Microsoft Viva: Import HRIS data in Viva Glint from Microsoft Admin Center

🚨 The Signal: Viva Glint can now import HRIS data directly from Microsoft Admin Center using various connectors. This centralises sensitive employee data ingestion, increasing the attack surface if not properly secured.

The Impact

HR and IT administrators are affected by new data integration points, increasing the risk of unauthorised access to sensitive HR data if not secured.

• HR Administrators: Increased risk of sensitive employee data exposure if access controls are weak.
• IT Administrators: New integration points require careful security configuration and monitoring.
• Security Teams: Expanded data ingestion vectors demand updated data loss prevention (DLP) policies.
• Employees: Personal HR data is now processed through a new system, raising privacy concerns.

The Action

1. Review and update data classification and labelling policies for HRIS data.
2. Implement strict access controls and 'least privilege' for accounts managing HRIS connectors in Microsoft Admin Center.
3. Configure Data Loss Prevention (DLP) policies in Microsoft Purview to monitor and protect HRIS data flowing into Viva Glint.
4. Conduct a privacy impact assessment (PIA) for the new HRIS data ingestion process.
5. Ensure audit logging is enabled and reviewed for all HRIS data import activities.

Domain: Purview · Impact: high · Workload: Microsoft Purview