IRM Policy Planner
Plan your Insider Risk Management deployment. Choose policy templates, map prerequisites, configure indicators, and simulate scenarios before touching your tenant.
Check off the prerequisites your organization has configured. These determine which policy templates are available and will flag warnings if a policy requires something you have not set up.
Required for all policies
Insider Risk Management requires M365 E5, E5 Compliance, or the Insider Risk Management add-on license.
Microsoft docsAudit logging must be turned on for Insider Risk Management to capture user and admin activities.
Microsoft docsRequired by specific templates
The Microsoft 365 HR connector imports resignation dates, termination dates, performance reviews, and job level changes from your HR system.
Data Loss Prevention policies with High severity alerts configured. Required as a triggering event for data leak templates.
Microsoft docsMicrosoft Defender for Endpoint must be configured and sharing alerts with the Purview portal for security violation templates.
The Microsoft Healthcare connector imports activity data from your EMR system for patient data misuse detection.
The Microsoft Compliance Extension for Edge and/or Chrome must be deployed to detect browser-based exfiltration signals.
Optional
The Physical badging connector imports access data from your physical control and access platforms (badge readers, door logs).
Microsoft docs