Insider risks are one of the top concerns of security and compliance professionals in the modern workplace. Industry studies have shown that insider risks are often associated with risky activities. Protecting your organization against these risks can be challenging to identify and difficult to mitigate. Insider risks include vulnerabilities in various areas and can cause major problems for your organization, ranging from the loss of intellectual property to confidential data. The following figure outlines common insider risks:
Microsoft 365 risk prevention features are designed and built into our insider risk products and solutions. These solutions work together and use advanced service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity. Most solutions offer a comprehensive detection, alert, and remediation workflow for your data analysts and investigators to use to quickly act on and minimize these risks.
Risk icon | Risks | Communication compliance | Insider risk management | Information barriers | Privileged access management |
Data spillage | YES | YES | ​ | ​ | |
Confidentiality violations | YES | YES | YES | ​ | |
IP theft | YES | YES | YES | ​ | |
Workplace violence | YES | ​ | ​ | ||
Fraud | YES | YES | ​ | ​ | |
Policy violations | YES | YES | YES | YES | |
Insider trading | YES | ​ | ​ | ​ | |
Conflicts of interest | YES | ​ | YES | ​ | |
Sensitive data leaks | YES | YES | ​ | ​ | |
Workplace harassment | YES | ​ | ​ | ​ | |
​ | Security violations | ​ | YES | ​ | YES |
​ | Regulatory compliance violations | YES | YES | YES | ​ |
Insider risk solutions
To help protect your organization against insider risks, use these Microsoft Purview capabilities and features.
Communication compliance
Microsoft Purview Communication Compliance helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization.
Communication compliance is available in the following subscriptions:
Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)
Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on
Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on
Office 365 Enterprise E5 subscription (paid or trial version)
Office 365 A5 subscription (paid or trial version)
Office 365 Enterprise E3 subscription + the Office 365 Advanced Compliance add-on (no longer available for new subscriptions, see note)
Insider risk management
Microsoft Purview Insider Risk Management helps minimize internal risks by enabling you to detect, investigate, and act on potentially malicious and inadvertent activities in your organization.
Insider risk management is available in the following subscriptions:
Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)
Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on
Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on
Office 365 E3 subscription + Enterprise Mobility and Security E3 + the Microsoft 365 E5 Compliance add-on
Information barriers
Microsoft Purview Information Barriers allow you to restrict communication and collaboration between two internal groups to avoid a conflict of interest from occurring in your organization.
Information barriers are available in the following subscriptions:
Microsoft 365 E5/A5 subscription (paid or trial version)
Office 365 E5/A5/A3/A1 subscription (paid or trial version)
Office 365 Advanced Compliance add-on (no longer available for new subscriptions)
Microsoft 365 E3/A3/A1 subscription + the Microsoft 365 E5/A5 Compliance add-on
Microsoft 365 E3/A3/A1 subscription + the Microsoft 365 E5/A5 Insider Risk Management add-on
Privileged access management
Microsoft Purview Privileged Access Management allows granular access control over privileged Exchange Online admin tasks in Office 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings.
Privileged access management is available in the following subscriptions:
Microsoft 365 E5 subscription (paid or trial version)
Microsoft 365 A5 subscription (paid or trial version)
Office 365 Enterprise E5 subscription (paid or trial version)
Office 365 A5 subscription (paid or trial version)
Microsoft 365 E3 subscription + the Microsoft 365 E5 Compliance add-on
Microsoft 365 E3 subscription + the Microsoft 365 E5 Information Protection and Governance add-on
Microsoft 365 A3 subscription + the Microsoft 365 A5 Compliance add-on
Microsoft 365 A3 subscription + the Microsoft 365 A5 Information Protection and Governance add-on
Deploy Microsoft Purview insider risk solutions
To help protect your organization against insider risks, set up and deploy the following Microsoft Purview solutions:
Configure and create communication compliance policies.
Configure and create insider risk management policies.
Optional: Configure and create information barrier policies.
Optional: Enable and configure privileged access management
Communication Compliance Policies
Microsoft Purview Communication Compliance is an insider risk solution that helps you detect, capture, and act on inappropriate messages that can lead to potential data security or compliance incidents within your organization. Communication compliance evaluates the text and image-based messages in Microsoft and third-party apps (Teams, Yammer, Outlook, WhatsApp, etc.) for potential business policy violations, including inappropriate sharing of sensitive information, threatening or harassing language as well as possible regulatory violations (such as stock and capital manipulations).
Communication compliance's mission is to foster safe and compliant communications across customers' enterprise communication channels. With role-based access controls, human investigators can take remediation actions such as removing a message from Teams or notifying senders of potentially inappropriate conduct.
Insider risk management policies
Microsoft Purview Insider Risk Management uses the full breadth of service and 3rd-party indicators to help you quickly identify, triage, and act on potentially risky activity. Using logs from Microsoft 365 and Microsoft Graph, insider risk management allows you to define specific policies to identify risk indicators. After identifying the risks, you can take action to mitigate these risks and, if necessary, open investigation cases and take appropriate legal action.
Information barriers policies
Microsoft Purview Information Barriers (IB) is supported in Microsoft Teams, SharePoint Online, and OneDrive for Business. A compliance administrator or IB administrator can define policies to allow or prevent communications between groups of users in Microsoft Teams. IB policies can be used for situations like these:
Users in the day trader group should not communicate or share files with the marketing team
Finance personnel working on confidential company information should not communicate or share files with specific groups within their organization.
An internal team with trade secret material should not call or chat online with people in certain groups within their organization.
A research team should only call or chat online with a product development team.
Privileged access management
Microsoft Purview Privileged Access Management helps protect your organization from breaches and helps to meet compliance best practices by limiting standing access to sensitive data or access to critical configuration settings. Instead of administrators having constant access, just-in-time access rules are implemented for tasks that need elevated permissions. Enabling privileged access management for Exchange Online in Microsoft 365 allows your organization to operate with zero standing privileges and provides a layer of defense against standing administrative access vulnerabilities
Comments