Microsoft Purview compliance portal: Insider Risk Management - Real-time policy tuning analysis

🚨 The Signal: Purview Insider Risk Management now offers real-time policy tuning analysis. This helps security teams predict alert volumes before policy deployment, reducing false positives and improving the efficiency of insider threat detection.

The Impact

Security teams are affected by improved policy efficacy, reducing the risk of undetected insider threats and alert fatigue.

• Security teams: Reduced risk of undetected insider data exfiltration.
• Security teams: Lowered alert fatigue from poorly tuned policies.
• Compliance officers: Improved ability to demonstrate insider risk controls.
• Admins: More efficient policy deployment and management.

The Action

1. Navigate to Microsoft Purview compliance portal > Insider Risk Management > Policies.
2. Create or edit an Insider Risk Management policy.
3. Utilise the 'Policy tuning analysis' feature to preview alert predictions.
4. Adjust indicators and thresholds based on the real-time analysis.
5. Deploy the refined policy.

Domain: Purview · Impact: medium · Workload: Microsoft Purview