Published Dec 2, 2024
Microsoft Purview Insider Risk Management will soon roll out risky AI usage detections. Public Preview starts in early December 2024, and General Availability begins mid-June 2025. Admins can prepare by using analytics, creating policies, and leveraging new Generative AI indicators. More details can be found [here](https://learn.microsoft.com/purview/insider-risk-management-policy-templates#risky-ai-usage-preview).
Updated March 6, 2025: We have updated the rollout timeline below. Thank you for your patience.
Coming soon, Microsoft Purview Insider Risk Management will be rolling out risky AI usage detections
This message is associated with Microsoft 365 Roadmap ID 394281
When this will happen:
Public Preview: We will begin rolling out early December 2024 and expect to complete by mid-December 2024.
General Availability (Worldwide): We will begin rolling out mid-June 2025 (previously mid-August) and expect to complete by late August (previously late February).
How this will affect your organization:
With this update, Insider risk management will help admins identify risky AI usage. We are adding new detections of intentional and unintentional insider risk activity on generative AI apps that can pose a risk to an organization. Activities will include risky prompts containing sensitive info or risky intent and sensitive responses containing sensitive info or generated from sensitive files or sites. Coverage will span across M365 Copilot, Copilot Studio and ChatGPT Enterprise. These detections will also contribute to Adaptive Protection insider risk levels.
What you need to do to prepare:
Below are some of the steps admin can take
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Main Admin link: Learn about insider risk management policy templates | Microsoft Learn