Microsoft Purview Insider Risk Management is enhanced with Microsoft Copilot for Security, offering alert summaries and detailed user activity investigations. Public Preview begins early August 2024, with General Availability in mid-November 2024. Users need Copilot for Security licenses and proper permissions to use this feature.
When investigating alerts in Microsoft Purview Insider Risk Management, you can now use the power of Microsoft Copilot for Security. This tool not only provides concise alert summaries but also allows you to delve into specific user activities. By doing so, you can promptly assess whether the user associated with the alert warrants further investigation or if the alert can be safely dismissed. Also, in one click, you can obtain a summary of the user’s risk profile, highlighting crucial details and top risk factors. Copilot for Security streamlines investigations by reducing the triage workload and enabling faster decisions.
This message is associated with Microsoft 365 Roadmap ID 407864.
When this will happen:
Public Preview: We will begin rolling out early August 2024 and expect to complete by late August 2024.
General Availability (Worldwide): We will begin rolling out mid-November 2024 and expect to complete by late November 2024.
How this will affect your organization:
Before this rollout: Customers with Copilot for Security licenses can use it for alert summarization only.
After this rollout, enhanced alert and user investigation with Copilot for Security in Purview Insider Risk Management:
Using Copilot for Security in Purview Insider Risk Management for Exfiltration actions involving the user:
What you need to do to prepare:
You must have a Copilot for Security license configured for your tenant and give proper permissions to users who will use this feature. Learn about permissions required to access Copilot for Security: Copilot for Security.
Access the Insider Risk Management solution in the Microsoft Purview compliance portal.
Learn more: Microsoft Copilot for Security in Microsoft Purview | Microsoft Learn.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation.