*For this entry exists the more relevant or more recent entry MC1045212
check before: 2026-01-01
Product:
Defender, Defender XDR, Purview Communication Compliance, Purview Insider Risk Management
Platform:
US Instances, Web, World tenant
Status:
In development
Change type:
Links:
Details:
With this feature, insights will be generated for potentially risky behaviors at a user level and will be surfaced across the following experiences: 1) Insider risk management context in DLP alert investigation 2) Insider risk management context in Communication compliance alert investigation 3) Insider risk management context in Microsoft Defender XDR user entity page 4) Advanced hunting in Microsoft Defender XDR User analytics will cover all eligible users in the tenant including users not in the scope of any Insider risk management policy. Customers can enable/disable user analytics in their tenant from Insider Risk Management settings. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-01-23
updated:
2025-10-18
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Please, look at the most relevant linked item for details
explanation for non-techies**
Imagine your office as a large, secure building with many rooms and sensitive documents. You have security measures in place to ensure that only authorized personnel can access certain areas. However, sometimes, even trusted employees might unintentionally or intentionally put your documents at risk. Microsoft Purview's Insider Risk Management is like having a sophisticated security system that not only monitors who enters and exits but also analyzes their behavior to identify any unusual activities that might suggest a risk to your documents.
This system generates insights about potentially risky behaviors at an individual level, much like a security guard who observes and reports if someone is acting suspiciously in the building. These insights are available in various areas, such as when investigating alerts about data loss or communication compliance issues. It's also integrated with Microsoft Defender XDR, which is like a central command center for monitoring security across your organization.
The user analytics feature covers all users, even those not specifically monitored under any insider risk policy, ensuring a comprehensive view of potential risks. It's like having a watchful eye over everyone in the building, not just those who are already under suspicion. Organizations can choose to enable or disable this feature based on their needs, similar to deciding whether to activate certain security cameras or alarms.
The system correlates different signals to identify risks, such as someone trying to take sensitive documents out of the building or accessing areas they shouldn't. It allows organizations to create policies to manage these risks, akin to setting rules for who can enter which rooms and what they can do there.
Privacy is a key consideration, with users' identities being pseudonymized by default, ensuring that personal information is protected. This is like having security personnel who know what to look for without needing to know the personal details of every individual in the building. Role-based access controls and audit logs further ensure that only authorized personnel can access sensitive information, maintaining a balance between security and privacy.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-10-18 | RM Release | September CY2025 | January CY2026 |
| 2025-02-28 | RM Description | With this feature, Insights will be generated for potentially risky behaviors at a user level and will be surfaced across the following experiences: 1) Insider risk management context in DLP alert investigation 2) Insider risk management context in Communication compliance alert investigation 3) Insider risk management context in Microsoft Defender XDR user entity page 4) Advanced hunting in Microsoft Defender XDR. User analytics will cover all eligible users in the tenant including users not in the scope of any Insider risk management policy. During the initial rollout, user analytics will be enabled by default for all customers who have enabled Insider risk management analytics. This will help customers benefit from this additional intelligence right from the start. Customers can enable/disable user analytics in your tenant from Insider risk management Global settings. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. | With this feature, insights will be generated for potentially risky behaviors at a user level and will be surfaced across the following experiences: 1) Insider risk management context in DLP alert investigation 2) Insider risk management context in Communication compliance alert investigation 3) Insider risk management context in Microsoft Defender XDR user entity page 4) Advanced hunting in Microsoft Defender XDR User analytics will cover all eligible users in the tenant including users not in the scope of any Insider risk management policy. Customers can enable/disable user analytics in their tenant from Insider Risk Management settings. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. |
| 2025-02-28 | RM Title | Microsoft Purview compliance portal: Insider Risk Management- Insider risk management user analytics | Microsoft Purview compliance portal: Insider Risk Management - User analytics |
| 2025-02-13 | RM Release | July CY2025 | September CY2025 |
Last updated 2 months ago ago
