top of page
Search

Microsoft Purview Part 7: Insider Risk Management 🥷

  • Writer: Bjørnar Aassveen
    Bjørnar Aassveen
  • Nov 12, 2024
  • 2 min read

Microsoft Purview part 7: This is part 7 of several parts that deal with Microsoft Purview and which tools are available there.



What is Insider Risk Management?

Microsoft Purview Insider Risk Management is a solution designed to help organizations identify, investigate and manage insider risks. These risks can include both accidental and malicious actions by employees that can lead to data leaks, intellectual property (IP) theft, and other security breaches.


What functions are there in the module?

Insider Risk Management offers a number of functions to manage insider risks:

  • Insider Risk policy : Creation of custom policies based on predefined templates to monitor specific risks such as data leaks and security breaches

  • Analytics and Insights : Use of advanced analytics and machine learning to identify potential risks and provide insight into user activities.

  • Alerting and Case Management : Generation of alerts and management of cases to investigate and manage risks effectively.

  • User Activity Reports : Detailed reports on user activities to identify and investigate suspicious actions.

  • Privacy Controls : Built-in privacy controls such as pseudonymization of users and role-based access to protect user privacy.


What licenses are needed?

To use Microsoft Purview Insider Risk Management, your organization needs a Microsoft 365 E5 license or an equivalent license that includes E5 Compliance.

Concrete examples of use

  • Data leak prevention : In the example shown below, I have created a data leak policy based on a template ("Data leaks")



The policy can be scoped to all users, selected users, selected groups or by setting an adaptive scope (based on metadata, e.g. all teams that contain the name project )



In the next step, you can choose to prioritize content based on some predefined choices


After defining which sensitivity labels and sensitive information types I wanted to be prioritized, I can choose whether it should be notified for all discoveries or only for prioritized content



In the next step, I define triggers for the policy before setting thresholds. Here you can choose to use Microsoft standard thresholds or define these yourself.





In summary, the policy will then look like this





Conclusion

Although Microsoft Purview Insider Risk Management offers powerful tools for managing insider risks, Norwegian organizations must carefully consider how they implement these tools to ensure that they comply with privacy laws and maintain a trusting work environment. It is important to balance the need for security with respect for employee privacy.


Bjørnar & AI

Recent Posts

See All

Comments

bottom of page