check before: 2025-03-15
Product:
Entra, Purview Communication Compliance, Purview Information Protection, Purview Insider Risk Management
Platform:
Online, US Instances, Web, World tenant
Status:
In development
Change type:
New feature, Admin impact
Links:
Details:
Summary:
Microsoft Purview Insider Risk Management will soon allow analysts to identify compromised user alerts in Microsoft Entra, aiding in appropriate response actions. This feature will roll out globally in March 2025. Admins need to review configurations and notify users, but no immediate action is required.
Details:
Coming soon to Microsoft Purview | Insider Risk Management: IRM analysts will be able to identify if a user being investigated has any compromised user alerts in Microsoft Entra. The new visibility will help the analyst formulate the right response action, such as escalating the Incident to SOC teams for quick remediation.
This message is associated with Microsoft 365 Roadmap ID 420938.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out mid-March 2025 and expect to complete by late March 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2025-02-15
updated:
2025-02-15
Public Preview Start Date
XXXXXXX ... free basic plan only
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Compromised User Detection Implementation
Without proper preparation, the rollout of the new compromised user context may lead to confusion among analysts regarding the new alerts, potentially delaying incident response actions.
- roles: IRM Analysts, SOC Team Members
- references: https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators?tabs=purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators?tabs=purview-portal, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=420938
User Notification and Documentation Update
Failure to notify users about the changes may result in users being unaware of new alerts and processes, leading to frustration and decreased trust in the IT department.
- roles: End Users, IT Support Staff
- references: https://learn.microsoft.com/entra/id-protection/concept-identity-protection-risks, https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators?tabs=purview-portal" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/purview/insider-risk-management-settings-policy-indicators?tabs=purview-portal
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 month ago
