question

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT asked Grmacjon-MSFT answered

I see Azure Information Protection is listed as a security provider for Microsoft Graph Security—how does this work and what alerts will I receive?

I see Azure Information Protection is listed as a security provider for Microsoft Graph Security—how does this work and what alerts will I receive?

Sourced from FAQ


azure-information-protection
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Grmacjon-MSFT avatar image
1 Vote"
Grmacjon-MSFT answered

Hello,

Yes, as a public preview offering, you can now receive an alert for Azure Information Protection anomalous data access. This alert is triggered when there are unusual attempts to access data that is protected by Azure Information Protection. For example, accessing an unusually high volume of data, at an unusual time of day, or access from an unknown location.

Such alerts can help you to detect advanced data-related attacks and insider threats in your environment. These alerts use machine learning to profile the behavior of users who access your protected data.

The Azure Information Protection alerts can be accessed by using the Microsoft Graph Security API, or you can stream alerts to SIEM solutions, such as Splunk and IBM Qradar, by using Azure Monitor.

For more information about the Microsoft Graph Security API, see Microsoft Graph Security API overview.

Sourced from FAQ


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.