check before: 2024-12-01
Product:
Purview, Purview Communication Compliance, Purview compliance portal, Purview Insider Risk Management
Platform:
US Instances, Web, World tenant
Status:
Launched
Change type:
Links:
Details:
On the alert list page, high priority alerts will be spotlighted to help analysts prioritize the most important alerts first. Alerts are spotlighted based on predefined rules which are common across all tenants across all industries. Alert Spotlighting feature was developed to assist admins in prioritizing alerts to be triaged. Every generated alert has a risk score, a list of activities performed, tags, and triggers. The Alert Spotlighting feature uses this information to decide whether an alert can be spotlighted. Based on a detailed study of alert triage patterns across tenants, we have developed a rule-based algorithm to spotlight alerts that would be of importance to admins, based on historical volume analysis. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Preview, General Availability
Created:
2024-08-13
updated:
2026-01-21
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Alert Prioritization Failure
Without proper preparation, the introduction of the Alert Spotlighting feature may lead to misprioritization of alerts, causing critical alerts to be overlooked and resulting in delayed responses to insider threats.
- roles: Compliance Analysts, IT Security Officers
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-purview/ba-p/3651230" target="_blank" rel="nofollow noopener noreferrer">https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-purview/ba-p/3651230, https://www.microsoft.com/en-us/security/blog/2022/06/15/insider-risk-management-in-microsoft-purview/
" target="_blank" rel="nofollow noopener noreferrer">https://www.microsoft.com/en-us/security/blog/2022/06/15/insider-risk-management-in-microsoft-purview/
User Experience Degradation
If the Alert Spotlighting feature is implemented without adequate training or communication, users may experience confusion or frustration due to changes in alert visibility and prioritization, leading to decreased efficiency in their workflows.
- roles: Compliance Analysts, End Users
- references: https://www.microsoft.com/en-us/security/blog/2022/06/15/insider-risk-management-in-microsoft-purview/, https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-purview/ba-p/3651230" target="_blank" rel="nofollow noopener noreferrer">https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-purview/ba-p/3651230
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Imagine you're a security guard at a large office building. Every day, you receive a list of incidents that need your attention, like a door left open or an alarm going off. Some incidents are more urgent than others, like a fire alarm compared to a forgotten badge. To help you manage your time and resources, someone highlights the most critical incidents on your list so you can address them first.
This is similar to what Microsoft Purview's Alert Spotlighting feature does for IT administrators. In the digital world, companies receive numerous alerts about potential security risks, like data leaks or unauthorized access. However, not all alerts are equally important. The Alert Spotlighting feature helps IT administrators by highlighting the most critical alerts based on predefined rules. These rules are created from analyzing patterns across different companies and industries, ensuring that the most pressing issues are addressed first.
Just like a security guard prioritizes a fire alarm over a forgotten badge, IT administrators can focus on the most significant alerts first, ensuring the company's data and resources are protected efficiently. This feature uses a combination of risk scores, activities, and triggers to determine which alerts should be spotlighted, making it easier for administrators to manage potential insider risks like data theft or security violations.
Moreover, the system is designed with privacy in mind. Users' identities are protected, and access to information is controlled, ensuring that privacy is maintained while managing these risks. This is akin to ensuring that while the security guard is doing their job, they respect the privacy of the building's occupants.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-01-21 | RM Product Tags | Microsoft Purview compliance portal | Microsoft Purview |
| 2025-05-02 | RM Status | In development | Launched |
| 2024-09-13 | RM Preview | August CY2024 | October CY2024 |
Last updated 4 weeks ago ago
