MC1387681Microsoft Purview | Insider Risk Management: Policy recommendation panel in IRM
Summary
Microsoft Purview Insider Risk Management introduces a Policy Recommendation panel to identify gaps in insider risk policies and suggest improvements using analytics. Rolling out mid-June to late July 2026, it enhances policy coverage for risks like data leakage and AI misuse, with no impact on existing workflows.
More information
What and Why
Microsoft Purview Insider Risk Management is introducing a policy recommendation panel to help administrators identify gaps in insider risk coverage and strengthen protections. While policies provide protection against insider risks, organizations may not always have visibility into missing or high-value configurations. This enhancement provides guidance on which policies are missing or offer the most incremental value, using analytics to generate actionable recommendations that improve coverage across scenarios such as data leakage, data theft, risky AI usage, IP theft, and security violations.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent risks. It enables organizations to define policies based on their governance needs and is built with privacy by design, including pseudonymization by default, role-based access controls, and audit logging to help protect user privacy.
This message is associated with Microsoft 365 Roadmap ID 560600.
Rollout Schedule
- Public Preview: Rolling out from mid-June 2026 through late June 2026
- General Availability (Worldwide): Rolling out mid-July 2026 and expected to complete by late July 2026
Impact on Your Organization
Who is affected
- Microsoft Purview Insider Risk Management administrators
- Organizations using Insider Risk Management policies
Platforms/Services
- Microsoft Purview Insider Risk Management (web experience)
What will happen
- A new Policy Recommendation panel will be available on the Policies page.
- The panel will analyze existing policies and identify potential gaps in coverage.
- Administrators will receive recommendations to create policies addressing risks such as data leakage, data theft, and risky AI usage.
- The feature is enabled by default and available automatically as part of the rollout.
- Existing policies and configurations remain unchanged.
- There is no impact to user workflows.
Action Required/Recommendations
No action is required.
Recommended actions:
- Review recommendations in the Policy Recommendation panel.
- Evaluate suggested policies to improve insider risk coverage.
- Update internal governance or risk management processes as needed.
- Communicate this enhancement to security and compliance teams.
Compliance considerations
| Question | Answer |
| Does the change alter how existing customer data is processed, stored, or accessed (for example, documents, emails, or chats)? If so, how and to what extent? | Yes. The feature analyzes existing policy configurations and organizational signals within Insider Risk Management to generate recommendations, which introduces additional processing of customer data signals. |
| Does the change introduce or significantly modify AI or machine learning capabilities that interact with or provide access to customer data? If so, summarize the changes. | Yes. The policy recommendation panel uses analytics-driven intelligence to identify gaps in policy coverage and generate recommendations based on correlated signals. |
| Does the change alter how admins can monitor, report on, or demonstrate compliance activities, for example in Microsoft Purview or admin reporting? If so, summarize the changes. | Yes. Administrators gain enhanced visibility into policy coverage gaps and recommendations, improving their ability to monitor and manage insider risk compliance activities. |