MC1102773 - Microsoft Purview | Insider Risk Management: Network-based detection of sensitive data sharing to cloud apps and Gen AI

Message Center

Metadata at latest

Message ID

MC1102773

View in Message Center

Last Updated

Oct 7, 2025

Published Jun 25, 2025

Service

Microsoft Purview

Tag

Updated message

New feature

User impact

Admin impact

Roadmap ID

484084

View roadmap details

Platforms

Web

Metadata changes

Tags: Admin impact, New feature, User impactAdmin impact, New feature, Updated message, User impact
End date: Dec 19, 2025Mar 9, 2026

Body changes

removed textadded text

Updated October 7, 2025: We have updated the timeline. Thank you for your patience.

Microsoft Purview Insider Risk Management (IRM) is introducing enhanced detection capabilities that allow organizations to identify sensitive files and text shared to any cloud application or website—including Generative AI platforms—via the network layer. This capability is powered by integration with third-party network partners, enabling data capture at the network level.

IRM correlates signals to detect potential insider risks such as IP theft, data leakage, and policy violations. Built with privacy by design, IRM pseudonymizes users by default and includes role-based access controls and audit logs to help ensure user-level privacy.

This message is associated with Microsoft 365 Roadmap ID 484084.

When this will happen:

Public Preview: We will begin rolling out mid-July 2025 and expect to complete by late July 2025.

General Availability (Worldwide): We will begin rolling out ~~late September 2025~~mid-January 2026 and expect to complete by ~~early October 2025.~~late January 2026.

How this will affect your organization:

Organizations will gain visibility into sensitive data shared to any cloud application or website via the network layer. This helps strengthen insider risk detection and supports compliance and data protection efforts across cloud environments.

This capability will be available by default but requires admin configuration to take effect at Insider Risk Management > Insider Risk Management settings > Policy indicators > Network indicators (preview):

admin controls

What you need to do to prepare:

This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current Insider Risk Management configuration to assess the impact on your organization. You may want to notify your admins and/or users about this change and update internal documentation.

Complete network onboarding as outlined in Learn about Microsoft Purview Network Data Security (preview) | Microsoft Learn
Enable network indicators in IRM and incorporate them into your Insider Risk Management policies to begin leveraging this new detection capability.

Learn more: Configure policy indicators in insider risk management | Microsoft Learn (will be updated before rollout)