Microsoft 365 Message Center item MC1388723
MC1388723 - Microsoft Purview: Insider Risk Management – New triggers for Microsoft Fabric, cloud storage, and cloud services
Microsoft Purview Insider Risk Management adds new policy triggers for Microsoft Fabric, cloud storage (Box, Dropbox, Google Drive), and cloud services (Azure, AWS) to enhance detection of insider risks across multi-cloud environments. Available from July 2026, admins can configure these triggers to expand monitoring and compliance capabilities.
- Message Center ID
- MC1388723
- Category
- plan For Change
- Severity
- normal
- Services
- Microsoft Purview
- Tags
- New feature, User impact, Admin impact
- Roadmap ID
- 560399
- Platforms
- Web
- Published
- 2026-06-12
- Last updated
- 2026-06-12
- Expires
- 2026-08-31
[What and Why]We are introducing new triggers in Microsoft Purview Insider Risk Management (IRM) data leak policies that incorporate signals from Microsoft Fabric, cloud storage apps (Box, Dropbox, Google Drive), and cloud services (Azure, Amazon Web Services).These enhancements help organizations better detect and manage insider risk by expanding visibility into user activities across multi-cloud and analytics environments. This supports stronger compliance monitoring and risk detection aligned with modern hybrid data usage.This message is associated with Microsoft 365 Roadmap ID 560399.[Rollout Schedule]Public Preview: Began in early June 2026 and completes by late June 2026.General Availability (Worldwide): Begins in early July 2026 and completes by late July 2026.[Impact on Your Organization]Who is affectedAdmins managing Microsoft Purview Insider Risk ManagementOrganizations using IRM data leak policiesTenants with activity across Microsoft Fabric or supported third-party cloud platformsPlatforms/ServicesMicrosoft Purview Insider Risk ManagementMicrosoft Fabric (Power BI, Lakehouse)Cloud storage apps (Box, Dropbox, Google Drive)Cloud services (Azure, AWS)What will happenAdmins can configure new policy triggers based on user activity in:Microsoft Fabric workloads (Power BI, Lakehouse)Cloud storage apps (Box, Dropbox, Google Drive)Cloud services (Azure, AWS)These triggers:Define which users enter policy scopeWork alongside indicators that calculate risk scoresThis expands IRM visibility to include multi-cloud and analytics scenarios.The feature is available within the Data leaks policy template.Feature availability depends on admin configuration (not automatically enforced until configured).[Action Required / Recommendations]No immediate action is required. To take advantage of this update:Review your Insider Risk Management policies in Microsoft Purview.Evaluate whether to incorporate new triggers for:Microsoft Fabric activitiesExternal cloud storage and servicesUpdate or create Data leak policies using the new trigger options.Inform security and compliance teams of expanded monitoring capabilities.Learn more: Learn about Insider Risk Management policy templates | Microsoft Purview | Microsoft Learn[Compliance Considerations]QuestionAnswerDoes the change alter how existing customer data is processed, stored, or accessed (such as documents, emails, chats, etc.), and if so how and to what extent?Yes. This change expands how customer activity data is processed within Insider Risk Management by incorporating additional signals from Microsoft Fabric, cloud storage apps, and cloud services to determine policy scope and risk evaluation.Does the change alter how admins can monitor, report on, or demonstrate compliance activities (such as Purview or admin reporting), and if so summarize the changes?Yes. This change enhances admin monitoring and reporting capabilities by providing visibility into user activities across Microsoft Fabric and supported third-party cloud platforms within Insider Risk Management policies.Does the change add any integration to third-party software products, and if so what?Yes. This change introduces integrations with third-party cloud storage providers (Box, Dropbox, Google Drive) and cloud services (Amazon Web Services), enabling activity signals from these services to be used in policy triggers.Does the change include an admin control and can it be controlled through Entra ID group membership?Yes. The feature is controlled by administrators through Insider Risk Management policy configuration, where admins define triggers within data leak policy templates to scope users and apply monitoring.