NewMicrosoft Purview · Insider Risk Management

Microsoft Purview compliance portal : Insider Risk Management – Bring your own detections

Admins can now ingest custom user activity indicators from third-party platforms into Insider Risk Management, enabling enhanced insider risk detection using your own organizational data signals alongside Microsoft's built-in correlations.

Action required: Evaluate and configure custom user activity indicators from your SIEM/UEBA or line-of-business applications to integrate with Insider Risk Management policies.

Key dates

2024 — preview (Feature in development; General Availability date not yet announced)

Microsoft's description

<div><span style="font-size:12.0pt;font-family:DengXian;color:black;">Allow customers to bring their own user activity indicators from homegrown, SIEM/UEBA platforms, or other line-of-business applications, and leverage them in existing Insider Risk Management playbooks. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.</span> </div>

View on Microsoft roadmap →