Microsoft Purview: Insider Risk Management - Data Security Investigation integration

🚨 The Signal: Purview Insider Risk Management now integrates with Data Security Investigations. Security teams can launch pre-scoped investigations directly from IRM cases, streamlining post-incident analysis of risky user activities and data impact.

The Impact

Security teams are affected by improved investigation workflows, reducing time to assess insider risk data.

• Security Analysts: Faster investigation launch for insider risk cases.
• Data Security Admins: Streamlined process for post-incident data impact assessment.
• Compliance Officers: Enhanced audit trail for insider risk investigations.
• Incident Responders: Quicker access to relevant content analysis for risky users.

The Action

1. Review Purview Insider Risk Management policies for integration opportunities.
2. Familiarize security teams with the new 'Launch Data Security Investigation' option within IRM cases.
3. Update incident response playbooks to incorporate this streamlined investigation workflow.
4. Ensure appropriate permissions are assigned for users who will launch DSIs from IRM.

Domain: Purview · Impact: medium · Workload: Microsoft Purview