Microsoft Purview compliance portal: Insider Risk Management- Alert Spotlighting

On the alert list page, high priority alerts will be spotlighted to help analysts prioritize the most important alerts first. Alerts are spotlighted based on predefined rules which are common across all tenants across all industries. Alert Spotlighting feature was developed to assist admins in prioritizing alerts to be triaged. Every generated alert has a risk score, a list of activities performed, tags, and triggers. The Alert Spotlighting feature uses this information to decide whether an alert can be spotlighted. Based on a detailed study of alert triage patterns across tenants, we have developed a rule-based algorithm to spotlight alerts that would be of importance to admins, based on historical volume analysis. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

December CY2024
Preview date: October CY2024