Hybrid work is becoming the new normal - people working in new ways, some in the office, some remote, some a fluid mix of the two. With these new ways of work, come new risks. And when you mix that with the most complex cybersecurity environment we've ever seen, the risks can feel overwhelming. We -- together with our partner ecosystem -- are here to help.
To reduce the burden on already overloaded security teams, it’s critical to show digital empathy, which means making the job of risk management easier. With our strong partner ecosystem and our recent inclusion of Analytics in Insider Risk Management, it’s easy to get started and uncover hidden risks currently in your organization.
Today we are excited to announce the public preview of new capabilities in Insider Risk Management that make it easier for organizations to protect their most critical assets from the inside out.
Granular Role-Based Access Controls
Given the importance of privacy and the need for additional control, we are announcing the ability to limit the visibility of alerts, cases, and user activity reports related to priority users to specific analysts or investigators within your organization. For example, you can create a priority user group for your executive staff and ensure that only a member of your legal organization sees an alert on any of those individuals.
This new functionality not only provides the additional level of control to support the management of alerts relating to confidential assets and individuals but also respects your organization’s compliance and privacy requirements.
Improved flexibility and control in managing alerts We know it is important to make sure that analysts and investigators are spending time on the tasks that matter most, so we’re continuing to enable efficiency during alert triage with new functionality that allows you to take action on bulk alerts. With this new functionality, you can select multiple alerts and dismiss them at once, improving the triage and management of the alert queue.
Broader support for browser exfiltration signals
Web browsers such as Microsoft Edge and Google Chrome are often used to access both sensitive and non-sensitive files within an organization. Microsoft’s Insider Risk Management now supports browser exfiltration signals for all non-executable files that are viewed in both Microsoft Edge and Google Chrome, allowing customers to understand when any of the following operations are performed:
File copied to cloud
File copied to Network Share
File copied to Removeable Media
These signals are collected in Microsoft Edge using the Microsoft Insider Risk Extension Edge Add-On. In Google Chrome, customers can leverage the Microsoft Compliance Extension. More detail can be found on our documentation site.
The new features announced today will start rolling out to customers’ tenants in the coming days and weeks. Insider Risk Management is one of several products in Microsoft 365 E5, including Communication Compliance, Information Barriers, and Privileged Access Management, that helps organizations mitigate insider risks and policy violations. You can sign up for a trial of Microsoft 365 E5 or navigate to the Microsoft 365 compliance center to get started.
Learn more about Insider Risk Management, how to get started, and configure policies in your tenant in this supporting documentation. Keep a lookout for updates to the documentation with information on the new features over the coming weeks.
Finally, if you haven’t listened to our podcast “Uncovering Hidden Risks”, we encourage you to listen about the technologies used to detect insider risks and what is required to build and maintain an effective insider risk management program.
We are excited about all the new innovations coming out with this new release and look forward to hearing your feedback.
Talhah Mir, Principal Program Manager, Microsoft 365 Security and Compliance Engineering