Microsoft Purview insider risk solutions
Insider risks are one of the top concerns of security and compliance professionals in the modern workplace. Industry studies have shown that insider risks are often associated with risky activities. Protecting your organization against these risks can be challenging to identify and difficult to mitigate. Insider risks include vulnerabilities in various areas and can cause major problems for your organization, ranging from the loss of intellectual property to confidential data, and more. The following figure outlines common insider risks:
Microsoft 365 risk prevention features are designed and built-in to our insider risk products and solutions. These solutions work together and use advanced service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity. Most solutions offer a comprehensive detection, alert, and remediation workflow for your data analysts and investigators to use to quickly act on and minimize these risks.
|Risk icon||Risks||Communication compliance||Insider risk management||Information barriers||Privileged access management|
|Conflicts of interest|
|Sensitive data leaks|
|Regulatory compliance violations|
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
Insider risk solutions
To help protect your organization against insider risks, use these Microsoft Purview capabilities and features.
Microsoft Purview Communication Compliance helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization.
Before you get started with communication compliance, you should confirm your Microsoft 365 subscription and any add-ons. To access and use communication compliance, your organization must have supporting subscriptions or add-ons.
For more information, see the subscription requirements for communication compliance.
Insider risk management
Microsoft Purview Insider Risk Management helps minimize internal risks by enabling you to detect, investigate, and act on potentially malicious and inadvertent activities in your organization.
Before you get started with insider risk management, you should confirm your Microsoft 365 subscription and any add-ons. To access and use insider risk management, your organization must have supporting subscriptions or add-ons.
For more information, see the subscription requirements for insider risk management.
Microsoft Purview Information Barriers allow you to restrict communication and collaboration between two internal groups to avoid a conflict of interest from occurring in your organization.
Before you get started with IB, you should confirm your Microsoft 365 subscription and any add-ons. To access and use IB, your organization must have supporting subscriptions or add-ons.
For more information, see the subscription requirements for information barriers.
Privileged access management
Microsoft Purview Privileged Access Management allows granular access control over privileged Exchange Online admin tasks in Office 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings.
Before you get started with privileged access management, you should confirm your Microsoft 365 subscription and any add-ons. To access and use privileged access management, your organization must have supporting subscriptions or add-ons.
For more information, see the subscription requirements for privileged access management.
Deploy Microsoft Purview insider risk solutions
To help protect your organization against insider risks, set up and deploy the following Microsoft Purview solutions:
- Configure and create communication compliance policies.
- Configure and create insider risk management policies.
- Optional: Configure and create information barrier policies.
- Optional: Enable and configure privileged access management.
Illustrations with examples
To help you plan an integrated strategy for implementing Microsoft Purview insider risk capabilities, download the Microsoft 365 information protection and compliance capabilities set of illustrations. For insider risk capabilities, see the architecture illustration pages 5-7. Feel free to adapt these illustrations for your own use.
Download as a PDF | Download as a Visio
Updated October 2020
Training your administrators and compliance team in the basics for each insider risk solution can help your organization get started more quickly with your deployment and implementation efforts.
Microsoft provides the following resources to help inform and train these users in your organization:
|Manage insider risk in Microsoft 365||Complete learning path
This learning path includes all the individual solution modules for communication compliance, insider risk management, information barriers, and privileged access management. Select this learning path to complete all the modules.
|Communication compliance||Learning module: Prepare communication compliance
This module helps you learn the basics on how to identify and remediate code-of-conduct policy violations with communication compliance, cover the prerequisites needed before creating communication compliance policies, and learn about the types of built-in, pre-defined policy templates in communication compliance.
|Insider risk management||Learning module: Insider risk management
This module helps you learn how insider risk management can help prevent, detect, and contain internal risks in an organization, learn about the types of built-in, pre-defined policy templates, understand the basic prerequisites needed before creating insider risk policies, and explains the types of actions you can take on insider risk management cases.
|Information barriers||Learning module: Plan for information barriers
This module helps you learn how information barrier policies can help your organization maintain compliance with relevant industry standards and regulations, lists the types of situations when information barriers would be applicable, helps explain the process of creating an information barrier policy, and helps explain how to troubleshoot unexpected issues after information barriers are in place.
|Privileged access management||Learning module: Implement privileged access management
This module helps you understand the difference between privileged access management and privileged identity management, understand the privileged access management process flow, and understand the basics of how to configure and enable privileged access management.