Forum Widgets
Latest Discussions
Deep Dive: Insider Risk Management in Microsoft Purview
Hi everyone I recently explored the Insider Risk Management (IRM) workflow in Microsoft Purview and how it connects across governance, compliance, and security. This end-to-end process helps organizations detect risky activities, triage alerts, investigate incidents, and take corrective action. Key Phases in the IRM Workflow: Policy: Define rules to detect both accidental (data spillage) and malicious risks (IP theft, fraud, insider trading). Alerts: Generate alerts when policies are violated. Triage: Prioritize and classify alerts by severity. Investigate: Use dashboards, Content Explorer, and Activity Explorer to dig into context. Action: Take remediation steps such as user training, legal escalation, or SIEM integration. Key takeaways from my lab: Transparency is essential (balancing privacy vs. protection). Integration across Microsoft 365 apps makes IRM policies actionable. Defender + Purview together unify detection + governance for insider risk. This was part of my ongoing security lab series. Curious to hear from the community ā how are you applying Insider Risk Management in your environments or labs?eDiscovery is NOT working correctly with KeyQL Sensitive Type
Hello team, I am running in eDiscovery using KeyQL or Query builder data at REST in EXO (Stale emails) that contain sensitive Info like: Canada Social Insurance number. The query run correctly, however, the output statistics pull out other type of sensitive Info, this means that the eDiscovery is not discovering what is was requested in the KeyQL query. Canada Social Insurance Number a2f29c85-ecb8-4514-a610-364790c0773e KeyQL Query: (SensitiveType:a2f29c85-ecb8-4514-a610-364790c0773e|1..|85..100) AND Date>2025-01-01 Please see the output of the Query: In addition with this problem, Why we can't delete the stale emails using as condition the "Sensitive info", so, If I need to delete the emails before 2020 with "Canada Social Insurance number", how can I do it? It will be almost impossible if the cybersecurity team needs to do with the end-user email by email? Best regards,Microsoft Risky Business or Community?
Verifying every access measure.... Zero Trust Architecture Identity & Access Management - How does Zero Trust enhance identity protection through tools like Microsoft Entra ID (formerly Azure AD)? Threat Detection & Response - How does Zero Trust integrate with Microsoft Defender and Sentinel to provide real-time threat detection and response? This is to implement every access measure that I have permission to provide.
