MC1102773 - Microsoft Purview | Insider Risk Management: Network-based detection of sensitive data sharing to cloud apps and Gen AI

Message ID

MC1102773

View in Message Center

Service

Microsoft Purview

Published

Jun 25, 2025

Tag

New feature

User impact

Admin impact

Roadmap ID

484084

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Purview Insider Risk Management is introducing network-based detection for sensitive data sharing to cloud apps and Generative AI platforms. This feature, available from July 2025 (preview) and October 2025 (general), enhances insider risk detection and requires admin configuration. Organizations should review and update their Insider Risk Management settings.

More information

Microsoft Purview Insider Risk Management (IRM) is introducing enhanced detection capabilities that allow organizations to identify sensitive files and text shared to any cloud application or website—including Generative AI platforms—via the network layer. This capability is powered by integration with third-party network partners, enabling data capture at the network level.

IRM correlates signals to detect potential insider risks such as IP theft, data leakage, and policy violations. Built with privacy by design, IRM pseudonymizes users by default and includes role-based access controls and audit logs to help ensure user-level privacy.

This message is associated with Microsoft 365 Roadmap ID 484084.

When this will happen:

Public Preview: We will begin rolling out mid-July 2025 and expect to complete by late July 2025.

General Availability (Worldwide): We will begin rolling out late September 2025 and expect to complete by early October 2025.

How this will affect your organization:

Organizations will gain visibility into sensitive data shared to any cloud application or website via the network layer. This helps strengthen insider risk detection and supports compliance and data protection efforts across cloud environments.

This capability will be available by default but requires admin configuration to take effect at Insider Risk Management > Insider Risk Management settings > Policy indicators > Network indicators (preview):

admin controls

What you need to do to prepare:

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current Insider Risk Management configuration to assess the impact on your organization. You may want to notify your admins and/or users about this change and update internal documentation.

Complete network onboarding as outlined in Learn about Microsoft Purview Network Data Security (preview) | Microsoft Learn
Enable network indicators in IRM and incorporate them into your Insider Risk Management policies to begin leveraging this new detection capability.

Learn more: Configure policy indicators in insider risk management | Microsoft Learn (will be updated before rollout)