MC295822: Insider risk management: Integration with Microsoft Sentinel, macOS support, and Healthcare policy template (preview)

As announced at Ignite, we’re introducing new features in public preview to extend your Insider risk management solution, including integration with Microsoft Sentinel, support for exfiltration signals from macOS, and a new healthcare connector and policy template. This message is associated with Microsoft 365 Roadmap ID 82151, 82152, and 82153.

Microsoft 365 compliance center: Insider risk management – Integration with Sentinel

New integration with Azure Sentinel provides the flexibility to collect, detect, and investigate insider risk activities within Azure Sentinel. This native connector allows for seamless import of alerts, which provides analysts with a single pane of glass to review alerts for insider risk in a broader organizational context.

Microsoft 365 compliance center: Insider risk management – Exfiltration signals from macOS

Endpoint exfiltration signals for Office, PDF, and CSV files from macOS endpoints.

Microsoft 365 compliance center: Insider risk management – Healthcare connector and policy template

New healthcare policy template with built-in indicators that leverages data from Epic and other electronic medical records (EMR) solutions – using our Data Connectors – to help healthcare companies identify potential insider risks related to patient data misuse.

MC295822: Insider risk management: Integration with Microsoft Sentinel, macOS support, and Healthcare policy template (preview)

When this will happen

Rollout will begin in early November and is expected to be complete by early December.

How this will affect your organization

Integration with Microsoft Sentinel

New integration with Microsoft Sentinel provides the flexibility to collect, detect, and investigate insider risk activities within Microsoft Sentinel. This native connector allows for seamless import of alerts, which provides analysts with a single pane of glass to review alerts for insider risk in a broader organizational context.

Integration with Microsoft Sentinel

Expanded coverage with macOS support

This update introduces support for endpoint exfiltration signals for Office, PDF, and CSV files from macOS endpoints which will expand the scope of insider risk detections across your environment.

Healthcare connector and policy template

To help reduce insider risks within the Healthcare industry, we’re introducing a new healthcare policy template that connects into Epic and other electronic medical records (EMR) solutions – using our Data Connectors – to help healthcare companies identify potential insider risks related to patient data misuse.

Healthcare connector and policy template

What you need to do to prepare

Review and assess for your organization.

Learn more

Message ID: MC295822
Published: 02 November 2021
Updated: 02 November 2021
#NewFeature #AdminImpact
Stay Informed