跳到主要内容

Deploy and Configure IRM Alert Triage Agent

Implementation Effort: Medium – Requires Microsoft Security Copilot onboarding with security compute units (SCUs) provisioned, Microsoft Purview plug-in activation, agent identity configuration, policy scope selection, and custom instruction tuning; ongoing SCU consumption monitoring is needed.
User Impact: Low – Admin and analyst activity; the Triage Agent automates insider risk alert categorization without changing end-user workflows.

Overview

Insider Risk Management policies for AI workloads — including the Risky AI and Risky Agents policies and Adaptive Protection configurations deployed earlier in this functional area — generate alerts whenever user behavior matches the defined risk indicators. As AI adoption grows across the organization, the volume of these alerts increases proportionally, and security teams face the same scaling challenge that affects all alert-driven workflows: more alerts than analysts can manually review. The Microsoft Purview Triage Agent in Insider Risk Management automates the initial categorization of these alerts by evaluating each one against multiple risk factors and classifying it as "Needs Attention," "Less Urgent," or "Not Categorized." This automated triage replaces the manual effort of an analyst opening each alert, reviewing the user's risk profile and activity sequence, and making a subjective severity judgment.

The Triage Agent runs on Microsoft Security Copilot infrastructure and consumes security compute units (SCUs) for each alert it processes. The tenant must be onboarded to Microsoft Security Copilot, Microsoft 365 data sharing must be enabled, and the Microsoft Purview plug-in must be activated. The agent can be deployed using either an organizational user account or an agent identity — agent identity is recommended because it decouples the agent's operational permissions from any individual administrator's credentials, reducing the blast radius if an administrator account is compromised. Only one instance of the Triage Agent can exist per tenant, and once deployed, it begins triaging alerts within 30 to 60 minutes, processing alerts generated within the configured alert timeframe (up to 30 days back). The agent supports custom instructions in natural language, allowing security teams to tell it which types of insider risk alerts to prioritize or deprioritize based on organization-specific criteria — for example, focusing on alerts involving users in sensitive departments or deprioritizing alerts triggered by specific activity types that the organization considers low risk. These instructions are interpreted by the agent and applied consistently across all future alerts, eliminating the variability that occurs when multiple analysts apply different triage criteria.

After the agent categorizes alerts, analysts review the triaged results in the Insider Risk Management alerts page using the Triage Agent view, which groups alerts into the categorization buckets. Analysts can provide feedback on individual alerts — reclassifying an alert from "Less Urgent" to "Needs Attention" or vice versa — and the agent incorporates this feedback into future triage decisions for the same user and policy combination. This feedback loop progressively improves triage accuracy as the agent learns which patterns the organization considers high-priority.

This activity supports Assume Breach by ensuring that the growing volume of insider risk alerts from AI workloads is systematically evaluated rather than left uninvestigated — an untriaged alert backlog means that compromised or malicious insiders using AI channels to exfiltrate data go undetected. It supports Verify Explicitly by using multiple risk factors and organization-specific custom instructions to make evidence-based triage decisions rather than relying on static severity thresholds. It supports Use Least Privilege Access by allowing the agent to operate under its own agent identity with only the permissions required for alert triage, rather than running under an administrator's full credential set. Without the Triage Agent, security teams must manually review every insider risk alert generated by AI interaction policies — a workload that does not scale with AI adoption and quickly results in alert fatigue, missed true positives, and delayed response to genuine insider threats operating through AI channels.

Reference