Microsoft Purview compliance portal: Enhancements to global exclusions in IRM settings

🚨 The Signal: Microsoft Purview Insider Risk Management now offers enhanced global exclusions for email, removable media, and browser activity. This reduces alert noise by refining keyword and file path exclusions, improving the accuracy of insider risk detection.

The Impact

Security teams are affected by reduced alert noise, improving focus on genuine insider threats.

• Security teams: Reduced false positives from email signatures.
• Security teams: More accurate exclusions for removable media file transfers.
• Security teams: Better filtering of browser-related insider risk indicators.
• Security teams: Improved signal-to-noise ratio for insider risk investigations.

The Action

1. Navigate to Microsoft Purview compliance portal > Insider Risk Management > Global settings > Exclusions.
2. Review and update keyword exclusions for email to leverage the new 'all attachments or subject' logic.
3. Configure file path exclusions for removable media based on new support for both source and target paths.
4. Add domain exclusions for browsing indicators to reduce noise from trusted sites.
5. Monitor Insider Risk Management dashboards for improved alert fidelity.

Domain: Purview · Impact: medium · Workload: Microsoft Purview