check before: 2025-09-01
Product:
Purview, Purview Communication Compliance, Purview compliance portal, Purview Information Protection, Purview Insider Risk Management
Platform:
Online, US Instances, Web, World tenant
Status:
Launched
Change type:
Admin impact, New feature, Updated message
Links:
Details:
Summary:
Microsoft Purview Insider Risk Management will add two new email triggers—sending attachments to free public domains and to personal email—to detect data exfiltration. Rollout begins December 2025. Admins can enable these via IRM settings; existing policies remain unaffected. No action required to prepare.
Details:
Updated September 9, 2025: We have updated the timeline. Thank you for your patience.
[Introduction]
To enhance detection capabilities in Insider Risk Management (IRM), we're adding two new email indicators as triggers for data exfiltration activities. These indicators help identify potential data leaks when users send business-sensitive attachments to personal or public email domains. This update supports stronger data protection and aligns with customer feedback requesting broader coverage of email-based risks.
This message is associated with Microsoft 365 Roadmap ID 496149.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, GCC DoD): Rollout will begin in early December 2025 (previously early September) and is expected to complete by late December 2025 (previously late September).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-09-04
updated:
2025-11-18
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Data Security Incident Risk
The introduction of new email triggers without preparation may lead to unintentional data security incidents as users may not be aware of the new monitoring policies, potentially resulting in false positives or unnecessary investigations.
- roles: Admins, End Users
- references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=496149
User Experience Disruption
Users may experience disruptions in their email communication if their legitimate emails to personal domains are flagged as potential data leaks, leading to frustration and decreased productivity.
- roles: End Users, Compliance Officers
- references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=496149
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Microsoft is introducing new features to its Purview Insider Risk Management tool to help organizations better detect potential data leaks. Imagine you have a security system in your office that alerts you if someone tries to take sensitive documents out of the building. Similarly, these new features act like a digital security system for your company's emails.
The update includes two new "triggers" or alerts. The first trigger is activated when someone sends an email with attachments to a free public email domain, like Gmail or Yahoo. Think of this as an alert going off when someone tries to send important documents to a less secure location outside the company. The second trigger is activated when someone sends an email with attachments to their personal email account. This is like an alert when someone tries to take documents home with them.
These new triggers are designed to help identify when sensitive business information might be leaving the company through email, potentially leading to a data security incident. The system will automatically include these triggers in its settings, and administrators can choose to enable them if they find them useful for their organization.
Existing policies won't be affected by this change, meaning there's no need for immediate action. It's like adding new sensors to your security system without having to change the whole setup. This update aims to provide better protection against data leaks and aligns with customer requests for more comprehensive email monitoring.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-11-18 | MC End Time | 02/09/2026 08:00:00 | 2025-12-22T08:00:00Z |
| 2025-11-18 | MC Last Updated | 09/09/2025 18:32:26 | 2025-11-17T17:56:55Z |
| 2025-09-10 | MC MessageTagNames | New feature, Admin impact | Updated message, New feature, Admin impact |
| 2025-09-10 | MC Summary | Microsoft Purview Insider Risk Management will add two new email triggers in September 2025 to detect data exfiltration via attachments sent to personal or public email domains. These triggers can be enabled in IRM settings and will update quick policy templates without affecting existing policies. No action required. | Microsoft Purview Insider Risk Management will add two new email triggers—sending attachments to free public domains and to personal email—to detect data exfiltration. Rollout begins December 2025. Admins can enable these via IRM settings; existing policies remain unaffected. No action required to prepare. |
| 2025-09-10 | MC Last Updated | 09/04/2025 01:22:04 | 2025-09-09T18:32:26Z |
| 2025-09-10 | MC Messages | [Introduction]
To enhance detection capabilities in Insider Risk Management (IRM), we're adding two new email indicators as triggers for data exfiltration activities. These indicators help identify potential data leaks when users send business-sensitive attachments to personal or public email domains. This update supports stronger data protection and aligns with customer feedback requesting broader coverage of email-based risks. This message is associated with Microsoft 365 Roadmap ID 496149. [When this will happen:] General Availability (Worldwide, GCC, GCC High, GCC DoD): Rollout will begin in early September 2025 and is expected to complete by late September 2025. | Updated September 9, 2025: We have updated the timeline. Thank you for your patience.
[Introduction] To enhance detection capabilities in Insider Risk Management (IRM), we're adding two new email indicators as triggers for data exfiltration activities. These indicators help identify potential data leaks when users send business-sensitive attachments to personal or public email domains. This update supports stronger data protection and aligns with customer feedback requesting broader coverage of email-based risks. This message is associated with Microsoft 365 Roadmap ID 496149. [When this will happen:] General Availability (Worldwide, GCC, GCC High, GCC DoD): Rollout will begin in early December 2025 (previously early September) and is expected to complete by late December 2025 (previously late September). |
| 2025-09-10 | MC Title | Microsoft Purview | Insider Risk Management - Personal email triggers | (Updated) Microsoft Purview | Insider Risk Management - Personal email triggers |
| 2025-09-10 | MC End Time | 10/30/2025 08:00:00 | 2026-02-09T08:00:00Z |
Last updated 4 weeks ago ago
