Microsoft Viva: Viva Insights - Publish analyst reports to Viva Insights App

🚨 The Signal: Viva Insights analysts can now publish custom reports directly to users within the Viva Insights app. This expands data sharing capabilities, increasing the risk of sensitive organizational data exposure if not properly governed.

The Impact

Data owners and security teams are affected by increased risk of sensitive data exposure through expanded report sharing.

• Data Owners: Increased risk of sensitive organizational data being shared inappropriately.
• Security Teams: New vector for data exfiltration and compliance violations to monitor.
• Compliance Officers: Requires review of existing data handling policies for Viva Insights.
• IT Administrators: Need to understand new sharing capabilities to support governance.

The Action

1. Review existing Viva Insights data access and sharing policies for alignment with organizational data classification.
2. Communicate updated data sharing guidelines to Viva Insights analysts and report publishers.
3. Monitor Viva Insights usage logs for unusual report sharing activities or broad distribution of sensitive data.
4. Implement or refine data loss prevention (DLP) policies to detect and prevent unauthorized sharing of sensitive information within Viva Insights reports.
5. Educate users on responsible data sharing practices and the classification of information within Viva Insights.

Impact: high · Workload: Microsoft Purview