Enable admin notifications in insider risk management


Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

When you turn on the Admin notifications setting in Microsoft Purview Insider Risk Management, email notifications are automatically sent to selected role groups. You can send email notifications for the following scenarios:

  • Send a notification email when the first alert is generated for a new policy. Policies are checked every 24 hours for first-time alerts and notifications aren't sent on subsequent alerts for the policy.
  • Send a daily email when new high-severity alerts are generated. Policies are checked every 24 hours for high severity alerts.
  • Send a weekly email summarizing policies that have unresolved warnings.


If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.

If you've enabled insider risk management analytics for your organization, members of the Insider Risk Management Admins role group automatically receive an email notification for initial analytics insights for data leaks, theft, and exfiltration activities.

Disable admin and analytics notifications

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.

  2. Select the Settings button in the upper-right corner of the page, and then select Insider Risk Management to go to the insider risk management settings.

  3. Under Insider risk settings, select Admin notifications.

  4. Clear the check boxes for the following options, as applicable:

    • Send a notification email when the first alert is generated for a new policy
    • Send an email when an analytics scan detects an insight for the first time
    • Send an email when analytics is turned off for your organization
  5. Select Save.