475058 – Microsoft Purview compliance portal: Insider Risk Management- Insider risk management user analytics

cloudscout.one Icon

check before: 2025-07-01

Product:

Defender, Defender XDR, Purview Communication Compliance, Purview Insider Risk Management

Platform:

US Instances, Web, World tenant

Status:

In development

Change type:

Links:

Details:

With this feature, Insights will be generated for potentially risky behaviors at a user level and will be surfaced across the following experiences: 1) Insider risk management context in DLP alert investigation 2) Insider risk management context in Communication compliance alert investigation 3) Insider risk management context in Microsoft Defender XDR user entity page 4) Advanced hunting in Microsoft Defender XDR. User analytics will cover all eligible users in the tenant including users not in the scope of any Insider risk management policy. During the initial rollout, user analytics will be enabled by default for all customers who have enabled Insider risk management analytics. This will help customers benefit from this additional intelligence right from the start. Customers can enable/disable user analytics in your tenant from Insider risk management Global settings. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2025-01-23

updated:
2025-01-23

Public Preview Start Date

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

User Analytics Rollout
Immediate activation of user analytics without prior preparation may lead to unintended exposure of sensitive user data, causing privacy concerns and potential compliance violations.
   - roles: Compliance Officer, IT Security Manager
   - references: https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/, https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-365/ba-p/2151230

Policy Misconfiguration
If users are not adequately trained on the new analytics features, there may be misconfigurations in insider risk policies, leading to false positives or negatives in risk assessments.
   - roles: IT Administrator, Data Protection Officer
   - references: https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/, https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-365/ba-p/2151230

Configutation Options**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



Last updated 2 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!