We are announcing the access Copilot for Sales usage data via the Viva Insights Analyst Workbench feature for Copilot for Sales. This feature will reach general availability on November 15, 2024.
With this feature, IRM alerts and other supporting data will be available in the following Microsoft Defender XDR experiences:
1. IRM alerts will be surfaced in unified alert and Incident queue in Microsoft Defender XDR.
2. IRM alerts, Indicators, and enriched events will be available in Microsoft Defender XDR advanced hunting. Analysts can leverage KQL queries to identify potentially hidden risky patterns in data security related user activity.
3. IRM alert, Indicators, and enriched events will be exposed through Graph API. This feature can be enabled through “Share data with Microsoft Defender XDR” within Microsoft Insider Risk Management settings.
To ensure privacy of the data, all IRM data in Microsoft Defender XDR can only be accessed by users with Insider risk analyst or Insider risk investigator permissions in Purview. Existing analysts accessing IRM data in purview will continue to access IRM data in Microsoft Defender XDR. IRM data in Microsoft Defender XDR does not honor anonymization. This is to enable effective correlation of IRM alerts with alerts from other solutions in Microsoft Defender XDR platform (such as Defender for Endpoint, Defender for Cloud apps, etc.). Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
This feature is an enhancement to the existing IRM Office Indicator – Downgrading sensitivity labels applied to SharePoint files and removing sensitivity labels from SharePoint files.
In the current version, only sensitivity label changes on SharePoint Web app are captured in IRM. But with the latest update, this indicator captures the sensitivity label changes (downgrade/remove) when performed on OneDrive, AIP, and Endpoint (SharePoint file opened in Office app or any sensitivity label change on the local files on your device).
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
You can use Endpoint data loss prevention (DLP) just-in-time (JIT) protection to block all egress activities on monitored files while waiting for policy evaluation to successfully complete.
When JIT protection is enabled, and while policy evaluation is processing, Endpoint DLP blocks all egress activities for each user whose account is in the selected scope. Endpoint DLP audits the egress activities for all user accounts that have been excluded (via the Exclude setting) or are otherwise not in scope.
More info: https://learn.microsoft.com/en-us/purview/endpoint-dlp-get-started-jit?view=o365-worldwide
This creates a periodic digest email to editors of Viva Connections, informing them of the analytics summary of their Connections experience and recommendations to improve engagement.
Microsoft Loop will allow guest sharing for all tenants, including those with sensitivity labels, after the rollout in November-December 2024. Admins can configure policies for B2B guest sharing in SharePoint, and users can share Loop components with external guests, respecting existing OneDrive and SharePoint settings.
SharePoint Online system-generated emails from workflows and alerts will now display “SharePoint Online” as the sender name. This change, continuing from January 2024, requires updates to any Outlook rules based solely on the display name. The sending address remains no-reply@sharepointonline.com, and the rollout should complete by late November 2024.
Windows Autopatch is updating the ‘Modern Workplace – Autopatch Client Setup’ script to install a new application, ‘Windows Autopatch Client Broker’, for improved scalability and performance. The rollout starts early December and will replace the ‘Microsoft Cloud Managed Desktop Extension’. Organizations should allow the endpoint ‘device.autopatch.microsoft.com’ to prepare.
Microsoft Loop will soon introduce container-level sensitivity labels, enhancing security features for organizations using Microsoft Information Protection. This update, part of Microsoft 365 Roadmap ID 111225, will roll out between late October and early December 2024, requiring no admin action prior to rollout.
I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.
HANDS ON SharePoint
HANDS ON Teams
HANDS ON Lists
HANDS ON tek
M365 Admin