Microsoft 365 Message Center Archive

MC1047928 - Microsoft Purview compliance center: Insider Risk Management - Enhancements to user scoping features in Policies

Message ID

MC1047928

View in Message Center

Service

Microsoft Purview

Published

Apr 4, 2025

Tag

New feature
Admin impact

Roadmap ID

484081

View in M365 Roadmap

Platforms

Web

More information

Microsoft Purview Insider Risk Management will be rolling out enhancements to user scoping features in Policies. 

This message is associated with Microsoft 365 Roadmap ID 484081.

When this will happen:

Public Preview: We will begin rolling out on mid-April 2025 and expect to complete by late April 2025.

General Availability (Worldwide): We will begin rolling out in late June 2025 and expect to complete by early July 2025.

General Availability (GCC, GCC High, DoD): We will begin rolling out in early October 2025 and expect to complete by early November 2025.

How this will affect your organization:

With this new feature, Insider Risk Management administrators can include or exclude specific users, groups, and adaptive scopes within Policies. We are also adding support for non-email enabled Security Groups within Insider Risk Management policies. 

What you need to do to prepare:

Insider Risk Managment admins with appropriate permissions can select combinations of users, groups, and adaptive scopes to include or exclude from Insider Risk Management policies in the Microsoft Purview portal. Insider Risk Management admins can also choose non-email enabled Security Groups in the Users & Groups step of Insider Risk Management policies. 

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.