Microsoft Purview compliance portal : Insider Risk Management – Bring your own detections

🚨 The Signal: Purview Insider Risk Management now integrates custom user activity signals from external platforms. This enhances detection capabilities for insider threats by correlating more diverse data sources, improving the accuracy and breadth of risk identification.

The Impact

Security teams are affected by new configuration options, enhancing their ability to detect and mitigate insider risks.

• Security teams: Enhanced visibility into insider threats.
• Security teams: Improved ability to detect data exfiltration.
• Security teams: Better compliance with data protection policies.
• Security teams: Requires configuration of new data sources.

The Action

1. Navigate to Microsoft Purview compliance portal > Insider Risk Management.
2. Configure new data connectors for external SIEM/UEBA or LOB applications.
3. Map custom activity indicators to existing or new Insider Risk Management policies.
4. Review and update existing Insider Risk Management playbooks to leverage new signals.
5. Monitor policy effectiveness and fine-tune custom detection rules.

Domain: Purview · Impact: high · Workload: Microsoft Purview