MC937158 - Microsoft Purview | Insider Risk Management: New scenario-based policy templates

Service

Microsoft Purview

Last Updated

Feb 21, 2025

Published Nov 19, 2024

Tag

Updated message
New feature
User impact
Admin impact

Platforms

Web

Summary

Microsoft Purview's Insider Risk Management is introducing two new quick policy templates for Crown jewel protection and Email exfiltration, available from late February 2025. Existing templates for Data leak and Data theft remain. Admins can configure these policies with minimal setup. No action is required before rollout.

More information

Updated February 21, 2025: We have updated the rollout timeline below. Thank you for your patience.

Coming soon to Microsoft Purview | Insider Risk Management: Two new preconfigured quick policy templates for Crown jewel protection and Email exfiltration. These templates are for admins who want to deploy scenario-specific policy templates with less configuration, to get started faster. The existing quick policies for Data leak and Data theft will continue to be available. You can find all four scenario-based quick policies in Insider Risk Management at Policies > Create Policies. Admins can expect additional turning after deploying these policies to meet individual alert volume needs.

This message is associated with Microsoft 365 Roadmap ID 409966.

When this will happen:

Public Preview: We will begin rolling out late November 2024 and expect to complete by mid-December 2024.

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late February 2025 (previously early February) and expect to complete by late March 2025.

How this will affect your organization:

  1. Sign in to Insider Risk Management with the admin role permissions
  2. Go to the Policies page at https://purview.microsoft.com/insiderriskmgmt/policiespage
  3. Select Create policy
  4. Select Quick policies
  5. Select either the Crown jewel protection policy or the Email exfiltration policy
  6. Configure policy as applicable (add users to scope, optional priority content, and so on)

admin controls

admin controls

The new policies will be on by default.

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your users about this change and update any relevant documentation.

Learn more: The Quick Policies section in Create and manage insider risk management policies | Microsoft Learn