Skip to Content

MC349520: Insider Risk Management: New features coming to general availability

By: Author Alex Lim

Posted on Last updated:

Home > MC349520: Insider Risk Management: New features coming to general availability

We’re rolling out several features to general availability to enhance your Insider Risk Management policies and workflows. This message is associated with Microsoft 365 Roadmap ID 88997, 88998, 88999, 89000, 89001, 89002.

MC349520: Insider Risk Management: New features coming to general availability

When this will happen

Rollout will begin in late April and is expected to be complete by mid-May.

How this will affect your organization

The following features and settings will soon be generally available as options within the Insider Risk Management solution in the Microsoft 365 compliance center:

  • Enhanced support for domains: enables support for enhanced classification of unallowed, allowed, and third-party domains leveraging wildcards. This helps improve classification of detections.
  • Export alerts: We are increasing the frequency in which alerts are sent to the Office 365 Management Activity API so you can have more updated alert information available. If you have turned on “Export Alerts” in settings, then alerts will now be exported every hour (previously 12 hours). Note: This will not impact the number or volume of alerts in the system, but rather the frequency with which existing alerts are updated. For example, if you have an alert and confirm that alert, you will see the status of the alert updated to “Confirmed” in one hour as opposed to 12 hours.
  • Integration with Microsoft Teams: Compliance analysts and investigators can use Microsoft Teams to coordinate and review response activities for cases in private Teams, securely share and store files and evidence related to individual cases, and track and review response activities. Once enabled, a dedicated Microsoft Teams team is created every time an alert is confirmed and a case is created. For existing cases, analysts and investigators can choose to create a new Microsoft Teams team when working in a case if needed. Once you resolve the associated case, the team is automatically archived.
  • Define priority user groups: Define users in your organization that need closer inspection based on factors such as their position, level of access to sensitive information, or risk history.
  • Data leaks by priority users: Once created, priority user groups can be included in certain policy templates from the Policies page, such as detecting data leaks by users included in the defined group.
  • Native triggers (new signals, indicator selection, customization, Activity explorer): You can now choose to assign selected indicators as triggering events for a policy. This flexibility and customization helps scope the policy to only the activities covered by the indicators. Also, you will be able to customize thresholds for each triggering event.
  • Triage and investigation improvements: To enhance triage and investigation, we’re including historical insights for Exchange Online, and will also ingest triggering events into Activity explorer to assist in the triage process. Furthermore, we are introducing filtering and sorting capabilities across the triage experience to help reduce time-to-action.

What you need to do to prepare

Insider Risk Management in Microsoft 365 correlates various signals from the chip to the cloud to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Access the Insider Risk Management solution in the Microsoft 365 compliance center:

To enable Microsoft Teams for Insider Risk Management:

  1. In the Microsoft 365 compliance center, go to Insider risk management > Insider risk settings
  2. Select the Microsoft Teams tab
  3. Enable Microsoft Teams integration
  4. Select Save to configure and exit

Learn more

Message ID: MC349520
Published: 30 March 2022
Updated: 30 March 2022

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.