Microsoft Purview compliance portal: Insider Risk Management - Entra compromised user signals in IRM

With this feature, IRM analysts can identify if the user being investigated has any compromised user alerts in Microsoft Entra. This will help them formulate the right response action, like escalating the Incident to SOC teams for quick remediation, etc. Microsoft Entra offers two types of compromised user detections. 1. Sign in risk detections: compromise risk associated with a specific sign-in. 2. User risk detections: compromise risk associated with a specific user. Insider risk management admins can opt into each of the above risk detections from Insider risk management global settings. Risk detections will be available in the indicator timeline within the alert investigation experience. Risk detections will not impact the risk score or severity of Insider risk management alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

May CY2025
Preview date: December CY2024