The customizable alerts system needs improvement. The detection rules are not extensive enough. There should be more possibilities for creating alerts based on additional criteria. While rules can be customized, the available criteria for creating detection rules should be expanded. Microsoft's pricing is very expensive. The Business Premium offering should be extended to enterprise customers, as it's currently limited to 300 users. There should be a tier below E5 that includes Microsoft Purview and other features. Currently, E5 licensing costs approximately 6,000 INR per user per month including taxes. Competitive solutions offer similar functionality at about 50% of Microsoft's cost. Email DLP is included in Business Premium or P1 licenses, while P2 licenses cover endpoint DLP and additional channels. Microsoft should introduce an intermediate tier below E5 that covers all P1 licenses, as customers often need coverage across the entire M365 suite.
The reporting capabilities sometimes leave a little to be desired. It could be improved in terms of producing reports to provide information to the C-suite or others.
Implementing policies in the solution isn't easy, and it takes time. For example, you need to use some secrets in Windows or Mac to execute your policies, and you can assign these policies with Microsoft Intune. However, when you execute a policy, you still need to wait up to two days to see alerts. Some of our customers aren't happy because they didn't expect it to take so long. They're satisfied once it starts working because they see the alerts and graphs. The user interface also isn't user-friendly. When we introduce Insider Risk Management to our clients, they often find it difficult to understand. There is too much information, and the UI is not scalable. Also, entry-level IT technicians are not always interested in learning something new. It should be clearer and easier to understand. Microsoft is still working on machine learning and AI components. They're constantly updating the product. However, from my experience, most of my customers are not ready or able to use the AI solution. They are creating some project plans and specific policies. They don't want to see dozens of alerts when they use Microsoft's recommendations or the AI-based solution.
For certain things, you need to install an agent. I understand it's for integrity, but if there could be a clientless solution for certain aspects, it would make life easier. For example, you need to install a Microsoft agent on your endpoints for certain features to work for insider risk management. In the future, if they could enhance the technology to make it a seamless solution, that would be helpful, like the endpoint EDR solutions we have these days. Installing an agent on the client workstation is a headache. Whenever a new client comes in, you need to install an agent on it. It's an added task for IT. If they could eliminate that by integrating with AD or some other solution, that would make life easier. It becomes an issue because sometimes people are working from home. They're using their own laptops or workstations and it becomes a problem because you cannot install the agents on their home laptops.
Learn what your peers think about Microsoft Purview Insider Risk Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2025.
Microsoft Purview Insider Risk Management helps organizations identify and manage potential internal threats by utilizing advanced analytics and insights to minimize risk.With a focus on addressing internal threats, Microsoft Purview Insider Risk Management employs sophisticated analytics to proactively detect and manage risks. It offers context-rich insights to protect data, helping businesses maintain compliance and safeguard their information. By implementing mechanisms to predict...
The customizable alerts system needs improvement. The detection rules are not extensive enough. There should be more possibilities for creating alerts based on additional criteria. While rules can be customized, the available criteria for creating detection rules should be expanded. Microsoft's pricing is very expensive. The Business Premium offering should be extended to enterprise customers, as it's currently limited to 300 users. There should be a tier below E5 that includes Microsoft Purview and other features. Currently, E5 licensing costs approximately 6,000 INR per user per month including taxes. Competitive solutions offer similar functionality at about 50% of Microsoft's cost. Email DLP is included in Business Premium or P1 licenses, while P2 licenses cover endpoint DLP and additional channels. Microsoft should introduce an intermediate tier below E5 that covers all P1 licenses, as customers often need coverage across the entire M365 suite.
The reporting capabilities sometimes leave a little to be desired. It could be improved in terms of producing reports to provide information to the C-suite or others.
Implementing policies in the solution isn't easy, and it takes time. For example, you need to use some secrets in Windows or Mac to execute your policies, and you can assign these policies with Microsoft Intune. However, when you execute a policy, you still need to wait up to two days to see alerts. Some of our customers aren't happy because they didn't expect it to take so long. They're satisfied once it starts working because they see the alerts and graphs. The user interface also isn't user-friendly. When we introduce Insider Risk Management to our clients, they often find it difficult to understand. There is too much information, and the UI is not scalable. Also, entry-level IT technicians are not always interested in learning something new. It should be clearer and easier to understand. Microsoft is still working on machine learning and AI components. They're constantly updating the product. However, from my experience, most of my customers are not ready or able to use the AI solution. They are creating some project plans and specific policies. They don't want to see dozens of alerts when they use Microsoft's recommendations or the AI-based solution.
For certain things, you need to install an agent. I understand it's for integrity, but if there could be a clientless solution for certain aspects, it would make life easier. For example, you need to install a Microsoft agent on your endpoints for certain features to work for insider risk management. In the future, if they could enhance the technology to make it a seamless solution, that would be helpful, like the endpoint EDR solutions we have these days. Installing an agent on the client workstation is a headache. Whenever a new client comes in, you need to install an agent on it. It's an added task for IT. If they could eliminate that by integrating with AD or some other solution, that would make life easier. It becomes an issue because sometimes people are working from home. They're using their own laptops or workstations and it becomes a problem because you cannot install the agents on their home laptops.