420938 – Microsoft Purview compliance portal: Insider Risk Management – Entra compromised user signals in IRM

cloudscout.one Icon

check before: 2025-03-01

Product:

Entra, Purview Communication Compliance, Purview Information Protection, Purview Insider Risk Management

Platform:

US Instances, Web, World tenant

Status:

In development

Change type:

Links:

Details:

With this feature, IRM analysts can identify if the user being investigated has any compromise user alerts in Microsoft Entra. This will help them formulate the right response action, like escalating the Incident to SOC teams for quick remediation, etc. Microsoft Entra offers two types of compromised user detections: 1. Sign in risk detections - Compromise risk associated with a specific sign-in. 2. User risk detections - Compromise risk associated with a specific user. - Insider risk management admins can opt into each of the above risk detections from Insider risk management global settings. - Risk detections will be available in the indicator timeline within the alert investigation experience. - Risk detections will not impact the risk score or severity of Insider risk management alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
Preview, General Availability

Created:
2024-10-09

updated:
2025-02-07

Public Preview Start Date

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

More Info URL

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Compromised User Detection Implementation
Without proper preparation, the implementation of compromised user detection may lead to false positives, causing unnecessary escalations and investigations, which can overwhelm the SOC team and disrupt their workflow.
   - roles: IRM Analysts, SOC Team Members
   - references: https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks

User Experience Disruption
If the change is made without adequate training or communication, users may experience confusion or anxiety due to increased monitoring and potential alerts regarding their accounts, impacting their productivity and trust in the system.
   - roles: End Users, IRM Analysts
   - references: https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks

Configutation Options**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2025-02-07RM ReleaseFebruary CY2025March CY2025
2024-12-11RM Cloud Instance TagsWorldwide (Standard Multi-Tenant)Worldwide (Standard Multi-Tenant), DoD, GCC High, GCC
2024-11-05RM PreviewOctober CY2024December CY2024

Last updated 4 days ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!