Published Apr 30, 2024
Microsoft Purview Insider Risk Management is enhancing risk level settings to allow admins to configure the expiration of insider risk levels when an alert is dismissed or a case is resolved. Rollout begins May 2024, with a new 'Risk level expiration' option available for configuration. Roadmap ID 388736.
Updated January 7, 2025: We have updated the rollout timeline below. Thank you for your patience.
Coming soon: Admins can configure whether they want to expire insider risk levels in adaptive protection when a user’s alert is dismissed, or their case is resolved.
This message is associated with Microsoft 365 Roadmap ID 388736
When this will happen:
Public Preview: We will begin rolling out in early May 2024 and expect to complete by late June 2024.
General Availability: We will begin rolling out early July 2024 and expect to complete by mid-January 2024 (previously mid-December).
How this will affect your organization:
With this new feature, an admin can configure whether they want to expire insider risk levels in adaptive protection when a user's alert is dismissed, or their case is closed. Today, this expiration happens automatically.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
What you need to do to prepare:
With this update, admins will see a new option in the Risk levels tab for adaptive protection called Risk level expiration options. This setting is enabled by default, and admins can uncheck this box if they would prefer that risk levels do not expire even when a user's alert is dismissed or their case is closed.
Additional Resources: