Microsoft 365 Message Center ArchiveM365 Archive
Microsoft 365 Roadmap

RM564619Microsoft Purview: Insider Risk Management - Enhanced user profile in IRM alerts

Summary

We’re enhancing the User section within Insider Risk Management alerts to provide investigators with more contextual user profile and risk attributes directly within their workflow. With this update, analysts can now view key user details such as employee type, office location, start date, policy inclusion, priority user group status, and last working day—helping them build a more complete understanding of the user during investigations without navigating away from the alert experience. This feature will be available as part of the new alert workflow through the Alert Details panel. Additional user attributes will continue to be introduced over time, with pseudo‑anonymization honored to support privacy‑by‑design investigation practices. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Description

We’re enhancing the User section within Insider Risk Management alerts to provide investigators with more contextual user profile and risk attributes directly within their workflow. With this update, analysts can now view key user details such as employee type, office location, start date, policy inclusion, priority user group status, and last working day—helping them build a more complete understanding of the user during investigations without navigating away from the alert experience. This feature will be available as part of the new alert workflow through the Alert Details panel. Additional user attributes will continue to be introduced over time, with pseudo‑anonymization honored to support privacy‑by‑design investigation practices. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

GA date: October CY2026

Preview date: July CY2026