MC1051100 – Microsoft Purview compliance portal: Collection policies impact on IRM

Product:

Purview Communication Compliance, Purview Information Protection, Purview Insider Risk Management

Platform:

Online, Web, World tenant

Status:

In development

Change type:

New feature, Admin impact

Links:

484082

Details:

With this update, Microsoft Purview will start supporting collection policies. Collection policies allow customers to scope classification (SITs - Sensitive Information Types) and activities for scoped users. We recommend reviewing collection policies as they can be created by different Purview solution admins to ensure they are setup to detect the activities required by IRM policies. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
This message is associated with Microsoft 365 Roadmap ID 484082
[When this will happen:]
Public Preview (Worldwide): We will begin rolling out on early April 2025 and expect to complete by mid-April 2025.
General Availability (Worldwide): We will begin rolling out on late September 2025 and expect to complete by late September 2025.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2025-04-09

updated:
2025-04-09

Public Preview Start Date

XXXXXXX ... free basic plan only

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

summary for non-techies**

Microsoft Purview's new collection policies feature allows organizations to set specific rules for monitoring sensitive information and activities, enhancing Insider Risk Management by focusing on potential risk areas and ensuring compliance with security needs.

Direct effects for Operations**

Collection Policies Misconfiguration
If collection policies are not properly configured, Insider Risk Management (IRM) policies may fail to function as intended, leading to undetected insider threats such as data leakage or IP theft.
   - roles: Compliance Officer, IT Security Manager
   - references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082

User Privacy Concerns
Changes in collection policies may raise user privacy concerns if users feel they are being monitored without proper transparency, potentially leading to decreased trust in IT systems.
   - roles: HR Manager, Compliance Officer
   - references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082

Increased Incident Response Time
Without proper preparation and understanding of the new collection policies, the organization may experience delays in responding to insider threats, as IRM policies may not trigger alerts as expected.
   - roles: Incident Response Team, IT Security Manager
   - references: https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters%3D&searchterms=484082

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

XXXXXXX ... free basic plan only

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only