check before: 2024-08-01
Product:
Purview Communication Compliance, Purview Insider Risk Management
Platform:
US Instances, Web, World tenant
Status:
Launched
Change type:
New feature, Admin impact
Links:
Details:
Summary:
Microsoft Purview Insider Risk Management is introducing cumulative exfiltration tuning to reduce alert noise by not scoring previously detected activities. This update will be globally available from mid to late August 2024 and requires no admin action. It is enabled by default and accessible via the Microsoft Purview compliance portal.
Details:
Microsoft Purview Insider Risk Management will be rolling out cumulative exfiltration tuning. With this new feature, Cumulative Exfiltration Activities will not be detected and scored if the events have already been detected in a previous Cumulative Exfiltration Activities risk. This change will reduce noise for alerts generated from Cumulative Exfiltration Activities.
This message is associated with Microsoft 365 Roadmap ID 402195.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out mid-August 2024 and complete by late August 2024.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability
Created:
2024-08-20
updated:
2024-08-20
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
explanation for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Reduced Alert Noise
The change may lead to missed detection of ongoing insider threats as previously detected activities will not trigger new alerts, potentially allowing malicious activities to go unnoticed.
- roles: Security Analyst, Compliance Officer
- references: https://learn.microsoft.com/purview/insider-risk-management-policies?tabs=purview-portalcumulative-exfiltration-detection-preview, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=402195
User Experience Impact
Users may experience confusion or lack of awareness regarding potential insider threats due to reduced alert notifications, leading to a false sense of security.
- roles: End User, IT Support
- references: https://learn.microsoft.com/purview/insider-risk-management-policies?tabs=purview-portalcumulative-exfiltration-detection-preview, https://purview.microsoft.com/compliance
Configutation Options**
Cumulative Exfiltration Tuning
This feature reduces alert noise by not scoring previously detected Cumulative Exfiltration Activities, thus minimizing unnecessary alerts.
- technical instructions:
- references: https://learn.microsoft.com/purview/insider-risk-management-policies?tabs=purview-portalcumulative-exfiltration-detection-preview, https://purview.microsoft.com/compliance" target="_blank" rel="nofollow noopener noreferrer">https://purview.microsoft.com/compliance, https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=402195
Insider Risk Management Policies
Create and manage policies to monitor and mitigate insider risks, including data leakage and security violations.
- technical instructions: Access the Microsoft Purview compliance portal to create and manage insider risk management policies.
- references: https://learn.microsoft.com/purview/insider-risk-management-policies?tabs=purview-portal, https://purview.microsoft.com/compliance" target="_blank" rel="nofollow noopener noreferrer">https://purview.microsoft.com/compliance
Data Protection**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago