Describe insider risk capabilities in Microsoft Purview Flashcards
Microsoft Purview Insider Risk Management
- Insider Risk Management is a solution in Microsoft Purview that helps organizations detect, investigate, and act on risky and malicious activities by employees.
- It is available in the Microsoft Purview compliance portal.
- The solution focuses on minimizing internal risks by addressing behaviours such as data leaks, confidentiality violations, intellectual property theft, fraud, insider trading, and regulatory compliance violations.
- Risks can be categorized as internal events and employee activities that can be eliminated and avoided.
- The principles of insider risk management include transparency, configurable policies, integration with Microsoft Purview solutions, and providing actionable insights.
- The solution balances user privacy with organizational risk through privacy-by-design architecture.
- Policies can be configured based on industry, geographical, and business groups.
- Insider risk management provides an integrated workflow across Microsoft Purview solutions.
- It enables user notifications, data investigations, and user investigations to take appropriate actions against identified risks.
Insider Risk Management workflow
- Insider risk management helps organizations identify, investigate, and address internal risks.
- The workflow consists of several steps: Policies, Alerts, Triage, Investigate, and Action.
- Policies are created using predefined templates and policy conditions that define risk indicators and monitoring parameters.
- Alerts are automatically generated when risk indicators match policy conditions and are displayed in the Alerts dashboard.
- Triage involves reviewing and evaluating alerts, assigning them to cases, and dismissing or opening new cases.
- Cases are created for alerts that require deeper review and investigation.
- The Case dashboard provides an overview of active cases, open cases over time, and case statistics.
- Investigation involves synthesizing risk activities, policy conditions, alert details, and user details for a comprehensive view.
- Actions can be taken to resolve cases, collaborate with stakeholders, and send notifications.
- Insider risk management can address scenarios such as data theft, confidential information leaks, offensive behaviour, and more.
- It can be integrated with eDiscovery (Premium) in Microsoft Purview for escalated investigations and data transfer.
Communication Compliance workflow
- Communication compliance in Microsoft Purview helps minimize communication risks by detecting and capturing inappropriate messages.
- The workflow consists of four steps: Configure, Investigate, Remediate, and Monitor.
- In the Configure step, admins identify compliance requirements and configure communication compliance policies.
- The Investigate step involves deeper examination of issues detected through policy matches using alerts, issue management, document reviews, user history, and filters.
- Remediation actions can be taken to address compliance issues, such as resolving alerts, tagging messages, notifying users, escalating to other reviewers, marking false positives, removing messages in Teams, or escalating for further investigation.
- The Monitor step involves ongoing tracking and management of compliance issues using communication compliance dashboard widgets, export logs, and unified audit logs.
- Communication compliance enables the investigation of emails and messages across Microsoft Teams, Exchange Online, Yammer, and third-party communications.
- It helps ensure compliance with corporate policies, risk management for confidential projects, and regulatory compliance requirements.
- Communication compliance policies can assist in reviewing messages for offensive language, harassment, unauthorized communication about confidential projects, and adherence to regulatory standards.
- It allows organizations to scan and report on communications related to insider trading, money laundering, bribery, and other regulatory concerns.
Information Barriers
- Information barriers in Microsoft Purview help organizations restrict communications between specific groups of users.
- Supported platforms for information barriers include Microsoft Teams, SharePoint Online, and OneDrive for Business.
- Information barrier policies can be configured by admins to prevent individuals or groups from communicating with each other.
- People subject to information barrier policies cannot find, select, chat, or call restricted users.
- Information barriers enforce two-way restrictions, meaning both parties are restricted from communication. One-way restrictions are not supported.
- Examples of information barrier use cases include restricting student communication between different schools, maintaining confidentiality between lawyers representing different clients within the same firm, and limiting communication between a specific group of employees and external clients during customer engagements.
- Information barriers help prevent conflicts of interest, safeguard internal information, and maintain confidentiality in various professional settings.
Information Barriers in Microsoft Teams
- Information barrier policies in Microsoft Teams prevent unauthorized communications by controlling various activities.
- Unauthorized activities that can be restricted include searching for a user, adding a member to a team, starting a chat session, initiating a group chat, inviting someone to a meeting, sharing a screen, placing a call, sharing a file, and accessing a file through a sharing link.
- If individuals are included in an information barrier policy that prohibits a specific activity, they will be unable to proceed with that activity.
- Information barriers can potentially block communication between all individuals included in the policy, limiting their interactions within Microsoft Teams.
- When people affected by information barrier policies are part of the same team or group chat, they may be removed from those chat sessions, and further communication with the group might be restricted or prohibited.
The compliance admin for the organization wants to explain the importance of insider risk management, to the business leaders. What use case would apply?
A. To identify and protect against risks like an employee sharing confidential information.
B. To identify and protect against malicious software across your network, such as ransomware.
C. To identify and protect against devices shutting down at critical moments.
A. To identify and protect against risks like an employee sharing confidential information.
Use risk management to help protect your organization against these risks.
To comply with corporate policies, the compliance admin needs to be able to identify and scan for offensive language across the organization. What solution can the admin implement to address this need?
A. Use Policy Compliance in Microsoft Purview.
B. Use Microsoft Purview Communication Compliance.
C. Use Microsoft Purview Information Barriers.
B. Use Microsoft Purview Communication Compliance.
Microsoft Purview Communication Compliance helps minimize communication risks by enabling you to detect, capture, and take remediation actions for inappropriate messages in the organization.
Your organization has many departments that collaborate through Microsoft Teams. To comply with business policies, the IT organization needs to make sure that users from one particular department are limited in their access and interactions with other departments. What solution can address this need?
A. Use Microsoft Purview Communication Compliance.
B. Use activity explorer.
C. Use Microsoft Purview Information Barriers.
C. Use Microsoft Purview Information Barriers.
With Microsoft Purview Information Barriers, you’re able to restrict communications among specific groups of users when necessary.
