Microsoft Purview compliance portal: Insider Risk Management - Sequence-as-a-policy trigger (U.S. Government clouds)
Admins can customize data leak policies to be detected when a user performs a sequence. For example, if admins select a sequence (such as download from Microsoft 365 location, obfuscate, exfiltrate, then delete), users who perform the sequence of activities will trigger the policy and the alert will show up in Insider Risk Management. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Expected Release Date:
June CY2023