Microsoft 365 Message Center Archive

MC1058262 - Microsoft Purview | Insider Risk Management: Enhancements to global exclusions in IRM settings

Message ID

MC1058262

View in Message Center

Service

Microsoft Purview

Last Updated

May 8, 2025

Published Apr 18, 2025

Tag

Updated message
New feature
User impact
Admin impact

Roadmap ID

483485,486826

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Purview | Insider Risk Management is enhancing global exclusions to reduce alert noise. Public Preview began in mid-April 2025, with General Availability starting in early June 2025. Enhancements include keyword logic updates, file path exclusions, and domain exclusions for browsing indicators. Admins should update exclusion settings in IRM.

More information

Updated May 8, 2025: We have updated the timeline below. Thank you for your patience.

Coming soon for Microsoft Purview | Insider Risk Management (IRM): Enhancements to IRM exclusions to reduce alert noise.

This message is associated with Microsoft 365 Roadmap ID 486826 and Roadmap ID 483485.

When this will happen:

Public Preview: We began rolling out mid-April 2025 and expect to complete by late April 2025.

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early June 2025 (previously late April) and expect to complete by late June 2025 (previously early May).

How this will affect your organization:

Customer can use this feature to tune down the noise

  • Keyword logic update for email: An email will be excluded from scoring only when all the attachments match the keyword exclusions or email subject matches the keyword exclusions. This will be helpful to reduce the email signature noise that commonly contains keyword "image."
  • Keyword exclusions on both target and source file paths: For signals like File copied to removable media, keyword exclusions apply on both target and source file paths.
  • File path exclusions for removable media: We will start supporting file path exclusions for removable media.
  • Exclusion support for browser: Domain exclusions will be supported for browsing indicators.

These enhancements will be available by default for admins to configure.

What you need to do to prepare:

To get the most out of this feature, admins need to update the exclusion settings at IRM Settings > Global exclusions.

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization.

Microsoft Purview | Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.