MC715421 - Microsoft Purview | Insider Risk Management: General availability of granular exclusion

Coming soon, Microsoft Purview Insider Risk Management will roll out granular exclusion for general availability.

This message is associated with Microsoft 365 Roadmap ID 124779.

When this will happen:

Standard Release: We will begin rolling out mid-March 2024 and expect to complete by late March. 

How this will affect your organization:

Granular exclusion allows admins with appropriate permissions to adjust and fine-tune indicators according to organizational preferences and to help tailor risk detection that may lead to a potential security incident. For example, admins can configure the indicator Sending email with attachments to recipients outside the organization to only detect emails sent to personal domains (such as outlook.com). In this way, admins can reduce the number of false positives.

What you need to do to prepare:

No action is needed to prepare for this rollout. To use granular exclusions, admins can configure the exclusion conditions in the Purview compliance portal at Insider risk settings > policy indicators and select indicators to create variants of detections. You may want to notify your users about this change and update any relevant documentation as appropriate.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

You can access the Insider Risk Management solution in the Microsoft Purview compliance portal.

Learn more in the Create a variant of a built-in indicator section of Configure policy indicators in insider risk management | Microsoft Learn.