What and Why:
Microsoft is enhancing the user profile experience within Microsoft Purview Insider Risk Management alerts by surfacing additional user and risk-related attributes directly within the alert investigation workflow. This helps investigators access key contextual information without leaving the alert experience while maintaining privacy-by-design protections such as pseudonymization, role-based access controls, and audit logging.
This message is associated with Microsoft 365 Roadmap ID 564619.
Rollout Schedule:
- Public Preview: Began late June 2026; expected to complete by mid-July 2026
- General Availability (Worldwide, GCC, GCC High, DoD): Beginning early October 2026; expected to complete by mid-October 2026
Impact on Your Organization:
Who is affected:
- Organizations using Microsoft Purview Insider Risk Management.
- Compliance investigators, analysts and administrators.
- Tenants using the Alerts (Preview) experience.
Platforms/Services:
- Microsoft Purview
- Insider Risk Management
- Microsoft Entra ID profile integration
- Alerts (Preview)
- Web
What will happen:
- Investigators will see an expanded User Details section within Insider Risk Management alerts.

- Additional Entra profile attributes will be displayed, including:
- Office location
- Employee type
- Department
- Last working date
- Insider risk signals will be aggregated into a consolidated user profile view.
- User profile details may include:
- Policy inclusion status
- Priority user group membership
- Prior alert history
- Prior case history
- Analysts will no longer need to navigate away from the alert to gather common contextual information.
- Existing pseudonymization settings and privacy protections remain in effect.
- Additional user profile attributes may be introduced in future updates.
- The feature is surfaced through the Alerts (Preview) experience.
- No changes are being made to Insider Risk Management policy configuration or alert generation logic.
>
Action Required / Recommendations:No immediate action is required.
Recommended actions:
- Review the updated user profile experience before general availability.
- Communicate the new investigator experience to compliance and insider risk analysts.
- Update any internal investigation procedures or training materials that reference alert review workflows.
- Validate whether displayed Entra profile attributes align with your organization's data governance and HR data management practices.
- Familiarize relevant teams with the new experience by navigating to Purview → Insider Risk Management → Alerts (Preview) → Open Alert → User Details → View User Details.
- Review role assignments and access controls to ensure only authorized investigators can access Insider Risk Management investigations.
Learn more:
Compliance Considerations:
| Area |
Explanation |
| Does the change alter how existing customer data is processed, stored, or accessed? |
Existing Entra profile information and Insider Risk Management data are surfaced in a consolidated user profile view within alerts. The update changes how investigators access and review existing organizational data but does not indicate new data storage. |
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities? |
Investigators and compliance personnel gain additional contextual information, including profile attributes, policy inclusion status, priority user group membership, and historical alert/case information, improving investigation and review workflows. |
| Does the change include an admin control and can it be controlled through Entra ID group membership? |
The experience displays policy inclusion status and priority user group membership. These rely on existing administrative configurations and group-based management within Insider Risk Management and Entra ID. |