M365 Archive
Back to latest version
Comparing Mar 31, 2025 latest (Oct 17, 2025) Swap

MC1045212 - Microsoft Purview compliance portal: Insider Risk Management user analytics

Message Center

Metadata at latest

Message ID

MC1045212

View in Message Center

Last Updated

Oct 17, 2025

Published Mar 31, 2025

Service

Microsoft Purview

Tag

Updated message
New feature
Admin impact

Roadmap ID

475058

View roadmap details

Platforms

Web

Metadata changes

Tags
Admin impact, New featureAdmin impact, New feature, Updated message
End date
Dec 22, 2025Mar 16, 2026

Body changes

removed textadded text

Updated October 16, 2025: We have updated the rollout timeline below. Thank you for your patience.

Microsoft Purview Insider Risk Management will be rolling out a new user analytics feature to help Microsoft Defender, Microsoft Purview Data Loss Prevention, and Communication Compliance analysts access an insider risk summary of user activities.

This message is associated with Microsoft 365 Roadmap ID 475058.

When this will happen:

Public Preview: We began rolling out in late March 2025 and expect to complete by mid-April 2025.

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rollingroll out this feature in late September 2025 and expect to complete by late October 2025.January 2026.

How this will affect your organization:

With this new feature, Microsoft Defender, Microsoft Purview Data Loss Prevention, and Communication Compliance analysts with the right permissions can access an insider risk summary of user activities that may lead to potential data security incidents as a part of the alert investigation experience in Microsoft Purview and Microsoft Defender. This feature can help analysts gain insider risk context for a specific user and make more informed decisions about responses to potential incidents related to the user.

Insights are generated by Insider Risk Management for potentially risky behaviors of every user and are surfaced across the following experiences:

  1. User activity summary in Microsoft Purview Data Loss Prevention alerts
  2. User activity summary in Microsoft Defender alerts and user entity pages
  3. User activity summary in Communication Compliance policies

What you need to do to prepare:

Insider Risk admins can enable user-level insights from Insider Risk Management Settings > Analytics. During the initial rollout, user analytics will be enabled for all customers who have enabled Insider Risk Management Analytics and will include an option to opt-out. Insider Risk admins should ensure data sharing is also enabled from Insider Risk Management Settings > Data Sharing.

Additional information is available here: Enable Analytics in Insider Risk Management.