Feedback Opportunity - Enhanced Alert and User Investigation using Copilot for Security in IRM

Summary 

When investigating alerts within Microsoft Purview Insider Risk Management, you can now utilize Microsoft Copilot for Security. This tool provides concise alert summaries and allows you to delve into specific user activities. This enables you to quickly determine whether the user associated with the alert requires further investigation or if the alert can be safely dismissed. Additionally, with a single click, you can obtain a succinct summary of the user’s risk profile, highlighting crucial details and top risk factors. Leveraging Copilot for Security streamlines investigations, reduces the triage workload, and enables faster decision-making. 

Use Cases 

• Speeding up the triage and investigation process: Insider risk analysts and investigators can leverage Copilot for Security to quickly summarize alerts and delve into specific user activities, which is especially useful when there is a high volume of alerts. 
• Prioritizing the riskiest alerts and users: Investigators can use Copilot for Security to review the summary of the alert and the associated user’s risk which can help them decide which alerts/users need to be prioritized for further investigation.  

Learn More
Use Copilot to summarize an alert - Investigate insider risk management activities | Microsoft Learn

Use Copilot to summarize user activities - Manage the workflow with the insider risk management users dashboard | Microsoft Learn

Please share your feedback here - https://forms.office.com/r/g2J9N4JHBY