top of page

Microsoft Purview insider risk solutions

Updated: Jun 10

Insider risks are one of the top concerns of security and compliance professionals in the modern workplace. Industry studies have shown that insider risks are often associated with risky activities. Protecting your organization against these risks can be challenging to identify and difficult to mitigate. Insider risks include vulnerabilities in various areas and can cause major problems for your organization, ranging from the loss of intellectual property to confidential data. The following figure outlines common insider risks:


Microsoft Purview Insider risk solution

Microsoft 365 risk prevention features are designed and built into our insider risk products and solutions. These solutions work together and use advanced service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity. Most solutions offer a comprehensive detection, alert, and remediation workflow for your data analysts and investigators to use to quickly act on and minimize these risks.


Risk icon

Risks

Communication compliance

Insider risk management

Information barriers

Privileged access management


Data Spillage

Data spillage

YES

YES


Confidentiality   violations

Confidentiality violations

YES

YES

YES


IP Theft

IP theft

YES

YES

YES


Workplace Violation

Workplace violence

YES



Fraud

Fraud

YES

YES


Policy Violation

Policy violations

YES

YES

YES

YES


Insider Trading

Insider trading

YES


Conflict Interest

Conflicts of interest

YES

YES


Sensitive Data leak

Sensitive data leaks

YES

YES


Workplace

Workplace harassment

YES

Security

Security violations

YES

YES

Compliance

Regulatory compliance violations

YES

YES

YES

Insider risk solutions

To help protect your organization against insider risks, use these Microsoft Purview capabilities and features.

Communication compliance

Microsoft Purview Communication Compliance helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization.

Communication compliance is available in the following subscriptions:

  • Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)

  • Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on

  • Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on

  • Office 365 Enterprise E5 subscription (paid or trial version)

  • Office 365 A5 subscription (paid or trial version)

  • Office 365 Enterprise E3 subscription + the Office 365 Advanced Compliance add-on (no longer available for new subscriptions, see note)

Insider risk management

Microsoft Purview Insider Risk Management helps minimize internal risks by enabling you to detect, investigate, and act on potentially malicious and inadvertent activities in your organization.

Insider risk management is available in the following subscriptions:

  • Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)

  • Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on

  • Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on

  • Office 365 E3 subscription + Enterprise Mobility and Security E3 + the Microsoft 365 E5 Compliance add-on

Information barriers

Microsoft Purview Information Barriers allow you to restrict communication and collaboration between two internal groups to avoid a conflict of interest from occurring in your organization.

Information barriers are available in the following subscriptions:

  • Microsoft 365 E5/A5 subscription (paid or trial version)

  • Office 365 E5/A5/A3/A1 subscription (paid or trial version)

  • Office 365 Advanced Compliance add-on (no longer available for new subscriptions)

  • Microsoft 365 E3/A3/A1 subscription + the Microsoft 365 E5/A5 Compliance add-on

  • Microsoft 365 E3/A3/A1 subscription + the Microsoft 365 E5/A5 Insider Risk Management add-on

Privileged access management

Microsoft Purview Privileged Access Management allows granular access control over privileged Exchange Online admin tasks in Office 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings.

Privileged access management is available in the following subscriptions:

  • Microsoft 365 E5 subscription (paid or trial version)

  • Microsoft 365 A5 subscription (paid or trial version)

  • Office 365 Enterprise E5 subscription (paid or trial version)

  • Office 365 A5 subscription (paid or trial version)

  • Microsoft 365 E3 subscription + the Microsoft 365 E5 Compliance add-on

  • Microsoft 365 E3 subscription + the Microsoft 365 E5 Information Protection and Governance add-on

  • Microsoft 365 A3 subscription + the Microsoft 365 A5 Compliance add-on

  • Microsoft 365 A3 subscription + the Microsoft 365 A5 Information Protection and Governance add-on


Deploy Microsoft Purview insider risk solutions

To help protect your organization against insider risks, set up and deploy the following Microsoft Purview solutions:

Deploy Microsoft 365 insider risk solutions
  1. Configure and create communication compliance policies.

  2. Configure and create insider risk management policies.

  3. Optional: Configure and create information barrier policies.

  4. Optional: Enable and configure privileged access management

Communication Compliance Policies

Microsoft Purview Communication Compliance is an insider risk solution that helps you detect, capture, and act on inappropriate messages that can lead to potential data security or compliance incidents within your organization. Communication compliance evaluates the text and image-based messages in Microsoft and third-party apps (Teams, Yammer, Outlook, WhatsApp, etc.) for potential business policy violations, including inappropriate sharing of sensitive information, threatening or harassing language as well as possible regulatory violations (such as stock and capital manipulations).

Communication compliance's mission is to foster safe and compliant communications across customers' enterprise communication channels. With role-based access controls, human investigators can take remediation actions such as removing a message from Teams or notifying senders of potentially inappropriate conduct.

Communication Compliance

Insider risk management policies

Microsoft Purview Insider Risk Management uses the full breadth of service and 3rd-party indicators to help you quickly identify, triage, and act on potentially risky activity. Using logs from Microsoft 365 and Microsoft Graph, insider risk management allows you to define specific policies to identify risk indicators. After identifying the risks, you can take action to mitigate these risks and, if necessary, open investigation cases and take appropriate legal action.


Insider risk management policies

Information barriers policies

Microsoft Purview Information Barriers (IB) is supported in Microsoft Teams, SharePoint Online, and OneDrive for Business. A compliance administrator or IB administrator can define policies to allow or prevent communications between groups of users in Microsoft Teams. IB policies can be used for situations like these:

Users in the day trader group should not communicate or share files with the marketing team

Finance personnel working on confidential company information should not communicate or share files with specific groups within their organization.

An internal team with trade secret material should not call or chat online with people in certain groups within their organization.

A research team should only call or chat online with a product development team.


Information barriers policies

Privileged access management

Microsoft Purview Privileged Access Management helps protect your organization from breaches and helps to meet compliance best practices by limiting standing access to sensitive data or access to critical configuration settings. Instead of administrators having constant access, just-in-time access rules are implemented for tasks that need elevated permissions. Enabling privileged access management for Exchange Online in Microsoft 365 allows your organization to operate with zero standing privileges and provides a layer of defense against standing administrative access vulnerabilities


Comments


bottom of page