Services
Affected Platforms
Summary
Microsoft Purview Insider Risk Management will let analysts view AI prompt and response messages linked to insider risk indicators, even with user anonymization enabled. This enhances investigation context while maintaining privacy, role-based access, and audit controls. Rollout begins May 2026 with no user impact or required action.
Details
Introduction
Microsoft Purview Insider Risk Management is adding the ability for analysts to view AI prompt and response messages associated with insider risk indicators, even when user anonymization is enabled, helping improve investigation context while preserving privacy protections. This enhancement provides additional visibility into AI-related risk signals while maintaining existing role-based access controls, audit logging, and privacy-by-design safeguards.
Microsoft Purview Insider Risk Management correlates signals across Microsoft 365 to help organizations identify potential malicious or inadvertent insider risks, such as data leakage, IP theft, and security policy violations. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs help ensure investigations balance risk visibility with user privacy.
This message is associated with Microsoft 365 Roadmap ID 560599.
When this will happen
- Public Preview: We will begin rolling out in early May 2026 and expect to complete by mid-May 2026.
- General Availability (Worldwide): We will begin rolling out in mid-June 2026 and expect to complete by mid-June 2026.
How this affects your organization
Who is affected
- Admins and analysts who use Microsoft Purview Insider Risk Management
- Organizations that investigate AI-related insider risk signals
- No impact to users
What will happen
- Analysts will be able to view AI interaction messages, including prompts and AI-generated responses, when those interactions are associated with insider risk indicators.
- AI interaction visibility will be available even when user anonymization is enabled during investigations.
- User identities will remain pseudonymized unless an authorized analyst performs a permitted deanonymization action.
- Existing role-based access controls, audit logging, and privacy safeguards will continue to apply.
- The feature will be enabled by default as part of the rollout and will respect existing Insider Risk Management policies.
What you can do to prepare
No action is required to enable this feature.
You may want to:
- Inform Insider Risk Management analysts about additional AI interaction context will be available during investigations.
- Review and update internal investigation or governance documentation to reflect AI interaction visibility.
- Reinforce internal guidance that user privacy protections and access controls remain unchanged.
Compliance considerations
| Question | Answer |
| Does the change alter how existing customer data is processed, stored, or accessed? | Yes. Authorized analysts will be able to view existing AI prompt and response messages within Insider Risk Management investigations when those messages are associated with insider risk indicators. Access remains governed by existing role-based access controls and audit logging. |
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities? | Yes. Enhanced visibility into AI-related activity may improve insider risk investigations and compliance reviews without changing existing workflows or controls. |