check before: 2025-09-01
Product:
Purview Communication Compliance, Purview Information Protection, Purview Insider Risk Management
Platform:
Online, US Instances, Web, World tenant
Status:
In development
Change type:
Admin impact, New feature, Updated message
Links:
Details:
Summary:
Microsoft Purview Insider Risk Management will add two new email triggers—sending attachments to free public domains and to personal email—to detect data exfiltration. Rollout begins December 2025. Admins can enable these via IRM settings; existing policies remain unaffected. No action required to prepare.
Details:
Updated September 9, 2025: We have updated the timeline. Thank you for your patience.
[Introduction]
To enhance detection capabilities in Insider Risk Management (IRM), we're adding two new email indicators as triggers for data exfiltration activities. These indicators help identify potential data leaks when users send business-sensitive attachments to personal or public email domains. This update supports stronger data protection and aligns with customer feedback requesting broader coverage of email-based risks.
This message is associated with Microsoft 365 Roadmap ID 496149.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, GCC DoD): Rollout will begin in early December 2025 (previously early September) and is expected to complete by late December 2025 (previously late September).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-09-04
updated:
2025-09-10
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Data Security Incident Risk
The introduction of new email triggers for sending attachments to personal or public domains may lead to increased scrutiny and potential false positives in data exfiltration detection, impacting user experience and trust in email communications.
- roles: Admins, End Users
- references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=496149
User Compliance and Awareness
Users may be unaware of the new triggers and their implications, leading to unintentional violations of data protection policies and potential disciplinary actions, affecting overall morale and productivity.
- roles: End Users, Compliance Officers
- references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=496149
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Microsoft is introducing new features to its Purview Insider Risk Management tool to help organizations better protect their sensitive data. Imagine your company’s sensitive information as a valuable item in a house. You want to make sure that item stays safe and doesn’t get taken out without permission. Similarly, businesses want to ensure their data doesn’t leave the organization inappropriately.
The new features act like security alarms for your data. They are designed to alert administrators when someone tries to send sensitive business information from a work email to a personal email account or to a free public email domain, like Gmail or Yahoo. This is similar to setting up an alarm that goes off if someone tries to take that valuable item out of the house through a back door.
Starting in December 2025, these new "alarms" or triggers will be available for administrators to use. They can choose to turn these alarms on or off depending on their organization's needs. The goal is to catch potential data leaks early, much like how a house alarm would alert you to a potential break-in.
These changes do not require any immediate action from administrators, as the new features will automatically become available for configuration. It's like having a new security system installed that you can customize to suit your specific needs. Existing security measures or policies will remain unchanged, so there's no need to worry about current settings being disrupted.
Overall, these updates are designed to provide better coverage and protection against data leaks, helping organizations keep their sensitive information secure.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-09-10 | MC MessageTagNames | New feature, Admin impact | Updated message, New feature, Admin impact |
| 2025-09-10 | MC Summary | Microsoft Purview Insider Risk Management will add two new email triggers in September 2025 to detect data exfiltration via attachments sent to personal or public email domains. These triggers can be enabled in IRM settings and will update quick policy templates without affecting existing policies. No action required. | Microsoft Purview Insider Risk Management will add two new email triggers—sending attachments to free public domains and to personal email—to detect data exfiltration. Rollout begins December 2025. Admins can enable these via IRM settings; existing policies remain unaffected. No action required to prepare. |
| 2025-09-10 | MC Last Updated | 09/04/2025 01:22:04 | 2025-09-09T18:32:26Z |
| 2025-09-10 | MC Messages | [Introduction]
To enhance detection capabilities in Insider Risk Management (IRM), we're adding two new email indicators as triggers for data exfiltration activities. These indicators help identify potential data leaks when users send business-sensitive attachments to personal or public email domains. This update supports stronger data protection and aligns with customer feedback requesting broader coverage of email-based risks. This message is associated with Microsoft 365 Roadmap ID 496149. [When this will happen:] General Availability (Worldwide, GCC, GCC High, GCC DoD): Rollout will begin in early September 2025 and is expected to complete by late September 2025. | Updated September 9, 2025: We have updated the timeline. Thank you for your patience.
[Introduction] To enhance detection capabilities in Insider Risk Management (IRM), we're adding two new email indicators as triggers for data exfiltration activities. These indicators help identify potential data leaks when users send business-sensitive attachments to personal or public email domains. This update supports stronger data protection and aligns with customer feedback requesting broader coverage of email-based risks. This message is associated with Microsoft 365 Roadmap ID 496149. [When this will happen:] General Availability (Worldwide, GCC, GCC High, GCC DoD): Rollout will begin in early December 2025 (previously early September) and is expected to complete by late December 2025 (previously late September). |
| 2025-09-10 | MC Title | Microsoft Purview | Insider Risk Management - Personal email triggers | (Updated) Microsoft Purview | Insider Risk Management - Personal email triggers |
| 2025-09-10 | MC End Time | 10/30/2025 08:00:00 | 2026-02-09T08:00:00Z |
Last updated 3 weeks ago
