Microsoft 365 Message Center Archive

MC788980 - Microsoft Purview | Insider Risk Management: Granular trigger throttling

Message ID

MC788980

View in Message Center

Service

Microsoft 365 suite

Last Updated

Nov 13, 2024

Published Apr 29, 2024

Tag

Updated message
New feature
Admin impact

Roadmap ID

382130

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Purview Insider Risk Management is introducing granular trigger throttling limits in a public preview, with a rollout timeline updated to start in late October 2024 and general availability in early March 2025. This update will help organizations receive critical alerts without being affected by surge in trigger volumes.

More information

Updated November 13, 2024: We have updated the rollout timeline below. Thank you for your patience.

Coming soon, Microsoft Purview Insider Risk Management will be rolling out public preview of granular trigger throttling limits.

This message is associated with Microsoft 365 Roadmap ID 382130.

When this will happen:

Public Preview: We will begin rolling out late October 2024 (previously late August) and expect to complete by late January 2025 (previously late October).

General Availability: We will begin rolling out early March 2025 (previously late December) and expect to complete by late March 2025 (previously late January).

How this will affect your organization:

With this update, we are introducing more granular trigger throttling limits to isolate the impact of a surge in noisy trigger volumes and prevent other policies from being affected. This ensures that organizations can receive critical alerts without being throttled by these limits. By default, these throttling limits will be applied:

  • All sensitive triggers, including HR signals, Azure AD leavers, and custom triggers, will be limited to 15,000 per day per trigger.
  • All other triggers will be limited to 5,000 per day per trigger.

Additionally, the policy health warning messages will be enhanced to assist admins with appropriate permissions in effectively identifying and addressing noisy triggers.

What you need to do to prepare:

No action is needed from you to prepare for this rollout. You may want to notify your admins about this change and update any relevant documentation as appropriate.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

You can access the Insider Risk Management solution in the Microsoft Purview compliance portal.

Learn more: Insider risk management | Microsoft Learn