MC750667 - Microsoft Purview | Insider Risk Management: Improvements to SharePoint files/folders deletion indicators

Updated May 8, 2024: We have updated the rollout timeline below. Thank you for your patience.

Coming soon, Microsoft Purview Insider Risk Management will be rolling out improvements to “Deleting of SharePoint files/ folders” indicators.

This message is associated with Microsoft 365 Roadmap ID 388734.

When this will happen:

Public preview - We will begin rolling out late May 2024 (preview late April) and expect to complete by mid-June 2024 (previously mid-May).

General availability - We will begin rolling out mid-June 2024 (previously mid-May) and expect to complete by late June 2024 (previously late May).

How this will affect your organization:

Today “Deleting of SharePoint files” and “Deleting of SharePoint folders” indicators include permanent file or folder deletion event operations FileDeleted and FolderDeleted. With this rollout, these indicators will also capture files/folders moved to the recycle bin (FileRecycled and FolderRecycled). So, you soon will see more activities being captured by these indicators. 

What you need to do to prepare:

No action is required for this update. Based on activities volume and alert volume, you may want to consider tweaking the thresholds of respective indicators.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

You can access the Insider Risk Management solution in the Microsoft Purview compliance portal.

Learn more: Configure policy indicators in insider risk management | Microsoft Learn