Summary
Managing and minimizing risk in an organization starts with understanding the types of risks found in the modern workplace. External events and factors outside an organization's direct control drive some events. Internal events and employee activities that organizations can eliminate and avoid drive other risks. Some examples are risks from illegal, inappropriate, unauthorized, or unethical behavior and actions by employees and managers.
This module began by exploring the Insider risk management solution in the Microsoft Purview compliance portal. Microsoft Purview Insider Risk Management is a compliance solution that helps organizations minimize internal risks by enabling them to detect, investigate, and act on malicious and inadvertent activities. You learned how the Insider risk management workflow helps organizations identify, investigate, and take action to address internal risks. Organizations can use actionable insights to quickly identify and act on risky behavior due to:
- Focused policy templates
- Comprehensive activity signaling across the Microsoft 365 service
- Alert and case management tools
You then examined how organizations should plan to implement this solution by:
- Working with stakeholders in your organization.
- Determining regional compliance requirements.
- Planning for review and investigation workflow.
- Understanding requirements and dependencies.
- Testing with a small group of users in a production environment.
The module then examined how to configure Insider risk management. It targeted three key areas: Insider risk management policies, alerts, and cases.
You learned how policies determine the users that are in scope and the types of risk indicators that you can configure for alerts. The module then introduced you to the key policy templates provided in Microsoft Purview Insider Risk Management. For each policy template, you learned about the triggering events for policies created from each template and the prerequisites for using each template. You then learned how to create a policy.
The module then examined Insider risk management alerts. Risk indicators defined in Insider risk management policies automatically generate these alerts. They give risk analysts and investigators an all-up view of the current risk status and enable an organization to triage and take actions for discovered risks.
Finally, you examined Insider risk management cases. They enable organizations to deeply investigate and act on issues generated by risk indicators defined in their policies. You learned that organizations manually create cases from alerts in situations where they need further action to address a compliance-related issue for a user.