Published Apr 30, 2024
Enhancements to Microsoft Purview Insider Risk Management include configurable expiration of insider risk levels in adaptive protection. Rollout begins May 2024, with general availability in July 2024. Admins can prevent risk level expiration when alerts are dismissed or cases resolved. Roadmap ID 388736.
Updated October 22, 2024: We have updated the rollout timeline below. Thank you for your patience.
Coming soon: Admins can configure whether they want to expire insider risk levels in adaptive protection when a user’s alert is dismissed, or their case is resolved.
This message is associated with Microsoft 365 Roadmap ID 388736
When this will happen:
Public Preview: We will begin rolling out in early May 2024 and expect to complete by late June 2024.
General Availability: We will begin rolling out early July 2024 and expect to complete by mid-November 2024 (previously mid-October).
How this will affect your organization:
With this new feature, an admin can configure whether they want to expire insider risk levels in adaptive protection when a user's alert is dismissed, or their case is closed. Today, this expiration happens automatically.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
What you need to do to prepare:
With this update, admins will see a new option in the Risk levels tab for adaptive protection called Risk level expiration options. This setting is enabled by default, and admins can uncheck this box if they would prefer that risk levels do not expire even when a user's alert is dismissed or their case is closed.
Additional Resources: