Adaptive Protection overview

Completed

Adaptive Protection in Microsoft Purview uses machine learning to identify and mitigate critical risks by dynamically applying the most effective data loss prevention (DLP) controls. It extends risk-based policy enforcement beyond insider risk management to include DLP policies, Microsoft Purview Data Lifecycle Management, and Microsoft Entra Conditional Access, helping security teams automate responses to potential threats.

Adaptive Protection helps mitigate risks by using:

• Context-aware detection: Identifies high-risk activities with machine learning analysis of user behavior, content interactions, and risk indicators.
• Dynamic policy enforcement: Applies security controls in real time based on a user's risk level.
• Automated mitigation: Adjusts security restrictions automatically, applying stricter policies to high-risk users while allowing low-risk users to work without disruption.

How Adaptive Protection applies policies

Adaptive Protection dynamically assigns policies based on user risk levels. When a user is classified as high-risk, Adaptive Protection automatically applies stricter controls, such as blocking data sharing or enforcing additional authentication. If the risk level decreases, policies adjust dynamically to reduce restrictions.

Adaptive Protection integrates with:

• Data lifecycle management to preserve deleted items for high-risk users.
• Conditional Access policies to restrict access to cloud resources.
• DLP policies to enforce real-time data protection based on risk signals.