Microsoft Purview Compliance Portal: Custom CC policy as IRM indicator

🚨 The Signal: Purview Insider Risk Management (IRM) can now use custom Communication Compliance (CC) policy alerts as indicators. This enhances insider threat detection by correlating communication violations directly within IRM, streamlining investigation and improving data loss prevention.

The Impact

Security teams are affected by enhanced insider risk detection capabilities, reducing the risk of data exfiltration and policy breaches.

• Security Teams: Improved visibility into communication policy violations within insider risk cases.
• Security Teams: Faster correlation of user activity with potential insider threats.
• Security Teams: Enhanced ability to detect and respond to data leakage attempts.
• Security Teams: Streamlined workflow for investigating insider risk alerts.

The Action

1. Navigate to Microsoft Purview compliance portal > Insider Risk Management > Policies.
2. Edit an existing Insider Risk Management policy or create a new one.
3. In the policy wizard, select 'Indicators' and then 'Communication Compliance policy alerts'.
4. Choose the specific custom Communication Compliance policies to use as indicators.
5. Review and publish the updated Insider Risk Management policy.

Domain: Purview · Impact: medium · Workload: Microsoft Purview