(Updated) Microsoft Purview | Insider Risk Management- Risky AI usage

Microsoft Purview Insider Risk Management will soon include risky AI usage detections. Public preview starts in December 2024, with general availability in August 2025. This update helps admins identify risky AI activities in M365 Copilot, Copilot Studio, and ChatGPT Enterprise. Admins should prepare by creating policies and using new analytics and indicators.

Updated June 16, 2025: We have updated the timeline below. Thank you for your patience.

Coming soon, Microsoft Purview Insider Risk Management will be rolling out risky AI usage detections

This message is associated with Microsoft 365 Roadmap ID 394281

[When this will happen:]

Public Preview: We will begin rolling out early December 2024 and expect to complete by mid-December 2024.

General Availability (Worldwide): We will begin rolling out early August 2025 (previously mid-June) and expect to complete by mid-August (previously late August). 

[How this will affect your organization:]

With this update, Insider risk management will help admins identify risky AI usage. We are adding new detections of intentional and unintentional insider risk activity on generative AI apps that can pose a risk to an organization. Activities will include risky prompts containing sensitive info or risky intent and sensitive responses containing sensitive info or generated from sensitive files or sites. Coverage will span across M365 Copilot, Copilot Studio and ChatGPT Enterprise. These detections will also contribute to Adaptive Protection insider risk levels.

[What you need to do to prepare:]

Below are some of the steps admin can take

1. Get insights into risky AI usage at an organization level in an anonymized form using analytics
2. Create Risky AI usage policy to track risky prompts and sensitive responses in M365 Copilot, Copilot Studio
3. The activity explorer in alerts gives a single threaded view of prompt, response along with the sensitive information present
4. Use the new Generative AI indicators in adaptive protection for user risk score

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. 

Main Admin link: Learn about insider risk management policy templates | Microsoft Learn