Microsoft Purview compliance portal: Insider Risk Management- DLP alerts as indicators

🚨 The Signal: Microsoft Purview Insider Risk Management (IRM) can now integrate Data Loss Prevention (DLP) alerts as risk indicators. This centralises visibility of high-risk data exfiltration attempts within IRM, streamlining insider threat detection and response.

The Impact

Security teams are affected by improved visibility into insider threats and data leakage risks.

• Security Teams: Reduced time to detect insider data exfiltration.
• Security Teams: Enhanced correlation of user behaviour and DLP policy violations.
• Incident Responders: Faster identification of high-risk insider activities.
• Compliance Officers: Better evidence for data leakage investigations.

The Action

1. Navigate to Microsoft Purview compliance portal > Insider Risk Management > Policies.
2. Edit an existing IRM policy or create a new one.
3. Under 'Indicators', select 'Data Loss Prevention alerts'.
4. Choose the specific DLP policies whose alerts you want to include as IRM indicators.
5. Review and publish the updated IRM policy.

Domain: Purview · Impact: medium · Workload: Microsoft Purview