MC1051101 - Microsoft Purview compliance portal: New email indicators to Insider Risk Management

We are adding two new email indicators to Microsoft Purview Insider Risk Management:

1. Sending email with attachments to free public domains: This alerts when business-sensitive data is potentially leaked from a work email account to a free public domain email, potentially leading to a data security incident.
2. Sending email with attachments to self: This alerts when business-sensitive data is potentially leaked from a work email account to a user's personal email account or emailing self, potentially leading to a data security incident.

Admins with Insider Risk Management permissions can enable these indicators from the Settings page and use these new indicators in the Data Leaks or Data Theft policy template. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

This message is associated with Microsoft 365 Roadmap ID 483520.

When this will happen:

Public Preview (Worldwide): We began rolling out in late March 2025 and expect to complete by mid-April 2025.

General Availability (Worldwide): We will begin rolling out in mid-June 2025 and expect to complete by late June 2025.

How this will affect your organization:

What you need to do to prepare: