Microsoft Purview compliance portal: New email indicators to alert on exfiltration of business sensitive data to free public domains or self

🚨 The Signal: Microsoft Purview Insider Risk Management now detects when sensitive data is emailed to personal or public domains. This enhances data exfiltration prevention, allowing security teams to identify and respond to insider threats more effectively.

The Impact

Security teams and compliance officers are affected, gaining new capabilities to mitigate insider data exfiltration risks.

• Security Teams: Enhanced detection of sensitive data exfiltration.
• Compliance Officers: Improved ability to meet data protection obligations.
• Data Owners: Reduced risk of business-sensitive data leaving the organisation.
• IT Admins: New configuration tasks for Insider Risk Management policies.

The Action

1. Navigate to Microsoft Purview compliance portal > Insider Risk Management > Settings.
2. Enable 'Sending email with attachments to free public domains' indicator.
3. Enable 'Sending email with attachments to self' indicator.
4. Create or update an Insider Risk Management policy (e.g., 'Data leaks' or 'Data theft' template) to include these new indicators.
5. Monitor Insider Risk Management alerts for potential data exfiltration incidents.

Domain: Purview · Impact: high · Workload: Microsoft Purview