for each department or group of employees, much like assigning different access levels to different floors in a building. This can be a tedious task, especially in a large organization with many employees.

With adaptive scopes, it's like having a smart system that automatically adjusts the security settings based on who is in the room. It uses criteria, such as job roles or departments, to dynamically create groups and apply the appropriate security measures. This means you don't have to manually update each group every time there's a change in staff or roles, reducing the administrative workload.

Furthermore, the system is designed with privacy in mind. Imagine if your security cameras only showed anonymized figures instead of clear images, ensuring that individual privacy is respected while still maintaining security. Similarly, Microsoft Purview pseudonymizes user data by default, meaning that while the system can detect potential risks, it does so without compromising individual privacy.

Overall, this approach allows organizations to efficiently manage insider risks by applying the right policies to the right people at the right time, all while maintaining a high standard of privacy and security.