*For this entry exists the more relevant or more recent entry MC961761
check before: 2025-08-01
Product:
Defender, Defender for Endpoint, Defender XDR, Microsoft Graph, Purview Communication Compliance, Purview Information Protection, Purview Insider Risk Management
Platform:
Developer, US Instances, Web, World tenant
Status:
Rolling out
Change type:
Links:
Details:
With this feature, IRM alerts and other supporting data will be available in the following Microsoft Defender XDR experiences: 1. IRM alerts will be surfaced in unified alert and Incident queue in Microsoft Defender XDR. 2. IRM alerts, Indicators, and enriched events will be available in Microsoft Defender XDR advanced hunting. Analysts can leverage KQL queries to identify potentially hidden risky patterns in data security related user activity. 3. IRM alert, Indicators, and enriched events will be exposed through Graph API. This feature can be enabled through “Share data with Microsoft Defender XDR” within Microsoft Insider Risk Management settings. To ensure privacy of the data, all IRM data in Microsoft Defender XDR can only be accessed by users with Insider risk analyst or Insider risk investigator permissions in Purview. Existing analysts accessing IRM data in purview will continue to access IRM data in Microsoft Defender XDR. IRM data in Microsoft Defender XDR does not honor anonymization. This is to enable effective correlation of IRM alerts with alerts from other solutions in Microsoft Defender XDR platform (such as Defender for Endpoint, Defender for Cloud apps, etc.). Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2024-11-05
updated:
2025-09-24
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Please, look at the most relevant linked item for details
explanation for non-techies**
Imagine you are managing a large library, and you have a team of librarians who help keep everything organized. In this library, you have various sections like fiction, non-fiction, and reference materials. Each section has its own unique way of organizing books, but sometimes you need to see the bigger picture of how all the sections are doing together. This is where a new tool comes in handy, like Microsoft Purview's Insider Risk Management (IRM) feature within the Microsoft Defender XDR platform.
Think of Microsoft Defender XDR as a central control room for your library, where you can see alerts and incidents from all sections at once. The IRM alerts are like notifications from the librarians about potential issues, such as a book being misplaced or someone trying to leave with a book without checking it out. These alerts are now visible in a unified queue, so you can easily track and manage them alongside other alerts from different sections of your library.
Additionally, you have a detective in your library who uses advanced tools to spot patterns that might not be immediately obvious. This is similar to the advanced hunting feature in Microsoft Defender XDR, where analysts can use special queries to find hidden risks in user activities, much like the detective finding a pattern of missing books that might indicate a larger issue.
Furthermore, these alerts and related information can be accessed through a system called Graph API, which is like having a direct line to the librarians for more detailed information about what's happening in the library. This helps in correlating data from different sections to get a comprehensive view of any potential risks.
To protect the privacy of library patrons, only certain staff members with specific roles can access sensitive information, ensuring that privacy is maintained while still allowing for effective risk management. However, to fully understand and address issues, some information cannot be anonymized, much like needing to know the exact title and author of a book to find it in the library.
Overall, this new feature in Microsoft Purview helps organizations manage insider risks by providing a more integrated and comprehensive view of potential issues, much like how a library manager can better oversee the entire library with a centralized system.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-09-24 | RM Status | In development | Rolling out |
| 2025-07-02 | RM Release | June CY2025 | August CY2025 |
| 2025-01-24 | RM Release | April CY2025 | June CY2025 |
| 2024-12-18 | RM Cloud Instance Tags | Worldwide (Standard Multi-Tenant) | Worldwide (Standard Multi-Tenant), DoD, GCC High, GCC |
| 2024-12-18 | RM Preview | December CY2024 | January CY2025 |
Last updated 4 weeks ago ago
