Microsoft 365 Message Center Archive

MC937158 - Microsoft Purview | Insider Risk Management: New scenario-based policy templates

Message ID

MC937158

View in Message Center

Service

Microsoft Purview

Last Updated

Apr 3, 2025

Published Nov 19, 2024

Tag

Updated message
New feature
User impact
Admin impact

Roadmap ID

409966

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Purview Insider Risk Management is introducing two new quick policy templates for Crown jewel protection and Email exfiltration, available from late November 2024 (Public Preview) and late February 2025 (General Availability). Existing quick policies for Data leak and Data theft will remain. No admin action is required before the rollout.

More information

Updated April 3, 2025: We have updated the rollout timeline below. Thank you for your patience.

Coming soon to Microsoft Purview | Insider Risk Management: Two new preconfigured quick policy templates for Crown jewel protection and Email exfiltration. These templates are for admins who want to deploy scenario-specific policy templates with less configuration, to get started faster. The existing quick policies for Data leak and Data theft will continue to be available. You can find all four scenario-based quick policies in Insider Risk Management at Policies > Create Policies. Admins can expect additional turning after deploying these policies to meet individual alert volume needs.

This message is associated with Microsoft 365 Roadmap ID 409966.

When this will happen:

Public Preview: We will begin rolling out late November 2024 and expect to complete by mid-December 2024.

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late February 2025 (previously early February) and expect to complete by early April 2025 (previously late March).

How this will affect your organization:

  1. Sign in to Insider Risk Management with the admin role permissions
  2. Go to the Policies page at https://purview.microsoft.com/insiderriskmgmt/policiespage
  3. Select Create policy
  4. Select Quick policies
  5. Select either the Crown jewel protection policy or the Email exfiltration policy
  6. Configure policy as applicable (add users to scope, optional priority content, and so on)

admin controls

admin controls

The new policies will be on by default.

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your users about this change and update any relevant documentation.

Learn more: The Quick Policies section in Create and manage insider risk management policies | Microsoft Learn