Microsoft Purview compliance portal: Insider Risk Management - Administrative units support

🚨 The Signal: Purview Insider Risk Management now supports administrative units, allowing granular policy creation and investigation scope based on organizational subdivisions. This enhances least privilege for insider threat management.

The Impact

Security teams and Purview admins are affected, reducing the risk of over-privileged access to sensitive insider risk data.

• Security teams: Reduced risk of broad access to insider risk alerts.
• Purview admins: Improved least privilege for policy management and investigations.
• Compliance officers: Enhanced ability to demonstrate granular access controls.
• Investigators: Scope of investigations can be limited to relevant user populations.

The Action

1. Review existing Purview Insider Risk Management roles and permissions.
2. Identify organizational subdivisions suitable for administrative units.
3. Create new administrative units in Microsoft Entra ID for Purview scope.
4. Assign Purview Insider Risk Management roles to specific administrative units.
5. Test delegated administrative unit permissions for policy creation and investigation.

Domain: Purview · Impact: medium · Workload: Microsoft Purview · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898