Microsoft Purview · Insider Risk Management
IRM Contributors
System role group. Visible in the Purview portal but used by background services only — do not assign users directly. Provides permissions that allow Insider Risk Management automation to function (permanent and temporary contributions to insider risk signals).
Scope: Background service permissions for Insider Risk Management automation — not for human assignment
Permissions
- Insider Risk Management Permanent Contribution - Persistent IRM signal contributions
- Insider Risk Management Temporary Contribution - Time-bound IRM signal contributions
Common use cases
- Internal Microsoft 365 service authentication for IRM features
- Background processing of IRM signals from connected services
- Automated risk score contributions
Best practices
- Do NOT assign users to this role group
- Treat as a system role group — leave membership as Microsoft configures it
- If you see unexpected members, investigate as a potential security issue
- Audit membership changes via Purview audit logs
Security considerations
- Unauthorized membership could be used to suppress or manipulate IRM signals
- Monitor for membership additions in audit logs
- No legitimate reason for a human user to be a member