Message Center
What and Why
Microsoft Purview Insider Risk Management is introducing a policy recommendation panel to help administrators identify gaps in insider risk coverage and strengthen protections. While policies provide protection against insider risks, organizations may not always have visibility into missing or high-value configurations. This enhancement provides guidance on which policies are missing or offer the most incremental value, using analytics to generate actionable recommendations that improve coverage across scenarios such as data leakage, data theft, risky AI usage, IP theft, and security violations.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent risks. It enables organizations to define policies based on their governance needs and is built with privacy by design, including pseudonymization by default, role-based access controls, and audit logging to help protect user privacy.
This message is associated with Microsoft 365 Roadmap ID 560600.
Rollout Schedule
Impact on Your Organization
Who is affected
Platforms/Services
What will happen
Action Required/Recommendations
No action is required.
Recommended actions:
Compliance considerations
| Question | Answer |
| Does the change alter how existing customer data is processed, stored, or accessed (for example, documents, emails, or chats)? If so, how and to what extent? | Yes. The feature analyzes existing policy configurations and organizational signals within Insider Risk Management to generate recommendations, which introduces additional processing of customer data signals. |
| Does the change introduce or significantly modify AI or machine learning capabilities that interact with or provide access to customer data? If so, summarize the changes. | Yes. The policy recommendation panel uses analytics-driven intelligence to identify gaps in policy coverage and generate recommendations based on correlated signals. |
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities, for example in Microsoft Purview or admin reporting? If so, summarize the changes. | Yes. Administrators gain enhanced visibility into policy coverage gaps and recommendations, improving their ability to monitor and manage insider risk compliance activities. |