Services
Affected Platforms
Summary
Microsoft Purview Insider Risk Management will add network-based detection of sensitive data shared to cloud apps and Generative AI, rolling out from mid-2025 to early 2026. It enhances insider risk detection with privacy protections and requires admin configuration to enable network indicators in policies.
Details
Updated October 7, 2025: We have updated the timeline. Thank you for your patience.
Microsoft Purview Insider Risk Management (IRM) is introducing enhanced detection capabilities that allow organizations to identify sensitive files and text shared to any cloud application or website—including Generative AI platforms—via the network layer. This capability is powered by integration with third-party network partners, enabling data capture at the network level.
IRM correlates signals to detect potential insider risks such as IP theft, data leakage, and policy violations. Built with privacy by design, IRM pseudonymizes users by default and includes role-based access controls and audit logs to help ensure user-level privacy.
This message is associated with Microsoft 365 Roadmap ID 484084.
When this will happen:
Public Preview: We will begin rolling out mid-July 2025 and expect to complete by late July 2025.
General Availability (Worldwide): We will begin rolling out mid-January 2026 and expect to complete by late January 2026.
How this will affect your organization:
Organizations will gain visibility into sensitive data shared to any cloud application or website via the network layer. This helps strengthen insider risk detection and supports compliance and data protection efforts across cloud environments.
This capability will be available by default but requires admin configuration to take effect at Insider Risk Management > Insider Risk Management settings > Policy indicators > Network indicators (preview):
What you need to do to prepare:
This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current Insider Risk Management configuration to assess the impact on your organization. You may want to notify your admins and/or users about this change and update internal documentation.
- Complete network onboarding as outlined in Learn about Microsoft Purview Network Data Security (preview) | Microsoft Learn
- Enable network indicators in IRM and incorporate them into your Insider Risk Management policies to begin leveraging this new detection capability.
Learn more: Configure policy indicators in insider risk management | Microsoft Learn (will be updated before rollout)