Microsoft 365 Message Center Archive

MC851630 - Microsoft Purview | Insider Risk Management: Enhanced alert and user investigation with Microsoft Copilot for Security

Message ID

MC851630

View in Message Center

Service

Microsoft Purview

Published

Aug 5, 2024

Tag

New feature
User impact
Admin impact

Roadmap ID

407864

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Purview Insider Risk Management is enhanced with Microsoft Copilot for Security, offering alert summaries and detailed user activity investigations. Public Preview begins early August 2024, with General Availability in mid-November 2024. Users need Copilot for Security licenses and proper permissions to use this feature.

More information

When investigating alerts in Microsoft Purview Insider Risk Management, you can now use the power of Microsoft Copilot for Security. This tool not only provides concise alert summaries but also allows you to delve into specific user activities. By doing so, you can promptly assess whether the user associated with the alert warrants further investigation or if the alert can be safely dismissed. Also, in one click, you can obtain a summary of the user’s risk profile, highlighting crucial details and top risk factors. Copilot for Security streamlines investigations by reducing the triage workload and enabling faster decisions.

This message is associated with Microsoft 365 Roadmap ID 407864.

When this will happen:

Public Preview: We will begin rolling out early August 2024 and expect to complete by late August 2024.

General Availability (Worldwide): We will begin rolling out mid-November 2024 and expect to complete by late November 2024.

How this will affect your organization:

Before this rollout: Customers with Copilot for Security licenses can use it for alert summarization only.

After this rollout, enhanced alert and user investigation with Copilot for Security in Purview Insider Risk Management:

admin controls

Using Copilot for Security in Purview Insider Risk Management for Exfiltration actions involving the user:

admin controls

What you need to do to prepare:

You must have a Copilot for Security license configured for your tenant and give proper permissions to users who will use this feature. Learn about permissions required to access Copilot for Security: Copilot for Security.

Access the Insider Risk Management solution in the Microsoft Purview compliance portal.

Learn more: Microsoft Copilot for Security in Microsoft Purview | Microsoft Learn.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation.