From the course: Microsoft Information Security Administrator Associate (SC-401) Cert Prep by Microsoft Press

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Configure and manage Insider Risk Management settings

Configure and manage Insider Risk Management settings - Microsoft 365 Tutorial

From the course: Microsoft Information Security Administrator Associate (SC-401) Cert Prep by Microsoft Press

Start my 1-month free trial Buy for my team

Configure and manage Insider Risk Management settings

Before creating policies, there are some global Insider Risk Management settings to configure. These define how the system behaves across all policies, focusing on privacy, scope, and initial analytics. Let's break down the key settings. Probably the first one that everybody thinks about is user privacy slash anonymization. By default, Insider Risk Management keeps user identity pseudo-anonymized at the alert stage. This means that when an analyst reviews an issue, they see User 5, or similar, instead of the actual name. This privacy-by-design feature reduces bias and protects employees until a potential issue is serious enough – in other words, it's escalated to a real investigation or a case – to reveal the identity of the employee involved. In IRM settings, this is usually a toggle called Anonymize User Identities, which we'll show in a second, and that is on by default. Microsoft strongly recommends leaving this on. You can turn it off if your org's policy is to show real names to…

Contents