Coming soon: Microsoft Purview | Insider Risk Management will introduce a central location for all reports including analytics and user activity reports. New Alerts and Cases operational reports will summarize trends in alerts generated and cases created. Sample reports include alerts and cases generated over time, alerts actioned over time, alerts and cases generated by region and department, top triggering events of alerts generated, and average time to triage alerts and cases. Users with the admin, analyst, or investigator role will be able to access the new Alerts and Cases operational reports.
This message is associated with Microsoft 365 Roadmap ID 420939.
When this will happen:
Public Preview: We will begin rolling out early December 2024 and expect to complete by late December 2024.
General Availability (Worldwide): We will begin rolling out early February 2025 and expect to complete by mid-March 2025.
How this will affect your organization:
To access the Alerts and Cases reports
- In Insider Risk Management, go the new Reports page at https://purview.microsoft.com/insiderriskmgmt/reportingpage
- Select Alerts or Cases
- To drill deeper into each report, select View details
Access the new unified Reports page at https://purview.microsoft.com/insiderriskmgmt/reportingpage:
To view new reports, Select Alerts or Cases on the Reports page:
Photo2- Example of an Alerts report:
This feature is available by default to be configured by admins, analysts, or investigators.
What you need to do to prepare:
This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your admins and investigators about this change and update any relevant documentation.
Learn more: Learn about insider risk management | Microsoft Learn
Before rollout, we will update this post with revised documentation.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.