Coming soon to public preview, we’re introducing several updates to improve your Insider risk management experience, including enhancements to Recommended actions, Alert triage, Audit logs, Sequence detector, and Cumulative exfiltration anomaly detector (CEAD).
This message is associated with Microsoft 365 Roadmap ID 88897, 88899, 88901, 82145, and 88908.
Microsoft 365 compliance center: Insider risk management – Enhancements to Recommended Actions
Enhancements include ability to turn on email notification for key events as well as additional suggestions to maximize value. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to ensure user-level privacy.
Microsoft 365 compliance center: Insider risk management – Alert triage improvements
Various experience improvements based on feedback to accelerate time-to-action including ability to further drill into Sequences within Activity Explorer, new filtering capability as well as enhanced User Activity Timeline view which includes a richer alert history. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to ensure user-level privacy.
Microsoft 365 compliance center: Insider risk management – Enhancement to Insider risk audit logs
Additional audit of events included in the Insider risk audit logs including activities within Content Explorer, Activity Explorer, and User Timeline. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to ensure user-level privacy.
Microsoft 365 compliance center: Insider risk management – Enhancements to Sequence detector
Sequence detector will include new Sequences that start with activity on the device, as well as additional obfuscation and exfiltration coverage. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to ensure user-level privacy.
Microsoft 365 compliance center: Insider risk management – Enhancements to Cumulative exfiltration anomaly detector (CEAD)
CEAD will include experience enhancements to make it easier to evaluate the risk as well as leverage priority content and document sensitivities to further prioritize alerts. Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to ensure user-level privacy.
When this will happen
Rollout will begin in late March and is expected to be complete by late April.
How this will affect your organization
The following enhancements will soon be available for Insider risk management features:
- Recommended actions: Enhancements include ability to turn on email notification for key events as well as additional suggestions to maximize value.
- Alert triage: Various experience improvements based on feedback to accelerate time-to-action including ability to further drill into Sequences within Activity Explorer, new filtering capability as well as enhanced User Activity Timeline view which includes a richer alert history.
- Insider risk audit logs: Additional audit of events included in the Insider risk audit logs including activities within Content Explorer, Activity Explorer, and User Timeline.
- Sequence detector: Sequence detector will include new Sequences that start with activity on the device, as well as additional obfuscation and exfiltration coverage.
- Cumulative exfiltration anomaly detector: CEAD will include experience enhancements to make it easier to evaluate the risk as well as leverage priority content and document sensitivities to further prioritize alerts.
What you need to do to prepare
Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to ensure user-level privacy.
Access Insider Risk Management in the Microsoft 365 compliance center.
Learn more
- Recommended actions (preview)
- Triage insider risk alerts
- Insider risk management audit log
- Sequence detection (preview)
- Cumulative exfiltration detection (preview)
- Get started with insider risk management
- Learn about insider risk management in Microsoft 365
Message ID: MC340292
Published: 08 March 2022
Updated: 08 March 2022
Stay Informed
#NewFeature #AdminImpact
