MC990961 – (Updated) Microsoft Purview | Insider Risk Management: DLP alerts as indicators

Product:

Purview Communication Compliance, Purview Data Loss Prevention, Purview Information Protection, Purview Insider Risk Management

Platform:

Online, US Instances, Web, World tenant

Status:

Rolling out

Change type:

Admin impact, New feature, Updated message

Links:

475057

Details:

Summary:
Microsoft Purview Insider Risk Management will soon allow admins to select Data Loss Prevention (DLP) alerts as indicators in IRM policies. This feature will roll out in March 2025 (Public Preview) and May-July 2025 (General Availability). Admins can configure this in IRM settings and relevant policy templates. No pre-rollout action is required.

Details:
Updated June 5, 2025: We have updated the timeline below. Thank you for your patience.
Coming soon to Microsoft Purview Insider Risk Management (IRM) admins will be able to select Data Loss Prevention (DLP) alerts as indicators in IRM policies. After this rollout, IRM admins can select DLP policies that they would like to bring into IRM and detect if a user has alerts for the pre-selected DLP policies. When an IRM alert is generated, admin and analysts can see if there are any high-risk alerts for this user within DLP for the policies that are enabled as indicators. This feature will help admins and analysts view this information in IRM without switching to DLP.
This message is associated with Microsoft 365 Roadmap ID 475057.
[When this will happen:]
Public Preview: We will begin rolling out early March 2025 and expect to complete by late March 2025.
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late May 2025 and expect to complete by late July 2025 (previously mid-June).

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2025-01-29

updated:
2025-06-06

Public Preview Start Date

XXXXXXX ... free basic plan only

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

Pictures

XXXXXXX ... free basic plan only

summary for non-techies**

Microsoft Purview's new feature integrates alerts from systems monitoring physical exits and internal file access, allowing law firms to view potential insider threats on a single dashboard and streamline risk management.

Direct effects for Operations**

Increased Alert Volume
The introduction of DLP alerts as indicators in IRM policies may lead to an increased volume of alerts generated, potentially overwhelming admins and analysts if not properly managed.
   - roles: IRM Admins, Security Analysts
   - references: https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators?tabs=purview-portal, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=475057

User Experience Disruption
Users may experience disruptions or confusion due to the sudden implementation of new alert mechanisms, leading to potential anxiety or misinterpretation of alerts as threats.
   - roles: End Users, IRM Admins
   - references: https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators?tabs=purview-portal, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=475057

Configutation Options**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only