Microsoft has confirmed that a powerful new capability is coming to its Purview Insider Risk Management platform, set to roll out between May and June 2026. Enterprise security teams will soon be able to review the actual text of risky AI prompts and responses—in plaintext—directly within investigation cases. The feature closes a critical visibility gap as employees increasingly interact with generative AI tools using corporate data.

Announced via the Microsoft 365 roadmap, this enhancement marks a significant step in AI governance for Microsoft 365 Copilot and associated services. Rather than merely logging that an AI interaction occurred, Insider Risk Management will capture and surface the full prompt and AI-generated response when a policy trigger fires. That means an analyst investigating a potential data leak will no longer have to guess what an employee asked or received; they can read the exact exchange.

This capability arrives as organizations grapple with balancing AI productivity against the risk of sensitive data exposure. The 2026 rollout follows months of preview feedback and aligns with Microsoft’s Secure Future Initiative, which emphasizes security by default.

What Is Microsoft Purview Insider Risk Management?

For context, Microsoft Purview Insider Risk Management is a compliance solution that uses native and third-party signals to identify, investigate, and act on risky behavior from insiders—employees, contractors, or partners. It’s part of the broader Microsoft Purview compliance portal, available through Microsoft 365 E5 licensing or as an add-on.

Insider Risk Management correlates activities such as file downloads, email forwarding, and unusual sign-ins against configurable risk indicators. When a user’s actions trip a threshold, the system generates an alert and can automatically create a case for analysis. Analysts with appropriate permissions can then examine the context—including possibly the content of emails, documents, or chats—to determine if a policy violation occurred.

Historically, the solution focused on traditional data repositories like SharePoint, OneDrive, Exchange, and Teams. With the advent of large language model (LLM)–powered tools, however, a new vector emerged: the AI chat box. Employees might paste proprietary code into a prompt, ask an AI to summarize confidential financials, or generate content that violates organizational policies. Until now, Insider Risk Management could only log that an AI interaction happened, leaving the substance of the exchange opaque.

The New Feature: Plaintext Review of AI Prompts and Responses

The upcoming feature extends Insider Risk Management’s data visibility to cover AI interactions. When a trigger—such as a user input containing a sensitive info type (e.g., credit card numbers, Social Security numbers, or custom trainable classifiers)—is detected, the system will capture the full prompt and the AI-generated response. That content then becomes part of the alert and case details, visible to authorized investigators.

Exact technical details are still emerging, but here’s what we know so far from the roadmap and typical Purview architecture:

  • Covered services: The initial rollout targets prompts and responses from Microsoft 365 Copilot (integrated into Word, Excel, PowerPoint, Teams, etc.), Bing Chat Enterprise, and possibly third-party AI tools connected via Microsoft Defender for Cloud Apps or custom connectors. Microsoft’s documentation hints that any AI workload sending audit logs through Microsoft 365 can be onboarded.
  • Indicator types: New indicators will be added to Insider Risk Management policies, such as “AI prompt containing sensitive information” or “AI response suggesting policy violation.” These will join existing indicators like “unusual file download” or “email to external domain.”
  • Trigger logic: Policies can be tuned to fire based on the presence of specific classifiers, keyword matches, or the volume of AI interactions in a short period. For example, a policy might flag an employee who submits five prompts containing project code names within an hour.
  • Plaintext visibility: Once an alert is created, investigators can click into the case and see the exact prompt and response text. This is analogous to how Insider Risk Management already surfaces the body of a flagged email or the contents of a SharePoint document. The difference is the content originates from an AI session, not a stored file.
  • Audit trail: All access to these AI exchange records is logged, maintaining chain-of-custody and supporting compliance audits. Only users with the “Insider Risk Management Investigator” role—and any additional privacy-based role restrictions—will be able to view the plaintext.

How It Works Under the Hood

The feature leverages Microsoft 365’s unified audit log, which already captures user interactions with AI services at a metadata level. To enable the new plaintext capture, tenant administrators will need to configure two main components:

  1. AI auditing settings: In the Microsoft Purview compliance portal, admins must enable “AI interactions” under the Audit log configuration. This will instruct services like Copilot to store the prompt and response content along with standard audit metadata (user, timestamp, application, etc.).
  2. Insider Risk Management policies: Administrators create or update a policy to include the new AI-related indicators. During the policy wizard, they’ll define thresholds, selecting whether to capture content only when a sensitive info type is matched or for all AI interactions from high-risk users.

After activation, Insider Risk Management will begin pulling relevant AI audit records into its analysis engine. When a policy trigger fires, the system packages the prompt and response into an alert and attaches it to a case. Analysts can then examine the content, annotate it, escalate if necessary, and take actions such as notifying the user’s manager or initiating an eDiscovery hold.

Practical Use Cases for Security Teams

The ability to read AI prompts in plaintext transforms several scenarios from opaque guesswork into clear-cut investigations:

  • Data exfiltration: An employee pastes a full customer database schema into a Copilot prompt, asking the AI to export it in a different format. The system detects the schema’s sensitivity and triggers an alert. The investigator can now see the exact text, confirming the leak attempt.
  • Policy violations: A user asks an AI to draft a phishing email template or generate offensive content during work hours. The prompt itself contravenes acceptable-use policies, and the plaintext view gives HR and security teams context for disciplinary action.
  • Regulatory compliance: In industries like healthcare or finance, auditors may require proof that AI interactions did not expose protected health information (PHI) or personally identifiable information (PII). The feature provides an auditable trail of exactly what was shared.
  • Risky behavior patterns: An employee repeatedly asks an AI about internal salary data or merger-related information. Without content, this might look like innocent queries. With plaintext, it becomes clear the user is probing for sensitive leaks.

Setting Up the New AI Review Capability

Implementation will require several pre-requisites, many of which are already in place for organizations using Insider Risk Management:

  • Licensing: Microsoft 365 E5, Microsoft 365 E5 Compliance add-on, or the Insider Risk Management add-on. This feature is not expected to carry extra licensing costs beyond the base subscription, but administrators should check the latest Microsoft licensing documentation.
  • Permissions: Users must be assigned to the “Insider Risk Management” or “Insider Risk Management Admins” role group. Additionally, the new “View AI content” sub-role (likely to be introduced) will gate access to the plaintext, ensuring only designated investigators see the full exchange.
  • Audit log configuration: Under “Microsoft Purview compliance portal > Audit > Settings,” admins will need to enable “Record AI prompts and responses” (the exact toggle name may differ at rollout). This setting might be turned off by default for privacy reasons.
  • Policy creation: In the Insider Risk Management section, admins will find a new policy template titled “AI-related risks” or “AI interaction review.” The template pre-populates relevant indicators and allows custom sensitive info types. Fine-tuning thresholds is critical to avoid overwhelming analysts with benign prompts.
  • Testing in pilot mode: Microsoft recommends running policies in “Test” mode first, where alerts are generated but no cases are created, to gauge noise levels. Once comfortable, admins can switch to “Production.”

Privacy and Ethical Considerations

Unsurprisingly, the feature will spark employee privacy debates. Reading an employee’s AI prompts is akin to scanning their chat messages. Microsoft has built several safeguards:

  • Role-based access: Only users with explicit “Insider Risk Management Investigator” permissions—and potentially a new “View AI content” privilege—will see the plaintext. By default, even Global Admins may need elevated Purview roles.
  • Pseudonymization: Insider Risk Management already supports the option to mask user identities in alerts until a case is escalated. That capability will extend to AI prompts, balancing privacy during initial triage.
  • Auditability: Every time an investigator accesses a prompt or response, a log entry is created, deterring snooping.
  • Policy granularity: Organizations can target only high-risk users or specific sensitive info types rather than blanket monitoring. This prevents mass surveillance.

Microsoft has also emphasized that the feature is designed for enterprise compliance, not employee spying. Public-sector and education customers may need additional contractual terms or data processing agreements, but general availability is expected to cover all commercial clouds, including GCC, GCC High, and DoD, although timelines may differ.

Timeline and Rollout

According to the Microsoft 365 roadmap, the feature will begin rolling out in early May 2026, with full availability by the end of June. As with many Purview updates, it will hit first-release tenants initially, then expand to standard release channels. Microsoft has not indicated any required action for existing Insider Risk policies; the new indicators will appear as optional additions.

Post-rollout, Microsoft is expected to release additional AI governance capabilities under the Purview umbrella, including:

  • Adaptive protection that dynamically adjusts risk scores based on AI prompt sentiment or sensitivity.
  • Integration with Microsoft Communication Compliance to detect harassing or unethical AI prompts.
  • Automated data loss prevention (DLP) actions that block a prompt from being sent if it contains flagged content—currently, the new feature is investigative, not preventive.

Why This Matters for Enterprise AI Adoption

The 2026 plaintext review feature directly addresses a major barrier to Copilot adoption: the lack of visibility into what employees are doing with AI. For regulated industries, such transparency is non-negotiable. Being able to demonstrate that an AI platform is subject to the same rigorous insider risk controls as email and documents can accelerate executive buy-in and reduce legal concerns.

Moreover, the feature turns Insider Risk Management into a multi-channel platform that covers not just traditional data, but the entire spectrum of generative AI interactions. As Microsoft weaves Copilot deeper into the fabric of Office apps, this unified approach to compliance will become essential.

In the coming months, IT and compliance teams should begin mapping out which AI prompts warrant the highest scrutiny, training investigators on the new interface, and updating employee usage policies to reflect that AI interactions are subject to security review. While the May–June 2026 window gives plenty of lead time, the complexity of aligning audit, permissions, and policy means early preparation will pay off.

Microsoft Purview’s next evolution confirms that AI governance is no longer a future concern—it’s a present-day operational requirement. The plaintext review of AI prompts is a major milestone in making generative AI safe for the enterprise.