477363 – Microsoft Purview compliance portal: Insider Risk Management – Recommended thresholds

Product:

Purview, Purview Communication Compliance, Purview compliance portal, Purview Insider Risk Management

Platform:

US Instances, Web, World tenant

Status:

In development

Change type:

Links:

Details:

With this update, admins with the appropriate permissions can get tailored recommended thresholds for all the built-in indicators within the policy wizard. This feature enables organizations to fine tune their insider risk policies and get an optimal number of alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability

Created:
2025-02-06

updated:
2026-01-21

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Insider Risk Policy Misconfiguration
Without proper preparation, changes to insider risk thresholds may lead to misconfigured policies, resulting in either too many alerts (alert fatigue) or too few alerts (missed risks). This can compromise the organization's ability to detect insider threats effectively.
   - roles: Compliance Officer, IT Security Manager
   - references: https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-365/ba-p/1951230, https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/ " target="_blank" rel="nofollow noopener noreferrer">https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/

User Privacy Concerns
Changes made without adequate preparation may inadvertently expose user data or lead to privacy violations, as users may not be aware of the new monitoring thresholds and policies, potentially leading to distrust and decreased morale.
   - roles: HR Manager, Compliance Officer
   - references: https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/, https://www.privacyinternational.org/explainer/4000/what-insider-threat

Configutation Options**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

Imagine you're running a large law firm, and you want to ensure that your sensitive client information is kept secure. Just like you would set up a security system in your office with cameras and alarms to detect any unauthorized access, Microsoft Purview's Insider Risk Management acts as a digital security system for your organization's data.

With this new update, think of it as having a smart security system that not only detects when someone tries to access restricted areas but also learns from past incidents to improve its detection capabilities. It offers recommended thresholds, which are like the sensitivity settings on your security alarms. These thresholds help you decide what level of activity should trigger an alert, ensuring you get the right amount of notifications without being overwhelmed by false alarms.

The system looks at various signals, similar to how a security system might use motion detectors, cameras, and door sensors, to identify potential risks. These risks could be someone trying to take confidential information or accidentally sharing sensitive data. By setting up policies that align with your firm's internal rules and compliance requirements, you can tailor the system to focus on what's most important to you.

Additionally, just as you would want to protect the privacy of individuals in your office by not sharing security footage unnecessarily, Microsoft Purview ensures privacy by pseudonymizing user data and implementing role-based access controls. This means that only authorized personnel can access certain information, and there's a record of who accessed what, maintaining a high level of privacy and accountability.

In essence, this update helps you manage insider risks more effectively, providing a balance between security and privacy, much like a well-tuned office security system.