With this update, Microsoft Purview will start supporting collection policies. Collection policies allow customers to scope classification (SITs - Sensitive Information Types) and activities for scoped users. We recommend reviewing collection policies as they can be created by different Purview solution admins to ensure they are setup to detect the activities required by IRM policies. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
This message is associated with Microsoft 365 Roadmap ID 484082
When this will happen:
Public Preview (Worldwide): We will begin rolling out on early April 2025 and expect to complete by mid-April 2025.
General Availability (Worldwide): We will begin rolling out on late September 2025 and expect to complete by late September 2025.
How this will affect your organization:
Collection policies modify the default full audit behavior of endpoint workload. If collection policies are not being used for endpoint, then there is no impact to IRM. But in case collection policies are being used, please ensure that the created collection policies cover the device indicators mentioned in IRM policies. If not, IRM policies will not function as intended.
What you need to do to prepare:
If the default full audit behavior of endpoint works for your organization, then no change is needed. If you want to modify that, then list the activities you want to monitor in IRM and ensure collection policy covers them.