Updated July 1, 2025: We have updated the timeline below. Thank you for your patience.
Coming soon to Microsoft Purview: Insider Risk Management (IRM) data including alerts, indicators and events will be available in these Microsoft Defender XDR experiences:
- Unified alert queue: IRM alerts will appear in the unified alert and incident queue in Defender XDR for comprehensive investigation and correlation.
- Advanced Hunting: IRM data will be available for advanced hunting in Defender XDR, allowing analysts to identify hidden risk patterns using KQL queries. Analytics can also create custom detections on the top of IRM data.
- Graph API: IRM data will be accessible through the Microsoft Graph API, supporting bidirectional integrations with external applications.
- Microsoft Sentinel: IRM alerts will be available in Microsoft Sentinel through the XDR-Sentinel connector, providing richer metadata.
This message is associated with Microsoft 365 Roadmap ID 422730.