check before: 2025-03-15
Product:
Entra, Purview, Purview Communication Compliance, Purview compliance portal, Purview Information Protection, Purview Insider Risk Management
Platform:
Online, US Instances, Web, World tenant
Status:
Launched
Change type:
Admin impact, New feature, Updated message
Links:
Details:
Summary:
Microsoft Purview Insider Risk Management will soon allow analysts to identify compromised user alerts in Microsoft Entra. The rollout starts mid-May 2025 (worldwide) and early-August 2025 (GCC, GCC High, DoD). Risk detections will be visible in the alert investigation experience but won't affect risk scores. No admin action is required.
Details:
Updated April 24, 2025: We have updated the rollout timeline below. Thank you for your patience.
Coming soon to Microsoft Purview | Insider Risk Management: IRM analysts will be able to identify if a user being investigated has any compromised user alerts in Microsoft Entra. The new visibility will help the analyst formulate the right response action, such as escalating the Incident to SOC teams for quick remediation.
This message is associated with Microsoft 365 Roadmap ID 420938.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out mid-May 2025 (previously mid-April) and expect to complete by late May 2025 (previously late April).
General Availability (GCC, GCC High, DoD): We will begin rolling out early-August 2025 and expect to complete by late August 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-02-15
updated:
2025-04-25
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Compromised User Detection Visibility
Without preparation, analysts may not be aware of the new compromised user alerts in Microsoft Entra, leading to delayed incident response and potential security breaches.
- roles: IRM Analysts, SOC Teams
- references: https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators?tabs=purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators?tabs=purview-portal, https://learn.microsoft.com/entra/id-protection/concept-identity-protection-risks
User Notification and Documentation Update
Failure to notify users about the change may result in confusion and lack of understanding regarding new risk detection processes, impacting user experience and trust in IT operations.
- roles: IT Administrators, End Users
- references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=420938, https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators?tabs=purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators?tabs=purview-portal
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-04-25 | MC Messages | Updated April 15, 2025: We have updated the rollout timeline below. Thank you for your patience.
Coming soon to Microsoft Purview | Insider Risk Management: IRM analysts will be able to identify if a user being investigated has any compromised user alerts in Microsoft Entra. The new visibility will help the analyst formulate the right response action, such as escalating the Incident to SOC teams for quick remediation. This message is associated with Microsoft 365 Roadmap ID 420938. [When this will happen:] General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out mid-April 2025 (previously early April) and expect to complete by late April 2025 (previously late March). | Updated April 24, 2025: We have updated the rollout timeline below. Thank you for your patience.
Coming soon to Microsoft Purview | Insider Risk Management: IRM analysts will be able to identify if a user being investigated has any compromised user alerts in Microsoft Entra. The new visibility will help the analyst formulate the right response action, such as escalating the Incident to SOC teams for quick remediation. This message is associated with Microsoft 365 Roadmap ID 420938. [When this will happen:] General Availability (Worldwide): We will begin rolling out mid-May 2025 (previously mid-April) and expect to complete by late May 2025 (previously late April). General Availability (GCC, GCC High, DoD): We will begin rolling out early-August 2025 and expect to complete by late August 2025. |
| 2025-04-25 | MC Last Updated | 04/15/2025 18:56:24 | 2025-04-24T23:26:59Z |
| 2025-04-25 | MC Summary | Microsoft Purview's Insider Risk Management will soon include compromised user alerts from Microsoft Entra, aiding IRM analysts in incident response. The rollout begins mid-April 2025 and completes by late April 2025. No admin action is required, but organizations should review configurations and notify users. | Microsoft Purview Insider Risk Management will soon allow analysts to identify compromised user alerts in Microsoft Entra. The rollout starts mid-May 2025 (worldwide) and early-August 2025 (GCC, GCC High, DoD). Risk detections will be visible in the alert investigation experience but won't affect risk scores. No admin action is required. |
| 2025-04-16 | MC Messages | Updated March 25, 2025: We have updated the rollout timeline below. Thank you for your patience.
Coming soon to Microsoft Purview | Insider Risk Management: IRM analysts will be able to identify if a user being investigated has any compromised user alerts in Microsoft Entra. The new visibility will help the analyst formulate the right response action, such as escalating the Incident to SOC teams for quick remediation. This message is associated with Microsoft 365 Roadmap ID 420938. [When this will happen:] General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early April 2025 (previously mid-March) and expect to complete by late April 2025 (previously late March). | Updated April 15, 2025: We have updated the rollout timeline below. Thank you for your patience.
Coming soon to Microsoft Purview | Insider Risk Management: IRM analysts will be able to identify if a user being investigated has any compromised user alerts in Microsoft Entra. The new visibility will help the analyst formulate the right response action, such as escalating the Incident to SOC teams for quick remediation. This message is associated with Microsoft 365 Roadmap ID 420938. [When this will happen:] General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out mid-April 2025 (previously early April) and expect to complete by late April 2025 (previously late March). |
| 2025-04-16 | MC Last Updated | 03/25/2025 22:27:12 | 2025-04-15T18:56:24Z |
| 2025-04-16 | MC Summary | Microsoft Purview's Insider Risk Management will soon include compromised user alerts from Microsoft Entra, aiding analysts in identifying and responding to risks. The rollout begins in early April 2025 and completes by late April 2025. No admin action is required, but reviewing configurations and notifying users is recommended. | Microsoft Purview's Insider Risk Management will soon include compromised user alerts from Microsoft Entra, aiding IRM analysts in incident response. The rollout begins mid-April 2025 and completes by late April 2025. No admin action is required, but organizations should review configurations and notify users. |
| 2025-03-26 | MC Messages | Coming soon to Microsoft Purview | Insider Risk Management: IRM analysts will be able to identify if a user being investigated has any compromised user alerts in Microsoft Entra. The new visibility will help the analyst formulate the right response action, such as escalating the Incident to SOC teams for quick remediation.
This message is associated with Microsoft 365 Roadmap ID 420938. [When this will happen:] General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out mid-March 2025 and expect to complete by late March 2025. | Updated March 25, 2025: We have updated the rollout timeline below. Thank you for your patience.
Coming soon to Microsoft Purview | Insider Risk Management: IRM analysts will be able to identify if a user being investigated has any compromised user alerts in Microsoft Entra. The new visibility will help the analyst formulate the right response action, such as escalating the Incident to SOC teams for quick remediation. This message is associated with Microsoft 365 Roadmap ID 420938. [When this will happen:] General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early April 2025 (previously mid-March) and expect to complete by late April 2025 (previously late March). |
| 2025-03-26 | MC Title | Microsoft Purview | Insider Risk Management: New compromised user context in Microsoft Entra | (Updated) Microsoft Purview | Insider Risk Management: New compromised user context in Microsoft Entra |
| 2025-03-26 | MC Last Updated | 02/15/2025 05:49:46 | 2025-03-25T22:27:12Z |
| 2025-03-26 | MC MessageTagNames | New feature, Admin impact | Updated message, New feature, Admin impact |
| 2025-03-26 | MC Summary | Microsoft Purview Insider Risk Management will soon allow analysts to identify compromised user alerts in Microsoft Entra, aiding in appropriate response actions. This feature will roll out globally in March 2025. Admins need to review configurations and notify users, but no immediate action is required. | Microsoft Purview's Insider Risk Management will soon include compromised user alerts from Microsoft Entra, aiding analysts in identifying and responding to risks. The rollout begins in early April 2025 and completes by late April 2025. No admin action is required, but reviewing configurations and notifying users is recommended. |
Last updated 2 days ago ago
