370560 – Microsoft Purview compliance portal: Insider Risk Management-Insider risk context in Microsoft Defender user entity page

cloudscout.one Icon

check before: 2025-02-01

Product:

Defender, Purview Communication Compliance, Purview Insider Risk Management

Platform:

US Instances, Web, World tenant

Status:

In development

Change type:

Links:

Details:

With this update, any SOC analyst with the required customer-determined permissions can access an insider risk summary of user activities that may lead to potential data security incidents, as a part of the user entity investigation experience in Microsoft Defender. This feature can help SOC analysts gain insider risk context for a specific user and make more informed decisions on responses to potential incidents. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2023-12-21

updated:
2024-09-05

Public Preview Start Date

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

Direct effects for Operations**

- Direct Impact on IT Operations
- Increased workload for SOC analysts
- SOC analysts will need to familiarize themselves with the new insider risk context feature, which may require additional training and adjustment time.
- Potential for increased incident response times as analysts adapt to the new interface and functionalities.
- Roles impacted: SOC Analysts, IT Security Team

- Changes in data access and reporting
- The introduction of insider risk summaries may lead to changes in how data is accessed and reported, necessitating updates to existing workflows and processes.
- Possible integration issues with other IT services that rely on user activity data, leading to temporary disruptions in reporting or monitoring capabilities.
- Roles impacted: IT Administrators, Compliance Officers, Data Governance Teams

- Dependencies and Interdependencies with Other IT Services
- Integration with Microsoft Defender and Purview services
- The new feature relies on existing Microsoft Defender capabilities, which may require updates or patches to ensure compatibility and optimal performance.
- Changes in user entity investigations may affect other security tools or services that depend on user activity data, potentially leading to inconsistencies in threat detection and response.
- Roles impacted: IT Security Team, IT Operations Managers

- Impact on compliance and governance frameworks
- The new insider risk management capabilities may necessitate updates to compliance policies and governance frameworks, requiring collaboration across various departments.
- Increased scrutiny on data handling practices may lead to additional audits or assessments, impacting resource allocation and operational efficiency.
- Roles impacted: Compliance Officers, Legal Teams, IT Governance Teams

References:
- Microsoft Purview Insider Risk Management documentation: [Microsoft Docs](https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management?view=o365-worldwide)
- Insider Risk Management overview: [Microsoft Blog](https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-purview/ba-p/2661236)

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2024-09-05RM ReleaseNovember CY2024February CY2025
2024-03-19RM ReleaseMarch CY2024November CY2024
2024-03-19RM PreviewDecember CY2023April CY2024

Last updated 2 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!