MC799275 - Microsoft Purview | Insider Risk Management: Ability to delete indicator variants (GA)

Coming soon for Microsoft Purview | Insider Risk Management: We will be rolling out a control to delete indicator variants.

This message is associated with Microsoft 365 Roadmap ID 376697.

When this will happen:

Public Preview: We began rolling out early February 2024 and completed in mid-February 2024, per our communication MC707654 in January 2024.

General Availability: We will begin rolling out late June 2024 and expect to complete by early July 2024.

How this will affect your organization:

Before this rollout, admins were not able to delete any indicator variants they created.

After this rollout, admins with appropriate permissions will be able to manage and delete any indicator variants in Insider risk settings. The variants will be deleted from all Insider Risk Management policies in use. Any insights related to the deleted variants will remain for future reference.

This feature is off by default and can be accessed by any admin with appropriate permissions.

You can access the new control in the Insider Risk Management solution in the Microsoft Purview compliance portal > Settings > Policy indicators:

What you need to do to prepare:

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Learn more: Configure policy indicators in insider risk management

This rollout will happen automatically by the specified dates with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation as appropriate.