top of page
Image by Thought Catalog

Post Details

  • Writer's pictureALIF Consulting

Microsoft Purview insider risk solutions

About Alif: Alif empowers Microsoft MSP-CSP partners to provide exceptional IT services to their clients to ensure that the partners reduce their costs and focus on their business. We provide white-labeled managed services for technologies like Microsoft Azure, Microsoft 365, Microsoft Dynamics 365, Microsoft Security, SharePoint, Power Platform, SQL, Azure DevOps, and a lot more. Our headquarter is in Pune, India where we work with over 50 partners across the globe that trust us with their client delivery.


Insider risks are one of the top concerns of security and compliance professionals in the modern workplace. Industry studies have shown that insider risks are often associated with risky activities. Protecting your organization against these risks can be challenging to identify and difficult to mitigate. Insider risks include vulnerabilities in a variety of areas and can cause major problems for your organization, ranging from the loss of intellectual property to confidential data, and more. The following figure outlines common insider risks:


Microsoft 365 risk prevention features are designed and built-in into our insider risk products and solutions. These solutions work together and use advanced service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity. Most solutions offer a comprehensive detection, alert, and remediation workflow for your data analysts and investigators to use to quickly act on and minimize these risks.


Risk icon

Risks

Communication compliance

Insider risk management

Information barriers

Privileged access management



Data spillage

YES

YES



Confidentiality violations

YES

YES

YES



IP theft

YES

YES

YES



Workplace violence

YES



Fraud

YES

YES



Policy violations

YES

YES

YES

YES



Insider trading

YES



Conflicts of interest

YES

YES



Sensitive data leaks

YES

YES



Workplace harassment

YES


Security violations

YES

YES


Regulatory compliance violations

YES

YES

YES

Insider risk solutions

To help protect your organization against insider risks, use these Microsoft Purview capabilities and features.

Communication compliance

Microsoft Purview Communication Compliance helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization.

Communication compliance is available in the following subscriptions:

  • Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)

  • Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on

  • Microsoft 365 E3/A3/F3/G5 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on

  • Office 365 Enterprise E5 subscription (paid or trial version)

  • Office 365 A5 subscription (paid or trial version)

  • Office 365 Enterprise E3 subscription + the Office 365 Advanced Compliance add-on (no longer available for new subscriptions, see note)


Insider risk management

Microsoft Purview Insider Risk Management helps minimize internal risks by enabling you to detect, investigate, and act on potentially malicious and inadvertent activities in your organization.

Insider risk management is available in the following subscriptions:

  • Microsoft 365 E5/A5/F5/G5 subscription (paid or trial version)

  • Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Compliance add-on

  • Microsoft 365 E3/A3/F3/G3 subscription + the Microsoft 365 E5/A5/F5/G5 Insider Risk Management add-on

  • Office 365 E3 subscription + Enterprise Mobility and Security E3 + the Microsoft 365 E5 Compliance add-on


Information barriers

Microsoft Purview Information Barriers allow you to restrict communication and collaboration between two internal groups to avoid a conflict of interest from occurring in your organization.

Information barriers are available in the following subscriptions:

  • Microsoft 365 E5/A5 subscription (paid or trial version)

  • Office 365 E5/A5/A3/A1 subscription (paid or trial version)

  • Office 365 Advanced Compliance add-on (no longer available for new subscriptions)

  • Microsoft 365 E3/A3/A1 subscription + the Microsoft 365 E5/A5 Compliance add-on

  • Microsoft 365 E3/A3/A1 subscription + the Microsoft 365 E5/A5 Insider Risk Management add-on


Privileged access management

Microsoft Purview Privileged Access Management allows granular access control over privileged Exchange Online admin tasks in Office 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings.

Privileged access management is available in the following subscriptions:

  • Microsoft 365 E5 subscription (paid or trial version)

  • Microsoft 365 A5 subscription (paid or trial version)

  • Office 365 Enterprise E5 subscription (paid or trial version)

  • Office 365 A5 subscription (paid or trial version)

  • Microsoft 365 E3 subscription + the Microsoft 365 E5 Compliance add-on

  • Microsoft 365 E3 subscription + the Microsoft 365 E5 Information Protection and Governance add-on

  • Microsoft 365 A3 subscription + the Microsoft 365 A5 Compliance add-on

  • Microsoft 365 A3 subscription + the Microsoft 365 A5 Information Protection and Governance add-on


Deploy Microsoft Purview insider risk solutions

To help protect your organization against insider risks, set up and deploy the following Microsoft Purview solutions:


  1. Configure and create communication compliance policies.

  2. Configure and create insider risk management policies.

  3. Optional: Configure and create information barrier policies.

  4. Optional: Enable and configure privileged access management

Communication Compliance Policies


Microsoft Purview Communication Compliance is an insider risk solution that helps you detect, capture, and act on inappropriate messages that can lead to potential data security or compliance incidents within your organization. Communication compliance evaluates the text and image-based messages in Microsoft and third-party apps (Teams, Yammer, Outlook, WhatsApp, etc.) for potential business policy violations including inappropriate sharing of sensitive information, threatening or harassing language as well as potential regulatory violations (such as stock and capital manipulations).

Communication compliance's mission is to foster safe and compliant communications across customers' enterprise communication channels. With role-based access controls, human investigators can take remediation actions such as removing a message from Teams or notifying senders of potentially inappropriate conduct.



Insider risk management policies


Microsoft Purview Insider Risk Management uses the full breadth of service and 3rd-party indicators to help you quickly identify, triage, and act on potentially risky activity. By using logs from Microsoft 365 and Microsoft Graph, insider risk management allows you to define specific policies to identify risk indicators. After identifying the risks, you can take action to mitigate these risks, and if necessary open investigation cases and take appropriate legal action.


Information barriers policies


Microsoft Purview Information Barriers (IB) is supported in Microsoft Teams, SharePoint Online, and OneDrive for Business. A compliance administrator or IB administrator can define policies to allow or prevent communications between groups of users in Microsoft Teams. IB policies can be used for situations like these:

User in the day trader group should not communicate or share files with the marketing team

Finance personnel working on confidential company information should not communicate or share files with certain groups within their organization

An internal team with trade secret material should not call or chat online with people in certain groups within their organization

A research team should only call or chat online with a product development team


Privileged access management


Microsoft Purview Privileged Access Management helps protect your organization from breaches and helps to meet compliance best practices by limiting standing access to sensitive data or access to critical configuration settings. Instead of administrators having constant access, just-in-time access rules are implemented for tasks that need elevated permissions. Enabling privileged access management for Exchange Online in Microsoft 365 allows your organization to operate with zero standing privileges and provides a layer of defense against standing administrative access vulnerabilities


38 views0 comments
bottom of page