Microsoft Purview | Insider Risk Management: Copilot for Security capabilities

Originally posted by Microsoft Apr 4, 2024 Uncategorized 0 Comments

Microsoft Purview’s integration with Copilot for Security will improve security incident investigations starting early April 2024, offering enhanced visibility and user risk context, with no admin action required before rollout.

Coming soon: Microsoft Purview capabilities in Microsoft Copilot for Security will enhance the efficiency of security incident investigations, significantly cutting down on the time required and revealing key insights that might otherwise go unnoticed.

This message is associated with Microsoft 365 Roadmap ID 389143.

When this will happen:

General Availability Worldwide: We will begin rolling out early April 2024 and expect to complete by late April 2024.

How this will affect your organization:

With Microsoft Purview capabilities in Copilot for Security, your security teams gain unprecedented visibility across the security data. The user insights from Microsoft Purview Insider Risk Management allow your security team with Insider Risk Management role permissions to quickly gain context on the risk associated with users involved in a security incident. Example:

  • You can ask about the risk associated with a user involved in an incident.
  • You can request a summary of an alert from Copilot to help you determine a course of action.
  • You can access details about the user’s activities, including their operations and actions over a specific time frame, identifying instances of data leakage or exfiltration, analyzing sequential activities performed by the user, and detecting any signs of anomalous or unusual behavior.

Learn more:Microsoft Purview prompts and promptbooks in Copilot for Security.

Example showing the prompt and response from Copilot about the risk associated with a user:

admin controls
View image in new tab

What you need to do to prepare:

To access Microsoft Purview Insider Risk Management capabilities in Copilot for Security:

  • You must comply with licensing requirements and permissions for Microsoft Copilot for Security. Learn more: Microsoft Security Copilot documentation | Microsoft Learn
  • Your organization should be enrolled in Microsoft Purview Insider Risk Management, and you need to have the Insider Risk Management role permissions to access the data.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation as appropriate.

Learn more:

Message ID: MC767478

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: