Manage Privacy Risk Management policies
Microsoft Priva Privacy Risk Management enables you to effectively manage privacy policies by offering flexible options for testing, activation, and ongoing monitoring. Managing your policies ensures they remain effective in addressing privacy risks while adapting to organizational needs.
Manage Privacy Risk Management policies
Testing a policy
When creating a new policy, you can choose to start it in test mode. Test mode provides a risk-free environment to validate policy settings and assess their effect without generating alerts or notifications. Policies created quickly from a template are also automatically placed in test mode. While in test mode, the policy evaluates historical data and provides insights, such as matches by location, user, or data type. Use these insights to fine-tune the policy before activating it. Testing is recommended for at least five days to ensure sufficient data for evaluation. You can edit a policy during its test mode to adjust conditions and monitor the changes before turning it on.
To start a policy in test mode:
- Select Create a policy from the Policies page.
- Complete the steps in the policy creation wizard, ensuring you choose Test it out first at the Decide policy mode step.
- Submit the policy to begin testing. The policy status on the details page indicates it is in test mode.
Insights typically take up to 48 hours to appear after the policy begins testing.
Activating a policy
When ready, activate a policy to begin enforcing its conditions and sending alerts or notifications. To activate a policy created in test mode:
Open the policy from the Policies page.
Select the Turn on policy to activate the policy.
Once active, the policy generates alerts based on detected matches and initiates any user notifications or remediation actions you configured.
Turning off a policy
If you need to stop a policy temporarily, you can turn it off without deleting it. When a policy is turned off, it no longer detects matches, generates alerts, or sends notifications. To turn off a policy:
- Open the policy from the Policies page.
- Select Turn off policy in the upper-right corner of the details page.
You can turn the policy back on at any time by selecting Turn on policy from the same location.
Edit a policy
Privacy Risk Management policies can be edited at any time to adjust their settings. This includes changes to conditions, thresholds, or outcomes. The policy name and template are fixed and can't be changed after creation. Policies can also be returned to test mode for further evaluation if needed.
To edit a policy:
- Select the policy from the Policies page.
- On the policy details page, select Edit.
- Navigate through the policy creation wizard to update the desired settings.
- Review and submit the changes on the final page.
Delete a policy
If a policy is no longer needed, you can delete it to remove it permanently. Deleting a policy doesn't affect files previously evaluated or any alerts generated by the policy.
To delete a policy:
- Locate the policy on the Policies page.
- Select the action menu (vertical ellipses) and choose Delete policy.
- Confirm the deletion to finalize the action.
You can also open the policy details page and select Delete in the upper-right corner.
Monitoring policy performance
Each policy has a details page that provides insights into its performance and effectiveness. Use the Overview tab to review:
- Policy status: Indicates if the policy is in test mode, active, or off.
- Matches by location: Displays content items detected by the policy across different Microsoft 365 locations.
- Matches by user: Highlights users whose actions triggered policy matches.
- Matches by data type: Identifies the types of personal data detected.
The Matched items tab lists all content items detected by the policy, with options to preview items and review details such as data types, file activities, and remediation history. These insights help administrators refine policies and take appropriate corrective actions to reduce risks.