Microsoft Purview compliance portal: Insider Risk Management - Personal email triggers

🚨 The Signal: Microsoft Purview Insider Risk Management now detects email with attachments sent to personal accounts or public domains as triggers. This enhances data loss prevention by identifying potential exfiltration attempts from work email.

The Impact

Security teams gain new capabilities to detect and prevent sensitive data exfiltration, reducing the risk of data breaches.

• Security Teams: Enhanced detection of data exfiltration attempts.
• Data Owners: Reduced risk of sensitive data being leaked externally.
• Compliance Officers: Improved ability to demonstrate data protection controls.

The Action

1. Navigate to Microsoft Purview compliance portal > Insider Risk Management > Settings > Indicators.
2. Enable 'Sending email with attachments to free public domains' and 'Sending email with attachments to self'.
3. Review existing Insider Risk Management policies or create new ones using the 'Data leaks' or 'Data leaks by priority users' templates.
4. Add the newly enabled email indicators as triggers within the selected policies.
5. Monitor policy alerts and refine thresholds as needed.

Domain: Purview · Impact: high · Workload: Microsoft Purview