Microsoft 365 Message Center ArchiveM365 Archive
Message Center

MC1388723Microsoft Purview: Insider Risk Management – New triggers for Microsoft Fabric, cloud storage, and cloud services

Summary

Microsoft Purview Insider Risk Management adds new policy triggers for Microsoft Fabric, cloud storage (Box, Dropbox, Google Drive), and cloud services (Azure, AWS) to enhance detection of insider risks across multi-cloud environments. Available from July 2026, admins can configure these triggers to expand monitoring and compliance capabilities.

More information

What and Why

We are introducing new triggers in Microsoft Purview Insider Risk Management (IRM) data leak policies that incorporate signals from Microsoft Fabric, cloud storage apps (Box, Dropbox, Google Drive), and cloud services (Azure, Amazon Web Services).

These enhancements help organizations better detect and manage insider risk by expanding visibility into user activities across multi-cloud and analytics environments. This supports stronger compliance monitoring and risk detection aligned with modern hybrid data usage.

This message is associated with Microsoft 365 Roadmap ID 560399.

Rollout Schedule

  • Public Preview: Began in early June 2026 and completes by late June 2026.
  • General Availability (Worldwide): Begins in early July 2026 and completes by late July 2026.

Impact on Your Organization

Who is affected

  • Admins managing Microsoft Purview Insider Risk Management
  • Organizations using IRM data leak policies
  • Tenants with activity across Microsoft Fabric or supported third-party cloud platforms

Platforms/Services

  • Microsoft Purview Insider Risk Management
  • Microsoft Fabric (Power BI, Lakehouse)
  • Cloud storage apps (Box, Dropbox, Google Drive)
  • Cloud services (Azure, AWS)

What will happen

  • Admins can configure new policy triggers based on user activity in:
    • Microsoft Fabric workloads (Power BI, Lakehouse)
    • Cloud storage apps (Box, Dropbox, Google Drive)
    • Cloud services (Azure, AWS)
  • These triggers:
    • Define which users enter policy scope
    • Work alongside indicators that calculate risk scores
  • This expands IRM visibility to include multi-cloud and analytics scenarios.
  • The feature is available within the Data leaks policy template.
  • Feature availability depends on admin configuration (not automatically enforced until configured).

Action Required / Recommendations

No immediate action is required. To take advantage of this update:

  • Review your Insider Risk Management policies in Microsoft Purview.
  • Evaluate whether to incorporate new triggers for:
    • Microsoft Fabric activities
    • External cloud storage and services
  • Update or create Data leak policies using the new trigger options.
  • Inform security and compliance teams of expanded monitoring capabilities.

Learn more: Learn about Insider Risk Management policy templates | Microsoft Purview | Microsoft Learn

Compliance Considerations

QuestionAnswer
Does the change alter how existing customer data is processed, stored, or accessed (such as documents, emails, chats, etc.), and if so how and to what extent?Yes. This change expands how customer activity data is processed within Insider Risk Management by incorporating additional signals from Microsoft Fabric, cloud storage apps, and cloud services to determine policy scope and risk evaluation.
Does the change alter how admins can monitor, report on, or demonstrate compliance activities (such as Purview or admin reporting), and if so summarize the changes?Yes. This change enhances admin monitoring and reporting capabilities by providing visibility into user activities across Microsoft Fabric and supported third-party cloud platforms within Insider Risk Management policies.
Does the change add any integration to third-party software products, and if so what?Yes. This change introduces integrations with third-party cloud storage providers (Box, Dropbox, Google Drive) and cloud services (Amazon Web Services), enabling activity signals from these services to be used in policy triggers.
Does the change include an admin control and can it be controlled through Entra ID group membership?Yes. The feature is controlled by administrators through Insider Risk Management policy configuration, where admins define triggers within data leak policy templates to scope users and apply monitoring.