NewMicrosoft Purview · Insider Risk Management

Microsoft Purview compliance portal: Insider Risk Management - Recommended thresholds

Admins can now receive tailored recommended thresholds for built-in indicators within Insider Risk Management policies, enabling better fine-tuning of policies and reduction of alert noise. This feature is currently in development.

Action required: Review and configure recommended thresholds for insider risk indicators in the policy wizard to optimize alert tuning.

Key dates

— preview (Feature status: In development)

Microsoft's description

With this update, admins with the appropriate permissions can get tailored recommended thresholds for all the built-in indicators within the policy wizard. This feature enables organizations to fine tune their insider risk policies and get an optimal number of alerts. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

View on Microsoft roadmap →