Become an Insider Risk Management Ninja
**Insider Risk Management is a solution in Microsoft Purview. Some assets and past recordings may refer to it as Insider Risk Management in Microsoft 365 or in Microsoft Compliance; these all refer to the same solution. **
In this Ninja page, we share the top resources for Insider Risk Management users to become more proficient with the Microsoft Purview Insider Risk Management solution.
We are very excited and pleased to announce this edition of the Ninja Training Series. There are several videos and resources available, and the overall purpose of the Insider Risk Management Ninja training is to provide the relevant resources to get started and become more proficient in this area.
After each section, there will be a knowledge check based on the training material you’ve just finished! Since there’s a lot of content, the goal of these knowledge checks is to help you determine if you were able to get a few of the major key takeaways.
Lastly, this training will be updated on a quarterly basis to ensure you all have the latest and greatest material! We are continuously delivering product updates and thus you should check both the public roadmap and message center posts to stay up to date.
Let us know what you think below in the comments!
Latest Insider Risk blog is at: https://aka.ms/insiderriskblog
Legend:
Product videos | Webcast recordings | Tech Community |
Docs on Microsoft | Blogs on Microsoft | GitHub |
New items | Interactive guides | Learning path |
⤴ External Sites |
Why do I need Insider Risk Management?
We are operating in the most sophisticated threat landscape ever seen and coupled with the latest great disruption—hybrid work—security is more challenging than ever. Protecting your organization from external threats is only one piece of the puzzle. You also must protect your organization from the inside out, another facet of “assume breach” in your Zero Trust approach. Insider risks can be malicious or inadvertent, but they all impact one of your organization’s most important assets: your data. Based on recent surveys we know that more than 60% of insider threat incidents were the result of employee carelessness. In the 2022 Cost of Insider Threats: Global Report, the Ponemon Institute found that the average cost of activities to resolve an insider incident was $15.4M USD and it took an average of 85 days to contain an incident. A 2021 Verizon data breach investigation report showed that >20% of security breaches are due to internal actors.
- How Microsoft can help reduce risk during the Great Reshuffle
- Holistic approach to risk detection and prevention
- Insider Risk Management Overview
- Why is Insider Risk important
- Uncover Hidden Risk
- Protecting your sensitive assets in a Hybrid environment
Ready for the Why do I need Insider Risk Management Knowledge Check?
Overview
Insider risk management helps minimize internal risks by enabling you to detect, investigate, and act on malicious and inadvertent activities in your organization. Insider risk policies allow you to define the types of risks to identify and detect in your organization. Risk analysts in your organization can quickly take appropriate actions to make sure users are compliant with your organization's compliance standards.
- Insider Risk Management Walkthrough
- Insider risk management in Microsoft 365 - Microsoft 365 Compliance
- Insider Risk Management Microsoft Mechanics
- What’s new in Insider Risk Management and Communication Compliance
- Insider Risk Management Learning Path
- Manage risk and compliance with end-to-end security solutions
- How Microsoft 365 secures and supports your organization from the inside out
- An inside view on detecting and mitigating insider risks
- Manage risk and compliance with end-to-end security solutions
- ⤴Building an effective insider risk program
Ready for the Overview Knowledge Check?
Getting Started
Use insider risk management policies to identify risky activities and its management tools to act on risk alerts in your organization. There are steps to help you get started with everything from Permissions, Analytics, policy creation, and managing your policies. We know that protecting the privacy of users that have policy matches is important and can help promote objectivity in data investigation and analysis reviews for insider risk alerts which is why we offer pseudonymization which is on by default.
- Solution Guide
- Licensing
- Permissions
- Understand your risk
- Setup Policies
- Investigate
Ready for the Getting Started Knowledge Check?
Connectors
While Insider Risk Management can get several first-party signals without having to configure or set up. We can also get additional insights from Endpoints, Microsoft Defender for Cloud Apps, Microsoft Defender for endpoints from your HR system, physical badging platform, and Electronic Health Records system to improve the signal quality and the number of signals we are able to pull in.
- Insider Risk Indicators
- Onboard your endpoints (Windows)
- Onboard your endpoints (macOS)
- Setting up an HR Data connector
- Data Connector for physical badging connector
- HR data connector import
- Data connector for Healthcare EHR
- Data connector for Epic EHR
- Microsoft Defender for Endpoint
- Microsoft Defender for Cloud Apps
- Browser Signal Detection
Ready for the Connectors Knowledge Check?
Integrating with other tools
Insider Risk Management can ingrate with other tools such as PowerAutomate that can be used when remediating an alert or creating policies, Microsoft teams when working on a case and SIEM integration using the O365 Management APIs and Sentinel connector.
Ready for the Integrating with other tools Knowledge Check?
Fine-tuning your policies for Insider Risk Management
When you get started with Insider Risk Management you can use analytics to understand what policies you might want to create. As you build your policies you might notice that some are too noisy or you are missing activities you want to see. There are several options that can help you fine-tune the policies so you are being alerted on the most actionable alerts for your organization's risk.
- Set your indicator level settings
- Configure intelligent detections
- Prioritize content in polices
- Review policy health for recommendation
Ready for the Fine-tuning your policies Knowledge Check?
Additional Resources
- M365 Roadmap: Roadmap of upcoming features and changes.
- Message Center: Notifications and details of updated changes to M365
- What is new in Microsoft Purview
- Tech Community – Security and Compliance: Blogs, community forums, and more
- Insider Risk Management Feedback portal
Posted at https://sl.advdat.com/3jPWk3dhttps://sl.advdat.com/3jPWk3d