Changelog of 420938
Microsoft Purview compliance portal: Insider Risk Management - Entra compromised user signals in IRM
With this feature, IRM analysts can identify if the user being investigated has any compromise user alerts in Microsoft Entra. This will help them formulate the right response action, like escalating the Incident to SOC teams for quick remediation, etc. Microsoft Entra offers two types of compromised user detections: 1. Sign in risk detections - Compromise risk associated with a specific sign-in. 2. User risk detections - Compromise risk associated with a specific user. - Insider risk management admins can opt into each of the above risk detections from Insider risk management global settings. - Risk detections will be available in the indicator timeline within the alert investigation experience. - Risk detections will not impact the risk score or severity of Insider risk management alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.More info: https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risksFeature ID: 420938
Added to roadmap: Tue Oct 08 2024
Last modified: Wed Dec 11 2024
Product(s): Microsoft Purview compliance portal
Cloud instance(s): Worldwide (Standard Multi-Tenant)DoDGCCGCC High
Platform(s): Web
Release phase(s): General AvailabilityPreview
Status: In development
Preview Available: December CY2024
Rollout Start: February CY2025
0003
Microsoft Purview compliance portal: Insider Risk Management - Entra compromised user signals in IRM
With this feature, IRM analysts can identify if the user being investigated has any compromise user alerts in Microsoft Entra. This will help them formulate the right response action, like escalating the Incident to SOC teams for quick remediation, etc. Microsoft Entra offers two types of compromised user detections: 1. Sign in risk detections - Compromise risk associated with a specific sign-in. 2. User risk detections - Compromise risk associated with a specific user. - Insider risk management admins can opt into each of the above risk detections from Insider risk management global settings. - Risk detections will be available in the indicator timeline within the alert investigation experience. - Risk detections will not impact the risk score or severity of Insider risk management alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.More info: https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risksFeature ID: 420938
Added to roadmap: Tue Oct 08 2024
Last modified: Tue Nov 05 2024
Product(s): Microsoft Purview compliance portal
Cloud instance(s): Worldwide (Standard Multi-Tenant)
Platform(s): Web
Release phase(s): General AvailabilityPreview
Status: In development
Preview Available: OctoberDecember CY2024
Rollout Start: February CY2025
0002
Microsoft Purview compliance portal: Insider Risk Management - Entra compromised user signals in IRM
With this feature, IRM analysts can identify if the user being investigated has any compromise user alerts in Microsoft Entra. This will help them formulate the right response action, like escalating the Incident to SOC teams for quick remediation, etc. Microsoft Entra offers two types of compromised user detections: 1. Sign in risk detections - Compromise risk associated with a specific sign-in. 2. User risk detections - Compromise risk associated with a specific user. - Insider risk management admins can opt into each of the above risk detections from Insider risk management global settings. - Risk detections will be available in the indicator timeline within the alert investigation experience. - Risk detections will not impact the risk score or severity of Insider risk management alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.More info: https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risksFeature ID: 420938
Added to roadmap: Tue Oct 08 2024
Last modified: Fri Oct 18 2024
Product(s): Microsoft Purview compliance portal
Cloud instance(s): Worldwide (Standard Multi-Tenant)
Platform(s): Web
Release phase(s): General AvailabilityPreview
Status: In development
Preview Available: October CY2024
Rollout Start: February CY2025
0001
Microsoft Purview compliance portal: Insider Risk Management - Entra compromised user signals in IRM
With this feature, IRM analysts can identify if the user being investigated has any compromise user alerts in Microsoft Entra. This will help them formulate the right response action, like escalating the Incident to SOC teams for quick remediation, etc. Microsoft Entra offers two types of compromised user detections: 1. Sign in risk detections - Compromise risk associated with a specific sign-in. 2. User risk detections - Compromise risk associated with a specific user. - Insider risk management admins can opt into each of the above risk detections from Insider risk management global settings. - Risk detections will be available in the indicator timeline within the alert investigation experience. - Risk detections will not impact the risk score or severity of Insider risk management alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.More info: https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risksFeature ID: 420938
Added to roadmap: Tue Oct 08 2024
Last modified: Tue Oct 08 2024
Product(s): Microsoft Purview compliance portal
Cloud instance(s): Worldwide (Standard Multi-Tenant)
Platform(s): Web
Release phase(s): General AvailabilityPreview
Status: In development
Preview Available: October CY2024
Rollout Start: February CY2025