MC786326 - Microsoft Purview | Insider Risk Management: Policy tuning analysis for priority content only policies

Service

Microsoft 365 suite

Last Updated

May 6, 2024

Published Apr 26, 2024

Tag

New feature
Admin impact

Platforms

Web

Summary

Microsoft Purview Insider Risk Management is introducing a policy tuning analysis for priority content policies in public preview mid-May 2024. This feature predicts the number of users matching policy conditions, aiding admins in adjusting controls to manage insider risks effectively. Rollout will be automatic with no required admin action before the specified date.

More information

Coming soon in public preview for Microsoft Purview compliance portal | Insider Risk Management: Policy tuning analysis provides admins with a real-time prediction of the number of users in a tenant that could potentially match a given set of policy conditions. With this update, policy tuning analysis will support insider risk policies that are scoped for priority content.

This message is associated with Microsoft 365 Roadmap ID 378409.

When this will happen:

Public Preview: We will begin rolling out mid-May 2024 and expect to complete by late May 2024.

How this will affect your organization:

With this rollout, admins can use real-time analytics for policies that are scoped for priority content to help predict the number of users that could potentially match a given set of policy conditions. This feature enables admins to quickly adjust the selection of indicators and thresholds of activity occurrence so you can efficiently translate your insider risk strategies into pragmatic controls and avoid too few or too many alerts.

admin controls

What you need to do to prepare:

To use this feature, admins will need to enable Analytics in Insider risk management > Settings. After Analytics is enabled and insights are populated, admins will be able to see real-time predictions in policies that are scoped to all users/groups and scored only for priority content.

This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your users about this change and update any relevant documentation as appropriate.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

You can access the Insider Risk Management solution in the Microsoft Purview compliance portal.

Learn more: Configure policy indicators in insider risk management | Microsoft Learn