Microsoft 365 Message Center Archive

MC851630 - Microsoft Purview | Insider Risk Management: Enhanced alert and user investigation with Microsoft Copilot for Security

Message ID

MC851630

View in Message Center

Service

Microsoft Purview

Last Updated

Dec 12, 2024

Published Aug 5, 2024

Tag

Updated message
New feature
User impact
Admin impact

Roadmap ID

407864

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Purview Insider Risk Management is enhanced with Microsoft Copilot for Security, offering alert summaries and detailed user activity investigations. Rollout begins in August 2024 for Public Preview and March 2025 for General Availability. Organizations should prepare by configuring Copilot for Security licenses and permissions.

More information

Updated December 11, 2024: We have updated the rollout timeline below. Thank you for your patience.

When investigating alerts in Microsoft Purview Insider Risk Management, you can now use the power of Microsoft Copilot for Security. This tool not only provides concise alert summaries but also allows you to delve into specific user activities. By doing so, you can promptly assess whether the user associated with the alert warrants further investigation or if the alert can be safely dismissed. Also, in one click, you can obtain a summary of the user’s risk profile, highlighting crucial details and top risk factors. Copilot for Security streamlines investigations by reducing the triage workload and enabling faster decisions.

This message is associated with Microsoft 365 Roadmap ID 407864.

When this will happen:

Public Preview: We will begin rolling out early August 2024 and expect to complete by late August 2024.

General Availability (Worldwide): We will begin rolling out early March 2025 (previously mid-November) and expect to complete by late March (previously late November).

How this will affect your organization:

Before this rollout: Customers with Copilot for Security licenses can use it for alert summarization only.

After this rollout, enhanced alert and user investigation with Copilot for Security in Purview Insider Risk Management:

admin controls

Using Copilot for Security in Purview Insider Risk Management for Exfiltration actions involving the user:

admin controls

What you need to do to prepare:

You must have a Copilot for Security license configured for your tenant and give proper permissions to users who will use this feature. Learn about permissions required to access Copilot for Security: Copilot for Security.

Access the Insider Risk Management solution in the Microsoft Purview compliance portal.

Learn more: Microsoft Copilot for Security in Microsoft Purview | Microsoft Learn.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation.