Microsoft 365 Message Center item MC1221449

MC1221449 - Microsoft Purview: Insider Risk Management – Quick policy to detect data theft from non-Microsoft 365 data sources

A new quick policy template in Microsoft Purview Insider Risk Management will help detect data theft from Microsoft Fabric and non-Microsoft 365 cloud sources like Box, Dropbox, Google Drive, Azure, and AWS. It requires minimal setup, is not enabled by default, and rolls out worldwide in late February 2026.

Message Center ID
MC1221449
Category
stay Informed
Severity
normal
Services
Microsoft Purview
Tags
New feature, User impact, Admin impact
Roadmap ID
543244
Platforms
Web
Published
2026-01-23
Last updated
2026-01-23
Expires
2026-05-29

[Introduction] We’re adding a new preconfigured quick policy template in Insider Risk Management to help detect potential data theft from Microsoft Fabric and other non-Microsoft 365 cloud storage services, including Box, Dropbox, Google Drive, Azure, and Amazon Web Services (AWS). This template helps admins create scenario-specific policies with minimal configuration, enabling faster and more consistent onboarding.This message is associated with Microsoft 365 Roadmap ID 543244.[When this will happen]General Availability (Worldwide): We will begin rolling out in late February 2026 and expect to complete by late February 2026.[How this affects your organization]Who is affected:Insider Risk Management admins with permissions to create and manage policiesOrganizations using Microsoft Fabric or non-Microsoft 365 cloud storage providers (Box, Dropbox, Google Drive, Azure, AWS)What will happen:A new quik policy template will appear in Insider Risk Management under Policies > Create policy.Admins can use the template to detect potential data theft activities performed by:Users leaving the organization, orUsers whose accounts have been deleted in Microsoft Entra IDThe template supports monitoring across Microsoft Fabric and multiple third‑party cloud sources.Policies created with this template require minimal configuration to get started.Additional tuning may be needed after deployment to optimize alert volume for your environment.This feature is not enabled by default; admins must opt in by creating the policy.[What you can do to prepare]Review your Insider Risk Management role permissions to ensure appropriate admin access.When available, create the new quick policy from Microsoft Purview > Insider Risk Management > Policies > Create policy.After deployment, evaluate alert volume and adjust thresholds or settings as needed.If your organization uses cloud apps such as Box, Dropbox, Google Drive, Azure, AWS, or Microsoft Fabric, confirm the relevant connectors and integrations are enabled.For detailed guidance, review: Create and manage Insider Risk Management policies | Microsoft Learn[Compliance considerations]No compliance considerations identified. Review as appropriate for your organization.