Microsoft 365 Roadmap
We’re introducing a new collaboration capability in Insider Risk Management that enables analysts and investigators to add notes directly within alerts. With this feature, users can document investigation progress, share findings, and capture key context throughout the triage process. In addition to manually added notes, system‑generated notes will automatically record updates such as alert status changes or user assignments — helping teams maintain a clear and auditable investigation timeline. By centralizing investigation history directly within alerts, this update helps improve collaboration and ensures all stakeholders stay aligned throughout the investigation lifecycle. These note enhancements will also be made available in Cases. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.