Microsoft Purview eDiscovery search queries and Microsoft Purview Insider Risk Management policy configuration will now support Exact Data Match (EDM) classification capabilities. This message is associated with Microsoft 365 Roadmap ID 93286 and 93287.
Organizations will be able to include Exact Data Match (EDM) Sensitive Information Types (SITs) when searching for sensitive data using the eDiscovery search tools.
Organizations will be able to configure new or existing Insider Risk Management policies using Exact Data Match Sensitive Information Types, enabling more assertive control in specifying policies to identify risk indicators. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
When this will happen
Rollout will begin in mid-June and is expected to be complete by late June.
How this will affect your organization
EDM-based classification enables organizations to create custom sensitive information types (SITs) that refer to exact values in a database of sensitive information. With this update, organizations will be able to include EDM SITs when searching for sensitive data using the Microsoft Purview eDiscovery search tools.
Additionally, organizations will be able to configure new or existing Insider Risk Management policies using EDM SITs, enabling more assertive control in specifying policies to identify risk indicators. The precise nature of EDM reduces risk of false positives, thus signals detected using EDM-based classification may be considered stronger indicators of risk. For example, a user gathering what appears to be customer personally identifiable information (PII) in a local drive may be considered a stronger signal of risky activity if the data is detected through EDM since it is far more likely to be customer PII than non-relevant PII or false positives.
What you need to do to prepare
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, security and policy violations, and more. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
You can access the eDiscovery and Insider Risk Management solutions here:
- Microsoft Purview compliance portal for WW and GCC cloud environments
- Microsoft Purview compliance portal for GCC-High cloud environments
- Microsoft Purview compliance portal for DoD cloud environments
Learn more
- Learn about exact data match based sensitive information types
- Microsoft Purview eDiscovery solutions
- Learn about insider risk management
Message ID: MC394842
Published: 23 June 2022
Updated: 23 June 2022