check before: 2025-06-15
Product:
Defender, Purview, Purview Communication Compliance, Purview compliance portal, Purview Insider Risk Management
Platform:
Online, US Instances, Web, World tenant
Status:
Launched
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Insider Risk Management analysts must manually create cases in the Purview portal after confirming alerts in the Defender XDR portal. New alert-related content will be added for 30 days post-case creation. The change impacts workflows and requires training. Public Preview starts mid-June 2025, with General Availability by late September 2025.
Details:
To create a case, Insider Risk Management analysts must manually select "Confirm all alerts & create case" in the Purview portal after confirming an alert in the Defender XDR portal (security.microsoft.com). Once a case is created, related content such as online files and emails will be available in the Content explorer tab.
New content that contributes to alerts will continue to be added to the Content explorer for up to 30 days from the case creation date. After this period, any new alert-related content will not be added to the existing case. To access new content, analysts must close the current case and create a new one.
This change is associated with Microsoft 365 Roadmap ID 489228.
[When this will happen:]
Public Preview: Rolling out mid-June 2025; expected completion by late June 2025.
Targeted Release: Rolling out late July 2025; expected completion by mid-August 2025.
General Availability: Rolling out mid-September 2025; expected completion by late September 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-06-21
updated:
2025-06-21
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
The new system requires Insider Risk Management analysts to manually create cases in the Purview portal after confirming alerts in the Defender XDR portal, and they must manage related materials within a 30-day window, necessitating updates to workflows and documentation.
Direct effects for Operations**
Manual Case Creation
Insider Risk Management analysts must manually create cases in the Purview portal, leading to potential delays in case handling and increased workload.
- roles: Insider Risk Management Analysts, SOC Team Members
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=489228
Workflow Disruption
Existing workflows that assume automatic case creation will be disrupted, requiring updates to internal documentation and processes.
- roles: Insider Risk Management Analysts, Compliance Officers
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=489228
Content Retention Issues
New alert-related content will not be added to existing cases after 30 days, potentially leading to incomplete case information and oversight.
- roles: Insider Risk Management Analysts, Investigators
- references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=489228
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
Hypothetical Work Council Statement**
XXXXXXX ... paid membership only
DPIA Draft**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 4 weeks ago ago
