Coming soon: Microsoft Purview Insider Risk Management will be rolling out updates to email scoring.
This message is associated with Microsoft 365 Roadmap ID 469505.
When this will happen:
Public Preview: We will begin rolling out late November 2024 and expect to complete by late November 2024.
General Availability (Worldwide): We will begin rolling out early January 2025 and expect to complete by mid-January 2025.
How this will affect your organization:
Insider risk management (IRM) email scoring logic is being updated. With current logic, a single email to multiple recipients is counted multiple times, and this is creating noise by increasing the risk score. In the new logic, a single email to multiple recipients is counted once, and this new principle is applicable to the email containing multiple unallowed domains or priority content. After this rollout, all email insights in Alerts will display the new count and score.
This change will be available by default.
What you need to do to prepare:
This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your admins about this change and update any relevant documentation.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
You can access the Insider Risk Management solution in the Microsoft Purview compliance portal.
Learn more: Configure policy indicators in insider risk management | Microsoft Learn