Introduction
Managing and minimizing risk in an organization starts with understanding the types of risks found in the modern workplace. External events and factors outside an organization's direct control drive some events. Internal events and employee activities that organizations can eliminate and avoid drive other risks. Some examples are risks from illegal, inappropriate, unauthorized, or unethical behavior and actions by employees and managers.
This module begins by exploring the Insider risk management solution in the Microsoft Purview compliance portal. Microsoft Purview Insider Risk Management is a compliance solution that helps organizations minimize internal risks by enabling them to detect, investigate, and act on malicious and inadvertent activities. You learn how the Insider risk management workflow helps organizations identify, investigate, and take action to address internal risks. Organizations can use actionable insights to quickly identify and act on risky behavior due to:
- Focused policy templates
- Comprehensive activity signaling across the Microsoft 365 service
- Alert and case management tools
Once you have a better understanding of the Insider risk management components, you then examine how organizations should plan to implement this solution by:
- Working with stakeholders in your organization.
- Determining regional compliance requirements.
- Planning for review and investigation workflow.
- Understanding requirements and dependencies.
- Testing with a small group of users in a production environment.
The module then examines how to configure Insider risk management. It targets three key areas: Insider risk management policies, alerts, and cases.
You learn how policies determine the users that are in scope and the types of risk indicators that you can configure for alerts. The module then introduces you to the key policy templates provided in Microsoft Purview Insider Risk Management. For each policy template, you learn about the triggering events for policies created from each template and the prerequisites for using each template. You then learn how to create a policy.
The module then examines Insider risk management alerts. Risk indicators defined in Insider risk management policies automatically generate these alerts. They give risk analysts and investigators an all-up view of the current risk status and enable an organization to triage and take actions for discovered risks.
Finally, you examine Insider risk management cases. They enable organizations to deeply investigate and act on issues generated by risk indicators defined in their policies. Organizations manually create cases from alerts in situations where they need further action to address a compliance-related issue for a user.