The Microsoft Purview Insider Risk Management triage agent is an AI-powered tool designed to help security teams efficiently manage insider risk alerts. It provides a managed alert queue that highlights the most critical activities by evaluating both the content and potential intent behind them, based on the organization’s configured risk parameters. By offering a clear explanation of its prioritization logic, the agent reduces the time and complexity involved in manual triage, enabling teams to respond faster and more effectively to potential insider threats.

Agent tasks: Alert triage, risk scoring, threat prioritization, contextual analysis, incident classification

Agent workflow

Inputs: User activity signals, alert metadata, organizational risk tolerance settings

Outputs: Prioritized insider risk alert queue with rationale for categorization and recommended response