Microsoft Purview compliance portal: Insider Risk Management - Security policy violations by risky users

🚨 The Signal: Purview Insider Risk Management now detects security policy violations by stressed users, correlating Defender for Endpoint alerts with HR data. This enhances early detection of malicious or inadvertent insider threats, improving data protection.

The Impact

Security teams gain enhanced visibility into insider threats, reducing the risk of data exfiltration or system compromise by high-risk users.

• Security Teams: Gain new capabilities to detect insider threats.
• HR Teams: Their data is now integrated for security risk analysis.
• Users: Activities are monitored for security policy violations, especially during stress.
• Organisations: Reduced risk of data breaches from internal actors.

The Action

1. Navigate to Microsoft Purview compliance portal > Insider Risk Management > Policies.
2. Select 'Create policy' and choose the 'Security policy violations by risky users' template.
3. Configure policy settings, including scope, indicators, and detection thresholds.
4. Review and enable the policy to begin monitoring for security violations.
5. Ensure HR 1.2 connector is configured and active for relevant HR data ingestion.

Domain: Purview · Impact: high · Workload: Microsoft Purview