check before: 2025-07-01
Product:
Defender, Defender XDR, Purview Communication Compliance, Purview Insider Risk Management
Platform:
US Instances, Web, World tenant
Status:
In development
Change type:
Links:

Details:
With this feature, Insights will be generated for potentially risky behaviors at a user level and will be surfaced across the following experiences: 1) Insider risk management context in DLP alert investigation 2) Insider risk management context in Communication compliance alert investigation 3) Insider risk management context in Microsoft Defender XDR user entity page 4) Advanced hunting in Microsoft Defender XDR. User analytics will cover all eligible users in the tenant including users not in the scope of any Insider risk management policy. During the initial rollout, user analytics will be enabled by default for all customers who have enabled Insider risk management analytics. This will help customers benefit from this additional intelligence right from the start. Customers can enable/disable user analytics in your tenant from Insider risk management Global settings. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-01-23
updated:
2025-01-23
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
User Analytics Rollout
Immediate activation of user analytics without prior preparation may lead to unintended exposure of sensitive user data, causing privacy concerns and potential compliance violations.
- roles: Compliance Officer, IT Security Manager
- references: https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/, https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-365/ba-p/2151230
Policy Misconfiguration
If users are not adequately trained on the new analytics features, there may be misconfigurations in insider risk policies, leading to false positives or negatives in risk assessments.
- roles: IT Administrator, Data Protection Officer
- references: https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/, https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-365/ba-p/2151230
Configutation Options**
XXXXXXX ... paid membership only
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago