Microsoft Purview compliance portal: Insider Risk Management - Security policy violations by departing users

🚨 The Signal: Purview Insider Risk Management now detects security policy violations by departing users, integrating Microsoft Defender for Endpoint alerts. This enhances early detection of malicious or inadvertent data exfiltration or security breaches by employees nearing termination.

The Impact

Security teams and HR are affected by improved detection of insider threats from departing users, reducing data exfiltration risk.

• Security Teams: Better visibility into departing user risks.
• HR Teams: Early warning of potential policy violations.
• Organisations: Reduced risk of data theft or sabotage.
• Compliance Officers: Stronger evidence for insider threat controls.

The Action

1. Review and enable 'Security policy violations by departing users' in Purview Insider Risk Management: https://compliance.microsoft.com/insiderriskmanagement
2. Ensure Microsoft Defender for Endpoint is fully deployed and integrated with Purview.
3. Define or refine policies for departing users within Insider Risk Management to align with organisational risk tolerance.
4. Establish clear workflows for security and HR teams to respond to detected violations.

Domain: Purview · Impact: high · Workload: Microsoft Purview