Microsoft Purview compliance portal: Insider Risk Management- Multi selectable DLP policies as an IRM triggering event

🚨 The Signal: Insider Risk Management (IRM) now allows multiple Data Loss Prevention (DLP) policies to trigger IRM policies. This enhances detection of complex insider threats by correlating more data loss signals, improving an organisation's ability to identify and respond to data exfiltration attempts.

The Impact

Security teams are affected, gaining improved capability to detect and respond to insider data exfiltration risks.

• Security Teams: Enhanced ability to detect complex insider data exfiltration.
• Compliance Teams: Better alignment with data protection and incident response requirements.
• Risk Managers: Improved visibility into potential insider threats and data leakage.
• Data Owners: Increased assurance that sensitive data is being monitored for misuse.

The Action

1. Navigate to Microsoft Purview compliance portal > Insider Risk Management > Policies.
2. Edit an existing policy or create a new policy.
3. In the 'Triggers' section, select 'DLP policy matches'.
4. Choose multiple relevant DLP policies from the dropdown list to act as triggering events.
5. Review and publish the updated or new Insider Risk Management policy.

Domain: Purview · Impact: medium · Workload: Microsoft Purview