Microsoft 365 Message Center Archive

MC932480 - Microsoft Purview | Insider Risk Management: New Insider Risk Management reporting capabilities

Message ID

MC932480

View in Message Center

Service

Microsoft Purview

Published

Nov 13, 2024

Tag

New feature
Admin impact

Roadmap ID

420939

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Purview | Insider Risk Management is introducing new reporting capabilities with a central location for all reports, including analytics and user activity. New Alerts and Cases operational reports will be available for admins, analysts, or investigators, rolling out from December 2024 to March 2025.

More information

Coming soon: Microsoft Purview | Insider Risk Management will introduce a central location for all reports including analytics and user activity reports. New Alerts and Cases operational reports will summarize trends in alerts generated and cases created. Sample reports include alerts and cases generated over time, alerts actioned over time, alerts and cases generated by region and department, top triggering events of alerts generated, and average time to triage alerts and cases. Users with the admin, analyst, or investigator role will be able to access the new Alerts and Cases operational reports.

This message is associated with Microsoft 365 Roadmap ID 420939.

When this will happen:

Public Preview: We will begin rolling out early December 2024 and expect to complete by late December 2024.

General Availability (Worldwide): We will begin rolling out early February 2025 and expect to complete by mid-March 2025.

How this will affect your organization:

To access the Alerts and Cases reports

  1. In Insider Risk Management, go the new Reports page at https://purview.microsoft.com/insiderriskmgmt/reportingpage
  2. Select Alerts or Cases
  3. To drill deeper into each report, select View details

Access the new unified Reports page at https://purview.microsoft.com/insiderriskmgmt/reportingpage:

admin controls

To view new reports, Select Alerts or Cases on the Reports page:

admin controls

Photo2- Example of an Alerts report:

admin controls

This feature is available by default to be configured by admins, analysts, or investigators.

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your admins and investigators about this change and update any relevant documentation.

Learn more: Learn about insider risk management | Microsoft Learn

Before rollout, we will update this post with revised documentation.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.