MC1180884 – (Updated) Microsoft Purview | Insider Risk Management – Data security alert triage agent generally available

Product:

Copilot, Microsoft 365 Apps, Purview, Purview Communication Compliance, Purview compliance portal, Purview Information Protection, Purview Insider Risk Management

Platform:

Online, Web, World tenant

Status:

In development

Change type:

Admin impact, New feature, Updated message, User impact

Links:

503764

Details:

Summary:
Microsoft Purview Insider Risk Management's Security Copilot alert triage agent is generally available worldwide from late November to mid-December 2025. It prioritizes alerts, allows user feedback on prioritization, disables custom instructions temporarily, and removes the file risk summary. No admin changes are needed; SCUs must be provisioned.

Details:
Updated November 14, 2025: We have updated the content. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) has reached General Availability for the Security Copilot alert triage agent. The agent helps analysts focus on the most urgent alerts by analyzing and prioritizing Insider Risk Management alerts. It also provides a summary of findings to help users quickly understand the risky activities that make an alert critical to review.
With this release, users can report miscategorized alerts and provide feedback on prioritization. Feedback is sent directly to Microsoft but is not used for agent memory. We will temporarily disable the ability to add new custom instructions in IRM alert triage agent. Existing instructions will not be honored during this period. This feature will return in 2026. Additionally, the file risk section of the agent summary has been deprecated.
This message is associated with Microsoft 365 Roadmap ID 503764.
[When this will happen:]
General Availability (Worldwide): Rollout begins in late November 2025 and is expected to complete by mid-December 2025.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability

Created:
2025-10-28

updated:
2025-11-15

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Alert Prioritization Issues
Without preparation, users may experience confusion and delays in responding to critical alerts due to the new prioritization system, leading to potential security risks.
   - roles: Security Analysts, Compliance Officers
   - references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=503764

Feedback Mechanism Disruption
The inability to add new custom instructions may frustrate users who rely on tailored alert management, impacting their efficiency and satisfaction.
   - roles: Security Analysts, IT Support Staff
   - references: https://purview.microsoft.com/agent/agentoverview

Deprecated Features
The removal of the file risk section in the summary could lead to a lack of critical information for users, hindering their ability to assess risks effectively.
   - roles: Security Analysts, Data Protection Officers
   - references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=503764

Increased Alert Volume
The introduction of the alert triage agent may lead to an initial surge in alerts, overwhelming users and potentially causing oversight of critical issues.
   - roles: Security Analysts, Incident Response Teams
   - references: https://purview.microsoft.com/agent/agentoverview

User Experience Decline
Users may face a learning curve with the new system, leading to temporary declines in productivity and increased frustration during the transition period.
   - roles: End Users, Security Analysts
   - references: https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=503764

Configutation Options**

XXXXXXX ... paid membership only

Opportunities**

Enhanced Alert Prioritization
The new alert triage agent enhances the prioritization of insider risk alerts, allowing analysts to focus on the most critical threats first. This can lead to faster incident response times and reduced risk exposure for the organization.
   - next-steps: Train analysts on how to effectively use the alert triage agent to maximize its benefits. Establish a feedback loop to monitor the effectiveness of prioritization and adjust workflows accordingly.
   - roles: Security Analysts, Compliance Officers, IT Managers
   - references: https://purview.microsoft.com/agent/agentoverview, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=503764

User Feedback Mechanism
The ability for users to report miscategorized alerts and provide feedback on prioritization can lead to continuous improvement of the alert system, ensuring that the most relevant alerts are highlighted and acted upon.
   - next-steps: Implement a structured process for collecting and analyzing user feedback. Regularly review feedback to adjust alert settings and improve the accuracy of the triage system.
   - roles: Security Analysts, Compliance Officers, IT Administrators
   - references: https://purview.microsoft.com/agent/agentoverview, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=503764

Operational Efficiency in Incident Response
By utilizing the summary of findings provided by the alert triage agent, organizations can streamline their incident response processes, reducing the time and resources spent on less critical alerts.
   - next-steps: Develop standard operating procedures (SOPs) that leverage the insights from the triage agent to enhance the incident response workflow. Conduct training sessions for the incident response team to familiarize them with the new processes.
   - roles: Incident Response Team, Security Analysts, IT Managers
   - references: https://purview.microsoft.com/agent/agentoverview, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=503764

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only