Create insider risk management notice templates

Dôležité

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Insider risk management notice templates allow you to automatically send email messages to users when a case is created for risk activities that have generated a policy match and confirmed alert. For most alerts that generate cases, user actions are the result of mistakes or inadvertent actions without ill intent. Notices serve as simple reminders to users to be more careful, to provide links to information for refresher training, or to corporate policy resources. Notices can be an important part of your internal compliance training program and can help create a documented audit trail for users with recurring risk activities.

Create notice templates if you want to send users an email reminder notice for policy matches as part of the case resolution process. Notices can only be sent to the user email address associated with the specific case being reviewed. When selecting a notice template to apply to a policy match, you can choose to accept the field values defined in the template or overwrite the fields as needed.

Prepitné

Get started with Microsoft Security Copilot to explore new ways to work smarter and faster using the power of AI. Learn more about Microsoft Security Copilot in Microsoft Purview.

Notice templates dashboard

The Notices templates dashboard displays a list of configured notice templates and allows you to create new notice templates. The notice templates are listed in reverse date order with the most recent notice template listed first.

HTML for notices

If you'd like to create more than a simple text-based email message for notifications, you can create a more detailed message by using HTML in the message body field of a notice template. The following example provides the message body format for a basic HTML-based email notification template:

HTML

<!DOCTYPE html>
<html>
<body>
<h2>Action Required: Contoso User Code of Conduct Policy Training</h2>
<p>A recent activity you've performed has generated a risk alert prohibited by the Contoso User <a href='https://www.contoso.com'>Code of Conduct Policy</a>.</p>
<p>You are required to attend the Contoso User Code of Conduct <a href='https://www.contoso.com'>training</a> within the next 14 days. Please contact <a href='mailto:hr@contoso.com'>Human Resources</a> with any questions about this training request.</p>
<p>Thank you,</p>
<p><em>Human Resources</em></p>
</body>
</html>

Poznámka

HTML href attribute implementation in the insider risk management notice templates currently support only single quotation marks instead of double quotation marks for URL references.

Create a new notice template

To create a new insider risk management notice template, you'll use the notice creation tool in Insider risk management solution in the Microsoft Purview compliance portal.

Select the appropriate tab for the portal you're using. Depending on your Microsoft 365 plan, the Microsoft Purview compliance portal is retired or will be retired soon.

To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

Microsoft Purview portal

1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
2. Go to the Insider Risk Management solution.
3. Select Notification templates in the left navigation.
4. Select Create notification template to open the notice creation tool.
5. On the New email notification template page, complete the following fields:
   • Template name: Enter a friendly name for the notice. This name appears on the list of notices on the notice dashboard and in the notice selection list when sending notices from a case.
   • Send from: Enter the sender email address for the notice. This address will appear in the From: field in all notices sent to users unless changed when sending a notice from a case.
   • Subject: Information that appears in the subject line of the message. You can enter text values.
   • Message body: Information that appears in the message body. You can enter text or HTML values.
6. Select Create to create and save the notice template.

Compliance portal

1. Sign in to the Compliance portal using credentials for an admin account in your Microsoft 365 organization.
2. Go to the Insider Risk Management solution.
3. Select the Notice templates tab.
4. Select Create notice template to open the notice creation tool.
5. On the Create a new notice template page, complete the following fields:
   • Template name: Enter a friendly name for the notice. This name appears on the list of notices on the notice dashboard and in the notice selection list when sending notices from a case.
   • Send from: Enter the sender email address for the notice. This address will appear in the From: field in all notices sent to users unless changed when sending a notice from a case.
   • Cc and Bcc fields: Optional users or groups to be notified of the policy match, selected from Microsoft Entra.
   • Subject: Information that appears in the subject line of the message. You can enter text characters.
   • Message body: Information that appears in the message body. You can enter text characters or HTML values.
6. Select Create to create and save the notice template.

Update a notice template

Select the appropriate tab for the portal you're using. Depending on your Microsoft 365 plan, the Microsoft Purview compliance portal is retired or will be retired soon.

To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

Microsoft Purview portal

1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
2. Go to the Insider Risk Management solution.
3. Select Notification templates in the left navigation.
4. In the Email notification templates list, select the notification template that you want to manage.
5. On the notice details page, select Edit.
6. On the Edit page, you can edit the following fields:
   • Template name: Enter a new friendly name for the notice. This name appears on the list of notices on the notice dashboard and in the notice selection list when sending notices from a case.
   • Send from: Update the sender email address for the notice. This address will appear in the From: field in all notices sent to users unless changed when sending a notice from a case.
   • Subject: Update information that appears in the subject line of the message. You can enter text characters.
   • Message body: Update information that appears in the message body. You can enter text characters or HTML values.
7. Select Save to update and save the notice.

Compliance portal

1. Sign in to the Compliance portal using credentials for an admin account in your Microsoft 365 organization.
2. Go to the Insider Risk Management solution.
3. Select the Notice templates tab.
4. On the notice dashboard, select the notice template you want to manage.
5. On the notice details page, select Edit.
6. On the Edit page, you can edit the following fields:
   • Template name: Enter a new friendly name for the notice. This name appears on the list of notices on the notice dashboard and in the notice selection list when sending notices from a case.
   • Send from: Update the sender email address for the notice. This address will appear in the From: field in all notices sent to users unless changed when sending a notice from a case.
   • Cc and Bcc fields: Update optional users or groups to be notified of the policy match, selected from Microsoft Entra.
   • Subject: Update information that appears in the subject line of the message. You can enter text characters.
   • Message body: Update information that appears in the message body. You can enter text characters or HTML values.
7. Select Save to update and save the notice.

Delete a notice template

Select the appropriate tab for the portal you're using. Depending on your Microsoft 365 plan, the Microsoft Purview compliance portal is retired or will be retired soon.

To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

Microsoft Purview portal

1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
2. Go to the Insider Risk Management solution.
3. Select Notification templates in the left navigation.
4. In the Email notification templates list, select the notification template that you want to delete.
5. Select the Delete icon on the toolbar.
6. Select Yes.

Compliance portal

1. Sign in to the Compliance portal using credentials for an admin account in your Microsoft 365 organization.
2. Go to the Insider Risk Management solution.
3. Select the Notice templates tab.
4. On the notice dashboard, select the notice template that you want to delete.
5. Select the Delete icon on the toolbar.
6. Select Yes.