Enhancements to Microsoft Purview's Insider Risk Management (IRM) exclusions will reduce alert noise, including updates to keyword logic, file path exclusions, and domain exclusions. Public Preview starts mid-April 2025, with General Availability by early May 2025. Admins should update exclusion settings in IRM.
Coming soon for Microsoft Purview | Insider Risk Management (IRM): Enhancements to IRM exclusions to reduce alert noise.
This message is associated with Microsoft 365 Roadmap ID 486826 and Roadmap ID 483485.
When this will happen:
Public Preview: We began rolling out mid-April 2025 and expect to complete by late April 2025.
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late April 2025 and expect to complete by early May 2025.
How this will affect your organization:
Customer can use this feature to tune down the noise
These enhancements will be available by default for admins to configure.
What you need to do to prepare:
To get the most out of this feature, admins need to update the exclusion settings at IRM Settings > Global exclusions.This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization.Microsoft Purview | Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.