MC1051100 – Microsoft Purview compliance portal: Collection policies impact on IRM (archived)

Product:

Purview, Purview Communication Compliance, Purview compliance portal, Purview Information Protection, Purview Insider Risk Management

Platform:

Online, Web, World tenant

Status:

Launched

Change type:

New feature, Admin impact

Links:

484082

Details:

With this update, Microsoft Purview will start supporting collection policies. Collection policies allow customers to scope classification (SITs - Sensitive Information Types) and activities for scoped users. We recommend reviewing collection policies as they can be created by different Purview solution admins to ensure they are setup to detect the activities required by IRM policies. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
This message is associated with Microsoft 365 Roadmap ID 484082
[When this will happen:]
Public Preview (Worldwide): We will begin rolling out on early April 2025 and expect to complete by mid-April 2025.
General Availability (Worldwide): We will begin rolling out on late September 2025 and expect to complete by late September 2025.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2025-04-09

updated:
2025-04-09

Public Preview Start Date

XXXXXXX ... free basic plan only

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

summary for non-techies**

Microsoft Purview is introducing collection policies to help organizations manage and monitor sensitive information, with rollout starting in April 2025 for testing and full availability by September 2025.

Direct effects for Operations**

Collection Policies Implementation
If collection policies are not properly configured, Insider Risk Management (IRM) policies may fail to function as intended, leading to undetected insider threats such as data leakage or IP theft.
   - roles: Compliance Officer, IT Security Manager
   - references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082

User Privacy Concerns
Changes in collection policies may raise user privacy concerns if users feel their activities are being overly monitored, potentially leading to decreased morale and trust in the organization.
   - roles: HR Manager, Compliance Officer
   - references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082

Audit Behavior Changes
Modifying the default full audit behavior without proper preparation may result in critical activities not being monitored, increasing the risk of compliance violations and security incidents.
   - roles: IT Administrator, Compliance Officer
   - references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only