Microsoft Purview | Insider Risk Management: Adaptive protection - Enhancements to risk level settings

Updated January 7, 2025: We have updated the rollout timeline below. Thank you for your patience.

Coming soon: Admins can configure whether they want to expire insider risk levels in adaptive protection when a user’s alert is dismissed, or their case is resolved.

This message is associated with Microsoft 365 Roadmap ID 388736

When this will happen:

Public Preview: We will begin rolling out in early May 2024 and expect to complete by late June 2024.

General Availability: We will begin rolling out early July 2024 and expect to complete by mid-January 2024 (previously mid-December). 

How this will affect your organization:

With this new feature, an admin can configure whether they want to expire insider risk levels in adaptive protection when a user's alert is dismissed, or their case is closed. Today, this expiration happens automatically.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. 

What you need to do to prepare:

With this update, admins will see a new option in the Risk levels tab for adaptive protection called Risk level expiration options. This setting is enabled by default, and admins can uncheck this box if they would prefer that risk levels do not expire even when a user's alert is dismissed or their case is closed. 

Additional Resources: 

• Help dynamically mitigate risks with adaptive protection (preview) | Microsoft Learn