From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Purview Insider Risk Management - Microsoft Security Copilot Tutorial

From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Purview Insider Risk Management

- [Instructor] Let's look at the Insider Risk Management Solution provided by Microsoft Purview. First of all, what is the insider risk? Insider risks typically refer to risks posed by people within our organization. For example, leaks of business critical data, unauthorized disclosure of confidential information, theft of intellectual property trading stocks based on non-public financial information, fraudulent activities, like manipulating financial records, and violations of compliance requirements. Microsoft Purview Insider Risk Management helps organizations minimize internal risks using an integrated and a configurable workflow. It begins with creating an insider risk management policy, which defines the risk signals and the policy conditions. You can also choose a policy template to get started. Alerts are triggered when risk indicators match policy conditions. Next, reviewers assess and triage the alerts, deciding whether to create a new case, add to an existing case, or close the alert. Active cases are investigated using tools like user activity and content explorer. Finally, actions are taken to address the insider risks, such as sending notifications, blocking access, or escalating the case for further review. As you can see, the stages of triage investigation and the action from the core process of insider risk case management. Now let's do a quick demo of Microsoft Purview Insider Risk Management. Here's the Microsoft Purview Portal. Let's choose the Insider Risk Management Solution. Click Policies. Here you can manage the existing insider risk management policies or create a new one. Click Create Policy. You can choose a prebuilt policy template to get started. For example, data leaks by risky user. You can choose an existing policy to view its policy settings. Click Users. You can see potential risky users. Select a user. You can review user profile and user activity. If your organization has Co-pilot in Microsoft Purview enabled, the AI assistant can summarize the user risk.

Contents