477363 – Microsoft Purview compliance portal: Insider Risk Management – Recommended thresholds

Product:

Purview Communication Compliance, Purview Insider Risk Management

Platform:

US Instances, Web, World tenant

Status:

In development

Change type:

Links:

Details:

With this update, admins with the appropriate permissions can get tailored recommended thresholds for all the built-in indicators within the policy wizard. This feature enables organizations to fine tune their insider risk policies and get an optimal number of alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability

Created:
2025-02-06

updated:
2025-09-03

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Increased False Positives in Alerts
Without proper preparation, the new thresholds may lead to an increase in false positive alerts, overwhelming the security team and causing alert fatigue.
   - roles: Security Analysts, Compliance Officers
   - references: https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/, https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-365/ba-p/2151230

User Privacy Concerns
Changes in insider risk policies without adequate communication may raise user privacy concerns, leading to distrust and potential pushback from employees.
   - roles: HR Managers, IT Compliance Officers
   - references: https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/, https://www.forbes.com/sites/bernardmarr/2021/06/21/how-to-manage-insider-threats-in-your-organization/?sh=4c1c1e1e7c3b

Configutation Options**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

Imagine you're a security guard at a large office building. Your job is to ensure that only authorized people enter and that nothing suspicious happens inside. Now, think of Microsoft Purview's Insider Risk Management as a high-tech security system that helps you do your job more effectively.

This system uses a variety of sensors (or signals) to detect potential risks inside the building, like someone trying to sneak out with confidential documents or someone accidentally leaving a door open. Just like a security system, it alerts you when something seems off, so you can take action before any real damage occurs.

Now, the update to this system is like getting a new feature that suggests the best settings for your security sensors. Instead of having to guess how sensitive the motion detectors should be or how loud the alarm should sound, the system now provides recommended settings based on the building's specific needs. This helps you avoid too many false alarms, which can be distracting, while still catching the real threats.

In this analogy, the "policy wizard" is like a setup assistant that guides you through configuring your security system. It takes into account your building's unique layout and the types of activities that typically occur there. The system is designed with privacy in mind, meaning it respects the privacy of everyone in the building by using pseudonyms and keeping detailed logs of who accesses what information.

Overall, this update makes it easier for organizations to protect their sensitive information by fine-tuning their insider risk policies, ensuring that they receive just the right amount of alerts to effectively manage potential risks.