Microsoft Purview compliance portal: Insider Risk Management - User exclusion

🚨 The Signal: Microsoft Purview Insider Risk Management (IRM) now allows excluding specific users or groups from IRM policies. This provides granular control over who is monitored for insider threats, reducing false positives and focusing security efforts.

The Impact

Security teams are affected by improved policy granularity, reducing false positives and focusing insider threat detection.

• Security teams: Reduced false positives from IRM policies.
• Security teams: Improved focus on high-risk users.
• Compliance teams: Better alignment of monitoring with privacy policies.
• Admins: More precise control over IRM policy scope.

The Action

1. Navigate to Microsoft Purview compliance portal > Insider Risk Management > Policies.
2. Select an existing policy or create a new one.
3. In the policy wizard, proceed to the 'Users and groups' section.
4. Utilize the new exclusion capability to specify users or groups not to be included in the policy.
5. Review and publish the updated policy.

Domain: Purview · Impact: medium · Workload: Microsoft Purview