Enable Microsoft Teams for collaborating on insider risk management cases

Important

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Compliance analysts and investigators can use Microsoft Teams to collaborate on Microsoft Purview Insider Risk Management cases. They can communicate with other stakeholders on Teams to:

  • Coordinate and review response activities for cases in private Teams channels
  • Securely share and store files and evidence related to individual cases
  • Detect and review response activities by analysts and investigators

Tip

If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.

After Teams is enabled for insider risk management, a dedicated team is created every time an alert is confirmed and a case is created. By default, the team automatically includes all members of the Insider Risk Management, Insider Risk Management Analysts, and Insider Risk Management Investigators role groups (up to 100 initial users). Additional organization contributors can be added to the team after it's created and as appropriate.

For existing cases created before enabling Teams, analysts and investigators can choose to create a new team when working on a case, if needed. Once you resolve the associated case in insider risk management, the team is automatically archived (moved to hidden and read-only).

Learn more: Overview of teams and channels in Microsoft Teams.

Enable Teams support

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
  2. Select Settings in the upper-right corner of the page.
  3. Select Insider Risk Management to go to the insider risk management settings.
  4. Select Microsoft Teams (preview).
  5. Turn the setting on.
  6. Select Save.

Create a team for existing cases

If you enable Teams support for insider risk management after you have existing cases, you'll need to manually create a team for each case, as needed. Users need permission to create Microsoft 365 Groups in your organization to create a team from a case. For more information about managing permissions for Microsoft 365 Groups, see Manage who can create Microsoft 365 Groups.

Note

After enabling Teams support in insider risk management settings, when a new case is created, a new team will automatically be created.

Select the appropriate tab for the portal you're using. To learn more about the Microsoft Purview portal, see Microsoft Purview portal. To learn more about the Compliance portal, see Microsoft Purview compliance portal.

  1. Sign in to the Microsoft Purview portal using credentials for an admin account in your Microsoft 365 organization.
  2. Go to the Insider Risk Management solution.
  3. Select Cases in the left navigation, and then select an existing case.
  4. On the case action menu, select Create Microsoft Team.
  5. In the Team name field, enter a name for the new Microsoft Teams team.
  6. Select Create Microsoft team, and then select Close.

Depending on the number of users assigned to insider risk management role groups, it may take 15 minutes for all investigators and analysts to be added to the team.