Microsoft Purview Insider Risk Management: Public preview of insider risk insights in DLP alerts

Originally posted by Microsoft Nov 14, 2023 Uncategorized 0 Comments

Coming soon, Microsoft Purview Insider Risk Management will be rolling out public preview of insider risk insights in DLP alerts.

This message is associated with Microsoft 365 Roadmap ID 179880

When this will happen:

Rollout will begin in late November and is expected to be complete by late December. 

How this will affect your organization:

With this update, a DLP analyst with the right permissions can access an insider risk summary of user activities that may lead to potential data security incidents, as a part of the DLP alert investigation experience in Microsoft Purview and Microsoft Defender. This feature can help analysts gain context of a DLP alert and make more informed decisions on responses to potential incidents.

What you need to do to prepare:

Insider Risk Management admins have to opt in this feature at insider risk settings > export alerts. Once it’s turned on, DLP analysts can start seeing insights for a subset of exfiltration indicators.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

You can access the Insider Risk Management solution in the Microsoft Purview compliance portal.

Investigate insider risk management activities.

Message ID: MC689503