Microsoft Purview insider risk solutions

Insider risks are one of the top concerns of security and compliance professionals in the modern workplace. Industry studies have shown that insider risks are often associated with risky activities. Protecting your organization against these risks can be challenging to identify and difficult to mitigate. Insider risks include vulnerabilities in various areas and can cause major problems for your organization, ranging from the loss of intellectual property to confidential data, and more. The following figure outlines common insider risks:

Insider risk threats.

Microsoft 365 risk prevention features are designed and built-in to our insider risk products and solutions. These solutions work together and use advanced service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity. Most solutions offer a comprehensive detection, alert, and remediation workflow for your data analysts and investigators to use to quickly act on and minimize these risks.

Risk icon Risks Communication compliance Insider risk management Information barriers Privileged access management
Data spillage icon. Data spillage Supported Supported
Confidentiality violations icon. Confidentiality violations Supported Supported Supported
IP theft icon. IP theft Supported Supported Supported
Workplace violence icon. Workplace violence Supported
Fraud/thief icon. Fraud Supported Supported
Policy violations icon. Policy violations Supported Supported Supported Supported
Insider trading/handshake icon. Insider trading Supported
Conflicts of interest icon. Conflicts of interest Supported Supported
Sensitive data leaks/devices icon. Sensitive data leaks Supported Supported
Workplace harassment/people icon. Workplace harassment Supported
Security violations icon. Security violations Supported Supported
Regulatory compliance violations icon. Regulatory compliance violations Supported Supported Supported

Tip

If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.

Insider risk solutions

To help protect your organization against insider risks, use these Microsoft Purview capabilities and features.

Communication compliance

Microsoft Purview Communication Compliance helps minimize communication risks by helping you detect, capture, and act on potentially inappropriate messages in your organization.

Before you get started with communication compliance, you should confirm your Microsoft 365 subscription and any add-ons. To access and use communication compliance, your organization must have supporting subscriptions or add-ons.

For more information, see the subscription requirements for communication compliance.

Insider risk management

Microsoft Purview Insider Risk Management helps minimize internal risks by enabling you to detect, investigate, and act on potentially malicious and inadvertent activities in your organization.

Before you get started with insider risk management, you should confirm your Microsoft 365 subscription and any add-ons. To access and use insider risk management, your organization must have supporting subscriptions or add-ons.

For more information, see the subscription requirements for insider risk management.

Information barriers

Microsoft Purview Information Barriers allow you to restrict communication and collaboration between two internal groups to avoid a conflict of interest from occurring in your organization.

Before you get started with IB, you should confirm your Microsoft 365 subscription and any add-ons. To access and use IB, your organization must have supporting subscriptions or add-ons.

For more information, see the subscription requirements for information barriers.

Privileged access management

Microsoft Purview Privileged Access Management allows granular access control over privileged Exchange Online admin tasks in Office 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings.

Before you get started with privileged access management, you should confirm your Microsoft 365 subscription and any add-ons. To access and use privileged access management, your organization must have supporting subscriptions or add-ons.

For more information, see the subscription requirements for privileged access management.

Deploy Microsoft Purview insider risk solutions

To help protect your organization against insider risks, set up and deploy the following Microsoft Purview solutions:

Insider risk solution defense-in-depth.

  1. Configure and create communication compliance policies.
  2. Configure and create insider risk management policies.
  3. Optional: Configure and create information barrier policies.
  4. Optional: Enable and configure privileged access management.

Illustrations with examples

To help you plan an integrated strategy for implementing Microsoft Purview insider risk capabilities, download the Microsoft 365 information protection and compliance capabilities set of illustrations. For insider risk capabilities, see the architecture illustration pages 5-7. Feel free to adapt these illustrations for your own use.

Item Description
Model poster: Microsoft 365 information protection and compliance capabilities.
Download as a PDF | Download as a Visio
Updated October 2020
Includes:
  • Information protection and data loss prevention
  • Retention policies and retention labels
  • Information barriers
  • Communication compliance
  • Insider risk management
  • Third-party data ingestion

Training

Training your administrators and compliance team in the basics for each insider risk solution can help your organization get started more quickly with your deployment and implementation efforts.

Microsoft provides the following resources to help inform and train these users in your organization:

Solution/Area Resources
Manage insider risk in Microsoft 365 Complete learning path
This learning path includes all the individual solution modules for communication compliance, insider risk management, information barriers, and privileged access management. Select this learning path to complete all the modules.
Communication compliance Learning module: Prepare communication compliance
This module helps you learn the basics on how to identify and remediate code-of-conduct policy violations with communication compliance, cover the prerequisites needed before creating communication compliance policies, and learn about the types of built-in, pre-defined policy templates in communication compliance.
Insider risk management Learning module: Insider risk management
This module helps you learn how insider risk management can help prevent, detect, and contain internal risks in an organization, learn about the types of built-in, pre-defined policy templates, understand the basic prerequisites needed before creating insider risk policies, and explains the types of actions you can take on insider risk management cases.
Information barriers Learning module: Plan for information barriers
This module helps you learn how information barrier policies can help your organization maintain compliance with relevant industry standards and regulations, lists the types of situations when information barriers would be applicable, helps explain the process of creating an information barrier policy, and helps explain how to troubleshoot unexpected issues after information barriers are in place.
Privileged access management Learning module: Implement privileged access management
This module helps you understand the difference between privileged access management and privileged identity management, understand the privileged access management process flow, and understand the basics of how to configure and enable privileged access management.