check before: 2025-04-01
Product:
Purview, Purview Communication Compliance, Purview compliance portal, Purview Information Protection, Purview Insider Risk Management
Platform:
Online, Web, World tenant
Status:
Launched
Change type:
New feature, Admin impact
Links:
Details:
With this update, Microsoft Purview will start supporting collection policies. Collection policies allow customers to scope classification (SITs - Sensitive Information Types) and activities for scoped users. We recommend reviewing collection policies as they can be created by different Purview solution admins to ensure they are setup to detect the activities required by IRM policies. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
This message is associated with Microsoft 365 Roadmap ID 484082
[When this will happen:]
Public Preview (Worldwide): We will begin rolling out on early April 2025 and expect to complete by mid-April 2025.
General Availability (Worldwide): We will begin rolling out on late September 2025 and expect to complete by late September 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-04-09
updated:
2025-04-09
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Collection Policies Implementation
If collection policies are not properly configured, Insider Risk Management (IRM) policies may fail to function as intended, leading to undetected insider threats such as data leakage or IP theft.
- roles: Compliance Officer, IT Security Manager
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082
User Privacy Concerns
Changes in collection policies may raise user privacy concerns if users feel their activities are being overly monitored, potentially leading to decreased morale and trust in the organization.
- roles: HR Manager, Compliance Officer
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082
Audit Behavior Changes
Modifying the default full audit behavior without proper preparation may result in critical activities not being monitored, increasing the risk of compliance violations and security incidents.
- roles: IT Administrator, Compliance Officer
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced Monitoring of Insider Risks
Implementing collection policies allows for more granular monitoring of user activities related to insider risks. This can help in early detection of potential threats such as data leakage or IP theft, improving overall security posture.
- next-steps: Review current IRM policies and identify key activities that need monitoring. Set up collection policies accordingly to ensure they cover the necessary device indicators.
- roles: Security Administrators, Compliance Officers, IT Managers
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082
Improved Compliance Management
With collection policies, organizations can better align their compliance efforts with specific activities and sensitive information types. This ensures that compliance measures are effective and targeted, reducing the risk of non-compliance.
- next-steps: Conduct a compliance audit to identify gaps in current policies. Develop and implement collection policies that align with identified compliance requirements.
- roles: Compliance Officers, Risk Management Teams, Legal Advisors
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082
Optimized User Privacy Controls
The integration of pseudonymization and role-based access controls within collection policies enhances user privacy while still allowing for effective monitoring. This can help organizations maintain user trust and comply with privacy regulations.
- next-steps: Evaluate current user privacy policies and assess how collection policies can enhance them. Train relevant staff on the importance of privacy controls in monitoring.
- roles: Data Protection Officers, HR Managers, IT Security Teams
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 month ago ago
