check before: 2025-03-01
Product:
Entra, Purview Communication Compliance, Purview Information Protection, Purview Insider Risk Management
Platform:
US Instances, Web, World tenant
Status:
In development
Change type:
Links:

Details:
With this feature, IRM analysts can identify if the user being investigated has any compromised user alerts in Microsoft Entra. This will help them formulate the right response action, like escalating the Incident to SOC teams for quick remediation, etc. Microsoft Entra offers two types of compromised user detections. 1. Sign in risk detections: compromise risk associated with a specific sign-in. 2. User risk detections: compromise risk associated with a specific user. Insider risk management admins can opt into each of the above risk detections from Insider risk management global settings. Risk detections will be available in the indicator timeline within the alert investigation experience. Risk detections will not impact the risk score or severity of Insider risk management alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Preview, General Availability
Created:
2024-10-09
updated:
2025-02-12
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
More Info URL
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Compromised User Detection Implementation
Without proper preparation, the implementation of compromised user detection may lead to false positives, causing unnecessary escalations and investigations, which can overwhelm the SOC team and lead to burnout.
- roles: IRM Analysts, SOC Team Members
- references: https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks
User Experience Disruption
If the change is made without adequate training or communication, users may experience confusion or frustration due to increased security alerts and investigations, potentially impacting their productivity and trust in the system.
- roles: End Users, IRM Analysts
- references: https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

change history
Date | Property | old | new |
2025-02-12 | RM Description | With this feature, IRM analysts can identify if the user being investigated has any compromise user alerts in Microsoft Entra. This will help them formulate the right response action, like escalating the Incident to SOC teams for quick remediation, etc. Microsoft Entra offers two types of compromised user detections: 1. Sign in risk detections - Compromise risk associated with a specific sign-in. 2. User risk detections - Compromise risk associated with a specific user. - Insider risk management admins can opt into each of the above risk detections from Insider risk management global settings. - Risk detections will be available in the indicator timeline within the alert investigation experience. - Risk detections will not impact the risk score or severity of Insider risk management alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. | With this feature, IRM analysts can identify if the user being investigated has any compromised user alerts in Microsoft Entra. This will help them formulate the right response action, like escalating the Incident to SOC teams for quick remediation, etc. Microsoft Entra offers two types of compromised user detections. 1. Sign in risk detections: compromise risk associated with a specific sign-in. 2. User risk detections: compromise risk associated with a specific user. Insider risk management admins can opt into each of the above risk detections from Insider risk management global settings. Risk detections will be available in the indicator timeline within the alert investigation experience. Risk detections will not impact the risk score or severity of Insider risk management alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. |
2025-02-07 | RM Release | February CY2025 | March CY2025 |
2024-12-11 | RM Cloud Instance Tags | Worldwide (Standard Multi-Tenant) | Worldwide (Standard Multi-Tenant), DoD, GCC High, GCC |
2024-11-05 | RM Preview | October CY2024 | December CY2024 |
Last updated 2 days ago