MC791107 – Microsoft Purview | Data Loss Prevention: Adaptive Protection integration will be generally available (archived)

Product:

Exchange, Microsoft 365 suite, Purview, Purview Communication Compliance, Purview compliance portal, Purview Data Loss Prevention, Purview Information Protection, Purview Insider Risk Management, Teams

Platform:

Online, Web, World tenant

Status:

Launched

Change type:

New feature, Admin impact

Links:

MC512627
117352

Details:

Summary:
The integration of Adaptive Protection with Microsoft Purview Data Loss Prevention will be generally available soon, requiring an E5 Compliance license. Organizations previously using Adaptive Protection with certain add-ons will need to upgrade to maintain access after a 180-day grace period. Rollout begins in June 2024.

Details:
Coming soon to general availability, the integration of Adaptive Protection with Microsoft Purview Data Loss Prevention. This integration enables admins, who are granted access to change, create, update and/or delete policies to configure policies where users are automatically included in the scope of data loss prevention (DLP) policies based on insider risk levels. For example, a DLP policy integrated with insider risk levels will prevent high-risk users from printing sensitive data, while allowing low-risk users to do so. We communicated the preview for this feature in MC512627 Microsoft Purview compliance portal: Announcing Adaptive Protection in public preview. (preview) (Feb 2024).
This integration will require a pre-requisite of E5 Compliance or Microsoft 365 E5 to use. Organizations that were using Adaptive Protection in public preview with Microsoft 365 E5 Insider Risk Management (IRM) or Microsoft 365 E5 Information Protection and Governance (IPG) Add-Ons - will need to upgrade to E5 Compliance to continue using Adaptive Protection.
This message is associated with Microsoft 365 Roadmap ID 117352
[When this will happen:]
General Availability Worldwide: We will begin rolling out early June 2024 and expect to complete by early July 2024.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2024-05-08

updated:
2024-05-08

Public Preview Start Date

XXXXXXX ... free basic plan only

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

linked item details

XXXXXXX ... free basic plan only

Direct effects for Operations**

- Impact on IT Operations
- Potential disruption in data loss prevention (DLP) policies if organizations do not upgrade to the E5 Compliance license within the 180-day grace period.
- Roles impacted: IT Administrators, Compliance Officers
- Reference: [Microsoft Purview Compliance Portal](https://learn.microsoft.com/purview/insider-risk-management-adaptive-protection?tabs=purview-portal)

- Impact on IT Services
- DLP policies will become static and will not dynamically adjust based on insider risk levels if the E5 Compliance license is not acquired post-grace period.
- Roles impacted: IT Service Managers, Security Analysts
- Reference: [Microsoft 365 Roadmap](https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters=&searchterms=117352)

- Impact on IT Users
- Users classified as high-risk may lose protections against data leakage, potentially leading to increased risk of data breaches or compliance violations.
- Roles impacted: End Users, Data Stewards
- Reference: [Help Dynamically Mitigate Risks](https://learn.microsoft.com/purview/insider-risk-management-adaptive-protection?tabs=purview-portal)

- Impact on Compliance and Governance
- Organizations may face compliance risks if they fail to upgrade, as they will not be able to enforce DLP policies based on risk levels, leading to potential regulatory issues.
- Roles impacted: Compliance Officers, Legal Advisors
- Reference: [Microsoft Purview Compliance Portal](https://learn.microsoft.com/purview/insider-risk-management-adaptive-protection?tabs=purview-portal)

- Impact on Training and Support
- Increased need for training and support for IT staff and end-users to understand the new licensing requirements and the implications of not upgrading.
- Roles impacted: IT Trainers, Support Staff
- Reference: [Microsoft Purview Compliance Portal](https://learn.microsoft.com/purview/insider-risk-management-adaptive-protection?tabs=purview-portal)

Opportunities**

- Enhanced Data Loss Prevention (DLP) Policies
- Implementing Adaptive Protection will allow for more granular DLP policies based on user risk levels, enhancing security and compliance.
- Roles benefiting: Compliance Officers, Security Administrators, IT Managers.
- Reference: [Microsoft Learn on Adaptive Protection](https://learn.microsoft.com/purview/insider-risk-management-adaptive-protection?tabs=purview-portal)

- Streamlined User Management
- The integration will automate the assignment of risk levels to users, reducing manual oversight and improving efficiency in user management.
- Roles benefiting: IT Administrators, HR Managers, Compliance Officers.
- Reference: [Microsoft 365 Roadmap](https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters=&searchterms=117352)

- Cost-Benefit Analysis for Licensing
- Organizations should evaluate the cost of upgrading to E5 Compliance against the potential risks and losses from data breaches, which could justify the investment.
- Roles benefiting: Finance Officers, IT Managers, Compliance Officers.
- Reference: [Microsoft Purview Compliance Portal](https://learn.microsoft.com/purview/insider-risk-management-adaptive-protection?tabs=purview-portal)

- Improved Incident Response
- With the integration of Adaptive Protection, organizations can respond more effectively to insider threats by dynamically adjusting DLP policies based on real-time risk assessments.
- Roles benefiting: Incident Response Teams, Security Analysts, Compliance Officers.
- Reference: [Microsoft Purview Insider Risk Management](https://learn.microsoft.com/purview/insider-risk-management-adaptive-protection?tabs=purview-portal)

- Training and Awareness Programs
- As the integration requires a shift in policy management, training programs for staff on the new DLP capabilities and compliance requirements can enhance overall user experience and security culture.
- Roles benefiting: Training Coordinators, Compliance Officers, IT Administrators.
- Reference: [Microsoft Purview Compliance Portal](https://learn.microsoft.com/purview/insider-risk-management-adaptive-protection?tabs=purview-portal)

Potentional Risks**

XXXXXXX ... paid membership only

Data Protection**

XXXXXXX ... paid membership only

Hypothetical Work Council Statement**

XXXXXXX ... paid membership only

DPIA Draft**

XXXXXXX ... paid membership only