check before: 2025-12-01
Product:
Purview, Purview Communication Compliance, Purview compliance portal, Purview Insider Risk Management
Platform:
Online, Web, World tenant
Status:
In development
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Purview Insider Risk Management will increase variant limits per indicator from 3 to 10, total variants to 100, and detection group capacity from 200 to 500. Rollout starts December 2025 (preview) and January 2026 (general availability). No privacy or compliance changes; admins can review policies to utilize new limits.
Details:
We're increasing flexibility in Microsoft Purview Insider Risk Management to help organizations better manage insider risk scenarios. Based on customer feedback, we are raising the variant limit per indicator and expanding detection group capacity, enabling more comprehensive policy configurations.
This message is associated with Microsoft 365 Roadmap ID 518291.
When this will happen
Public Preview: Rollout begins in early December 2025 and is expected to complete by late December 2025.
General Availability (Worldwide): Rollout begins in mid-January 2026 and is expected to complete by late January 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-12-12
updated:
2025-12-12
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Increased Complexity in Policy Management
With the increase in variant limits and detection group capacity, admins may face challenges in managing and configuring policies effectively, leading to potential misconfigurations and oversight.
- roles: Admins, Compliance Officers
- references: https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators#create-a-variant-of-a-built-in-indicator, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=518291
User Experience Disruption
Changes in policy configurations may lead to unintended consequences for end-users, such as increased monitoring or alerts, which could affect their workflow and productivity.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators#create-a-variant-of-a-built-in-indicator, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=518291
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Imagine you're managing a large library, and your job is to keep track of who borrows books and ensure that none go missing. You have a system in place where you can monitor a few types of suspicious activities, like someone borrowing too many books at once or keeping them for too long. However, your system only allows you to track a limited number of these activities, and you can only keep an eye on a small group of people at a time.
Now, let's say the library decides to upgrade this system. Instead of being able to track just a few suspicious activities, you can now monitor a lot more. It's like going from being able to watch three types of suspicious behavior to ten. Plus, you can now keep track of more people at once, increasing from 200 to 500. This means you can have a more comprehensive view of what's happening in the library and catch any potential issues more effectively.
In the world of IT, Microsoft Purview Insider Risk Management is doing something similar. It's expanding its capabilities to allow organizations to monitor more potential insider risks, like data leaks or security violations. By increasing the number of variants (or types of activities) you can track from 3 to 10, and the total number of variants across all activities to 100, organizations can have a broader scope of what they can watch for. Additionally, by increasing the detection group capacity from 200 to 500, they can monitor more individuals or entities at once.
This change doesn't affect privacy controls, meaning the system still respects user privacy by keeping identities pseudonymized and maintaining strict access controls. Just like in the library, where you wouldn't reveal who borrowed which book without a good reason, this system ensures that user privacy is protected while allowing for more effective risk management.
Admins managing these systems don't need to do anything immediately, but they can review their policies to take advantage of these new capabilities. This enhancement is like giving the library manager more tools to ensure that everything runs smoothly and securely, without compromising the privacy of the library's patrons.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 months ago ago
