We’re introducing new features to the Insider risk management solution in the Microsoft 365 compliance center to help you better manage insider risk policies and investigations. This message is associated with Microsoft 365 Roadmap ID 82142, 82143, and 85576.
When this will happen
Rollout will begin in late November and is expected to be complete by late December.
How this will affect your organization
Guided onboarding experience (GA): To improve the onboarding experience, we are introducing guided actions to support both new and existing tenants in setting up a quality insider risk management program (IRM). For the Admins and IRM role groups, we will highlight six recommended onboarding actions on the Overview page, such as selecting indicators and setting up a policy. Investigators and analyst role groups will also be shown recommended actions for how to conduct investigations on the Overview page. Even when actions are completed, admins can find the past recommended actions in the navigation screen entitled Recommended Actions.
Recommended actions that an admin should take for a complete onboarding experience. In-product guided walkthrough on how to complete onboarding actions such as selecting indictors, setting up a policy, and how to investigate an alert.
Triage and investigation improvements (preview): To enhance triage and investigation, we’re including historical insights for Exchange Online, and will also input triggering events into Activity explorer to assist in the triage process. In addition, we are introducing filtering and sorting capabilities across the triage experience to help reduce time-to-action.
Enhancements including historical insight for Exchange Online, ingest triggering events into Activity explorer.
Policy customization enhancements (preview): We’re introducing the ability to fine-tune policies to trigger on precise exfiltration events. These precise exfiltration event triggers can be added to your data leak and departing employee data theft policies based on specific thresholds met for number of documents exfiltrated including upload to cloud, copy to USB and emailing outside the organization.
Ability to fine-tune policies to trigger on precise exfiltration events.
What you need to do to prepare
Message ID: MC295028
Published: 29 October 2021
Updated: 29 October 2021