Microsoft Security Product Hub

Insider Risk Management

Overview

Insider Risk Management allows the creation of custom policies to detect, investigate and take action on internal risks such as confidentiality violations, data theft by departing users, insider trading, fraud, sensitive data leaks and more. Prevent communication between users or departments. Require approval for high risk activities in Exchange Online.

Communication compliance can scan email, Team, Yammer an other applications for policy matches such as bullying, conflicts of interest, fraud and regulatory compliance.

Customer Lockbox prevents Microsoft from accessing corporate content during a support ticket operation without explicit approval by administrators.

Information barriers restricts communication between certain people or departments. Prevent information sharing between trading and merger and acquisition teams, or between research departments and marketing.

Privileged Access Management is supported only in Exchange Online at the moment, but it prevents administrators from having standing permissions to perform certain actions without requesting elevation of privilege and approval. For instance creation or modification of journal rules that copy all messages to another email address can be prevented for Exchange administrators until they request and are granted approval.

Outcomes

  • Get alerts based on risk indicators for internal users and create cases to investigate if required
  • Prevent Microsoft support personnel from accessing corporate data during a support ticket without approval
  • Prevent communication or collaboration between departments who are not allowed to share data
  • Restrict specific administrative actions in Exchange Online until access has been requested and approved
All
Secure Remote Work
Zero Trust