SlideShare a Scribd company logo
Mitul Rana
MCT & Platform Architect | Trelleborg
Bheemarayappa Hanabar
MCT | Microsoft technology enthusiast |
Independent consultant
Insider Risk
Protection and Containment
in Microsoft 365
Day 1 | IT Pro track | Session 3 | 15th October 2021 | 10:30 - 11:30 AM IST
Southeast Asia's premier free conference for Microsoft 365
15th - 16th October 2021, Online
Brought to you by:
Community for Azure, Microsoft 365 & SharePoint
Join the aMS Quiz to win Prizes !
Attend the aMS
sessions for 2 days
Answer as many
questions as you can
Highest scorers get
rewarded!
Throughout the 2 days aMS sessions, we will share this QR code with you
to participate on a quiz to win some prizes.
Answers can be found in every speaker’s session.
Submit your quiz latest by 11.59pm on the 16th Oct 2021.
◀ Scan for
Feedback & Quiz
Join as many session as you can to get
the hints on the correct answer of the quiz!
First things first
Questions or clarifications or feedback? Feel free to type them in the instant message
window at any time. We will try to respond all of them, otherwise, we will share via email.
This session is being recorded and will be available at website : https://amssea.asia/
You can reach out to us mitul.rana@outlook.com | hanabar@hotmail.com
Agenda
Introduction Insider Risk Management
Insider Risk Policies
Create and manage insider risk policies
Investigate insider risk alerts
Take action on insider risk alerts through cases
aMS Quiz
Introduction
• Insider Risk Management
• Pain Points in the Modern Workplace
• Insider risk management workflow
*Crowd Research Partners, Insider Threat Report
*Carnegie Mellon CERT study: The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
*Carnegie Mellon University: Insider Threats in Healthcare
the most common estimate is a range of $100,000 to $500,000 per successful insider attack (27%). Twenty-four percent expect
damages to exceed $500,000
*Crowd Research Partners, Insider Threat Report
*Carnegie Mellon CERT study: The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
*Carnegie Mellon University: Insider Threats in Healthcare
*Crowd Research Partners, Insider Threat Report
*Carnegie Mellon CERT study: The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
*Carnegie Mellon University: Insider Threats in Healthcare
*Crowd Research Partners, Insider Threat Report
*Carnegie Mellon CERT study: The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
*Carnegie Mellon University: Insider Threats in Healthcare
Data is no longer just an IT asset; it’s a core strategic asset, and some types of data are more valuable than others.
Confidential business information, which encompasses company financials along with customer and employee data,
is a highly strategic asset and equally a high-value target.
*Crowd Research Partners, Insider Threat Report
*Carnegie Mellon CERT study: The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
*Carnegie Mellon University: Insider Threats in Healthcare
too many users with excessive access privileges (37%), increasing number of devices with access to sensitive data
(36%), and technology becoming more complex (35%)
Managing Insider Risk in
Microsoft 365
Insider risk management solution & development
Insider risk management’s principles :
Transparent
Balance employee
privacy versus
organization risk
with privacy-by-
design architecture.
Configurable
Configurable
policies based on
industry, geography,
and business groups
Integrated
Integrated workflow
across Microsoft
365 compliance
solutions
Actionable
Provides insights to
enable employee
notifications, data
investigations, and
employee
investigations.
Insider risk management workflow
Insider risk management overview
Demo
Configure insider risk management
Demo: Configure insider risk management
1.Enable permissions for insider risk management
2.Enable the Office 365 audit log
3.Configure prerequisites for templates
4.Configure insider risk settings.
5.Create an insider risk management policy.
Enable permissions for insider risk management
Insider Risk Management Role Group
Role group Role permissions
Insider Risk Management Use this role group to manage insider risk management for your organization in a single group. By adding all user accounts for designated
administrators, analysts, investigators, and auditors you can configure insider risk management permissions in a single group. This role
group contains all the insider risk management permission roles and associated permissions. This configuration is the easiest way to quickly
get started with insider risk management and is a good fit for organizations that do not need separate permissions defined for separate
groups of users. When using this configuration, you should make sure to always have at least one user assigned to this role group to
ensure that your policies work as expected and so the user can create and edit policies, configure solution settings, and review policy
health warnings.
Insider Risk Management Admin Use this role group to initially configure insider risk management and later to separate insider risk administrators into a defined group.
Users in this role group can enable and view analytics insights and create, read, update, and delete insider risk management policies, global
settings, and role group assignments. When using this configuration, you should make sure to always have at least one user assigned to
this role group to ensure that your policies work as expected and so the user can create and edit policies, configure solution settings,
and review policy health warnings.
Insider Risk Management Analysts Use this group to assign permissions to users that will act as insider risk case analysts. Users in this role group can access and view all
insider risk management alerts, cases, analytics insights, and notices templates. They cannot access the insider risk Content explorer.
Insider Risk Management Investigators Use this group to assign permissions to users that will act as insider risk data investigators. Users in this role group can access to all insider
risk management alerts, cases, notices templates, and the Content explorer for all cases.
Insider Risk Management Auditors Use this group to assign permissions to users that will audit insider risk management activities. Users in this role group can access the
insider risk audit log. Users in this role group cannot access and use the recommended actions (preview) feature.
https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide
Enable the Office 365 audit log
• https://docs.microsoft.com/en-us/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-
worldwide
Configure prerequisites for templates
Configure insider risk settings.
Interactive guide
• https://insider-risk-
management.azureedge.net/
Privileged access management
Layers of protection
Demo
Enable and configure privileged access management
Demo: Enable and configure privileged access management
1.Create an approver's group
2.Enable privileged access
3.Create an access policy
4.Submit/approve privileged access requests.
https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-management-configuration?view=o365-
worldwide
Customer lockbox
Customer lockbox requests
allows you to control how a
Microsoft support engineer
accesses your data
Communications compliance
https://mslearn.cloudguides.com/en-
us/guides/Minimize%20communication%20risks%20with%20communication%20compliance%20i
n%20Microsoft%20365
Interactive guide
Communication Compliance
Interactive Guide
https://mslearn.cloudguides.com
/en-
us/guides/Minimize%20communi
cation%20risks%20with%20com
munication%20compliance%20in
%20Microsoft%20365
Information barriers
Define policies that are designed
to prevent certain segments of
users from communicating with
each other or allow specific
segments to communicate only
with certain other segments
https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-
policies?view=o365-worldwide
Ethical walls in Exchange online
Demo
Create an ethical wall using distribution groups
aMS Quiz 01
An employee left work with an unencrypted work laptop, which was
stolen days later in a burglary. Data containing sensitive information for
10 projects is on the laptop. This is an example of which type of
internal risk?
A. Regulatory compliance violation
B. Sabotage
C. Data leak
D. None of the above
aMS Quiz 02
You want to search for insider risk alerts that occurred in the past 30
days and are high severity risks. The easiest way to accomplish this is to
do which of the following?
A. From the Alerts dashboard, select the Filter control.
B. Click “Export” to download a CSV file with all alerts. Import this into
Excel and use the filter function.
C. From the Alerts dashboard search for “last 30 days.”
D. None of the above
Documentation
MS-500: Microsoft 365 Security
Administration
SC-200: Microsoft Security
Operations Analyst
Certifications
https://docs.microsoft.com/en-us/learn/modules/m365-compliance-insider-manage-
insider-risk
https://microsoft.github.io/ComplianceCxE/resources/ir/
https://insider-risk-management.azureedge.net/
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/help-
protect-your-organization-from-the-inside-out-with-new/ba-p/2540472
https://www.microsoft.com/en-us/security/business/compliance/risk-management
Join the aMS Quiz to win Prizes !
Attend the aMS
sessions for 2 days
Answer as many
questions as you can
Highest scorers get
rewarded!
Throughout the 2 days aMS sessions, we will share this QR code with you
to participate on a quiz to win some prizes.
Answers can be found in every speaker’s session.
Submit your quiz latest by 11.59pm on the 16th Oct 2021.
◀ Scan for
Feedback & Quiz
Join as many session as you can to get
the hints on the correct answer of the quiz!
Brought to you by:
Community for Azure, Microsoft 365 & SharePoint
Thank You
Do join us for other sessions in different tracks !

More Related Content

What's hot

Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search API
Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search APIMicrosoft 365 Virtual 2020 Spain - Microsoft Graph Search API
Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search API
Alberto Diaz Martin
 
Microsoft Teams Governance Quickstart - The Experts Conference
Microsoft Teams Governance Quickstart - The Experts ConferenceMicrosoft Teams Governance Quickstart - The Experts Conference
Microsoft Teams Governance Quickstart - The Experts Conference
Joel Oleson
 
Microsoft in the Cloud: Making Migration Easy
Microsoft in the Cloud: Making Migration EasyMicrosoft in the Cloud: Making Migration Easy
Microsoft in the Cloud: Making Migration Easy
TechSoup
 
Microsoft 365 Business - Presented by Razor Technology
Microsoft 365 Business - Presented by Razor TechnologyMicrosoft 365 Business - Presented by Razor Technology
Microsoft 365 Business - Presented by Razor Technology
David J Rosenthal
 
Office 365 Saturday - Office 365 Security Best Practices
Office 365 Saturday - Office 365 Security Best PracticesOffice 365 Saturday - Office 365 Security Best Practices
Office 365 Saturday - Office 365 Security Best Practices
Benoit HAMET
 
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...
Richard Harbridge
 
Information Barriers in MS Teams
Information Barriers in MS TeamsInformation Barriers in MS Teams
Information Barriers in MS Teams
Nanddeep Nachan
 
Solving the security & compliance puzzle for Office 365 and Microsoft 365
Solving the security & compliance puzzle for Office 365 and Microsoft 365Solving the security & compliance puzzle for Office 365 and Microsoft 365
Solving the security & compliance puzzle for Office 365 and Microsoft 365
Albert Hoitingh
 
Enabling Teamwork From Anywhere - From Microsoft and Razor Technology
Enabling Teamwork From Anywhere - From Microsoft and Razor TechnologyEnabling Teamwork From Anywhere - From Microsoft and Razor Technology
Enabling Teamwork From Anywhere - From Microsoft and Razor Technology
David J Rosenthal
 
Build Agile Business Processes with Microsoft Power Platform
Build Agile Business Processes with Microsoft Power PlatformBuild Agile Business Processes with Microsoft Power Platform
Build Agile Business Processes with Microsoft Power Platform
David J Rosenthal
 
Innovation morning microsoft 365 e security
Innovation morning microsoft 365 e security Innovation morning microsoft 365 e security
Innovation morning microsoft 365 e security
Claudia Angelelli
 
Introduction to Microsoft 365 Business
Introduction to Microsoft 365 BusinessIntroduction to Microsoft 365 Business
Introduction to Microsoft 365 Business
Robert Crane
 
Respond-Recover-Reimagine: Building Business Resilience
Respond-Recover-Reimagine: Building Business ResilienceRespond-Recover-Reimagine: Building Business Resilience
Respond-Recover-Reimagine: Building Business Resilience
David J Rosenthal
 
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
David J Rosenthal
 
CIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupifyCIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupify
Datto
 
Evolve Your Web Applications with Microsoft Azure
Evolve Your Web Applications with Microsoft AzureEvolve Your Web Applications with Microsoft Azure
Evolve Your Web Applications with Microsoft Azure
David J Rosenthal
 
Build Agile Business Processes With Power Apps in Modern Workplace
Build Agile Business Processes With Power Apps in Modern WorkplaceBuild Agile Business Processes With Power Apps in Modern Workplace
Build Agile Business Processes With Power Apps in Modern Workplace
David J Rosenthal
 
Administering power platform deployment planning
Administering power platform deployment planningAdministering power platform deployment planning
Administering power platform deployment planning
Dipti Chhatrapati
 
Azure cloud
Azure cloudAzure cloud
Azure cloud
AsiaPac
 
Microsoft Office 365 Security and Compliance Updates
Microsoft Office 365 Security and Compliance UpdatesMicrosoft Office 365 Security and Compliance Updates
Microsoft Office 365 Security and Compliance Updates
David J Rosenthal
 

What's hot (20)

Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search API
Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search APIMicrosoft 365 Virtual 2020 Spain - Microsoft Graph Search API
Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search API
 
Microsoft Teams Governance Quickstart - The Experts Conference
Microsoft Teams Governance Quickstart - The Experts ConferenceMicrosoft Teams Governance Quickstart - The Experts Conference
Microsoft Teams Governance Quickstart - The Experts Conference
 
Microsoft in the Cloud: Making Migration Easy
Microsoft in the Cloud: Making Migration EasyMicrosoft in the Cloud: Making Migration Easy
Microsoft in the Cloud: Making Migration Easy
 
Microsoft 365 Business - Presented by Razor Technology
Microsoft 365 Business - Presented by Razor TechnologyMicrosoft 365 Business - Presented by Razor Technology
Microsoft 365 Business - Presented by Razor Technology
 
Office 365 Saturday - Office 365 Security Best Practices
Office 365 Saturday - Office 365 Security Best PracticesOffice 365 Saturday - Office 365 Security Best Practices
Office 365 Saturday - Office 365 Security Best Practices
 
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...
 
Information Barriers in MS Teams
Information Barriers in MS TeamsInformation Barriers in MS Teams
Information Barriers in MS Teams
 
Solving the security & compliance puzzle for Office 365 and Microsoft 365
Solving the security & compliance puzzle for Office 365 and Microsoft 365Solving the security & compliance puzzle for Office 365 and Microsoft 365
Solving the security & compliance puzzle for Office 365 and Microsoft 365
 
Enabling Teamwork From Anywhere - From Microsoft and Razor Technology
Enabling Teamwork From Anywhere - From Microsoft and Razor TechnologyEnabling Teamwork From Anywhere - From Microsoft and Razor Technology
Enabling Teamwork From Anywhere - From Microsoft and Razor Technology
 
Build Agile Business Processes with Microsoft Power Platform
Build Agile Business Processes with Microsoft Power PlatformBuild Agile Business Processes with Microsoft Power Platform
Build Agile Business Processes with Microsoft Power Platform
 
Innovation morning microsoft 365 e security
Innovation morning microsoft 365 e security Innovation morning microsoft 365 e security
Innovation morning microsoft 365 e security
 
Introduction to Microsoft 365 Business
Introduction to Microsoft 365 BusinessIntroduction to Microsoft 365 Business
Introduction to Microsoft 365 Business
 
Respond-Recover-Reimagine: Building Business Resilience
Respond-Recover-Reimagine: Building Business ResilienceRespond-Recover-Reimagine: Building Business Resilience
Respond-Recover-Reimagine: Building Business Resilience
 
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
 
CIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupifyCIO Cloud Summit nyc_backupify
CIO Cloud Summit nyc_backupify
 
Evolve Your Web Applications with Microsoft Azure
Evolve Your Web Applications with Microsoft AzureEvolve Your Web Applications with Microsoft Azure
Evolve Your Web Applications with Microsoft Azure
 
Build Agile Business Processes With Power Apps in Modern Workplace
Build Agile Business Processes With Power Apps in Modern WorkplaceBuild Agile Business Processes With Power Apps in Modern Workplace
Build Agile Business Processes With Power Apps in Modern Workplace
 
Administering power platform deployment planning
Administering power platform deployment planningAdministering power platform deployment planning
Administering power platform deployment planning
 
Azure cloud
Azure cloudAzure cloud
Azure cloud
 
Microsoft Office 365 Security and Compliance Updates
Microsoft Office 365 Security and Compliance UpdatesMicrosoft Office 365 Security and Compliance Updates
Microsoft Office 365 Security and Compliance Updates
 

Similar to aMs Southeast Asia 2021 : Insider risk protection and containment in microsoft 365

7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
Mighty Guides, Inc.
 
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
alinainglis
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
abhimanyubhogwan
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
sammart93
 
Dit yvol2iss8
Dit yvol2iss8Dit yvol2iss8
Dit yvol2iss8
Rick Lemieux
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
PrescottLunt386
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
North Texas Chapter of the ISSA
 
Module 6 - Insider Risk.pptx
Module 6 - Insider Risk.pptxModule 6 - Insider Risk.pptx
Module 6 - Insider Risk.pptx
ErikHof4
 
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docxMITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
helzerpatrina
 
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docxMITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
roushhsiu
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
JustinBrown267905
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
jjvdneut
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
jjvdneut
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head    2Week #8 MidTerm Assignment               .docxRunning Head    2Week #8 MidTerm Assignment               .docx
Running Head 2Week #8 MidTerm Assignment .docx
healdkathaleen
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 DubaiIT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
360 BSI
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
amaranthbeg93
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
amaranthbeg53
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
amaranthbeg73
 
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
PECB
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 

Similar to aMs Southeast Asia 2021 : Insider risk protection and containment in microsoft 365 (20)

7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
 
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
 
Dit yvol2iss8
Dit yvol2iss8Dit yvol2iss8
Dit yvol2iss8
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 
Module 6 - Insider Risk.pptx
Module 6 - Insider Risk.pptxModule 6 - Insider Risk.pptx
Module 6 - Insider Risk.pptx
 
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docxMITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
 
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docxMITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
MITS5004 Assignment 3 2 Copyright © 2015-2018 VIT, All Rig.docx
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head    2Week #8 MidTerm Assignment               .docxRunning Head    2Week #8 MidTerm Assignment               .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 DubaiIT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 

Recently uploaded

Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Sunil Jagani
 

Recently uploaded (20)

Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
 

aMs Southeast Asia 2021 : Insider risk protection and containment in microsoft 365

  • 1. Mitul Rana MCT & Platform Architect | Trelleborg Bheemarayappa Hanabar MCT | Microsoft technology enthusiast | Independent consultant Insider Risk Protection and Containment in Microsoft 365 Day 1 | IT Pro track | Session 3 | 15th October 2021 | 10:30 - 11:30 AM IST Southeast Asia's premier free conference for Microsoft 365 15th - 16th October 2021, Online
  • 2. Brought to you by: Community for Azure, Microsoft 365 & SharePoint
  • 3. Join the aMS Quiz to win Prizes ! Attend the aMS sessions for 2 days Answer as many questions as you can Highest scorers get rewarded! Throughout the 2 days aMS sessions, we will share this QR code with you to participate on a quiz to win some prizes. Answers can be found in every speaker’s session. Submit your quiz latest by 11.59pm on the 16th Oct 2021. ◀ Scan for Feedback & Quiz Join as many session as you can to get the hints on the correct answer of the quiz!
  • 4. First things first Questions or clarifications or feedback? Feel free to type them in the instant message window at any time. We will try to respond all of them, otherwise, we will share via email. This session is being recorded and will be available at website : https://amssea.asia/ You can reach out to us mitul.rana@outlook.com | hanabar@hotmail.com
  • 5. Agenda Introduction Insider Risk Management Insider Risk Policies Create and manage insider risk policies Investigate insider risk alerts Take action on insider risk alerts through cases aMS Quiz
  • 6. Introduction • Insider Risk Management • Pain Points in the Modern Workplace • Insider risk management workflow
  • 7. *Crowd Research Partners, Insider Threat Report *Carnegie Mellon CERT study: The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures *Carnegie Mellon University: Insider Threats in Healthcare the most common estimate is a range of $100,000 to $500,000 per successful insider attack (27%). Twenty-four percent expect damages to exceed $500,000
  • 8. *Crowd Research Partners, Insider Threat Report *Carnegie Mellon CERT study: The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures *Carnegie Mellon University: Insider Threats in Healthcare
  • 9. *Crowd Research Partners, Insider Threat Report *Carnegie Mellon CERT study: The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures *Carnegie Mellon University: Insider Threats in Healthcare
  • 10. *Crowd Research Partners, Insider Threat Report *Carnegie Mellon CERT study: The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures *Carnegie Mellon University: Insider Threats in Healthcare Data is no longer just an IT asset; it’s a core strategic asset, and some types of data are more valuable than others. Confidential business information, which encompasses company financials along with customer and employee data, is a highly strategic asset and equally a high-value target.
  • 11. *Crowd Research Partners, Insider Threat Report *Carnegie Mellon CERT study: The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures *Carnegie Mellon University: Insider Threats in Healthcare too many users with excessive access privileges (37%), increasing number of devices with access to sensitive data (36%), and technology becoming more complex (35%)
  • 12. Managing Insider Risk in Microsoft 365
  • 13. Insider risk management solution & development
  • 14. Insider risk management’s principles : Transparent Balance employee privacy versus organization risk with privacy-by- design architecture. Configurable Configurable policies based on industry, geography, and business groups Integrated Integrated workflow across Microsoft 365 compliance solutions Actionable Provides insights to enable employee notifications, data investigations, and employee investigations.
  • 15.
  • 19. Demo: Configure insider risk management 1.Enable permissions for insider risk management 2.Enable the Office 365 audit log 3.Configure prerequisites for templates 4.Configure insider risk settings. 5.Create an insider risk management policy.
  • 20. Enable permissions for insider risk management
  • 21. Insider Risk Management Role Group Role group Role permissions Insider Risk Management Use this role group to manage insider risk management for your organization in a single group. By adding all user accounts for designated administrators, analysts, investigators, and auditors you can configure insider risk management permissions in a single group. This role group contains all the insider risk management permission roles and associated permissions. This configuration is the easiest way to quickly get started with insider risk management and is a good fit for organizations that do not need separate permissions defined for separate groups of users. When using this configuration, you should make sure to always have at least one user assigned to this role group to ensure that your policies work as expected and so the user can create and edit policies, configure solution settings, and review policy health warnings. Insider Risk Management Admin Use this role group to initially configure insider risk management and later to separate insider risk administrators into a defined group. Users in this role group can enable and view analytics insights and create, read, update, and delete insider risk management policies, global settings, and role group assignments. When using this configuration, you should make sure to always have at least one user assigned to this role group to ensure that your policies work as expected and so the user can create and edit policies, configure solution settings, and review policy health warnings. Insider Risk Management Analysts Use this group to assign permissions to users that will act as insider risk case analysts. Users in this role group can access and view all insider risk management alerts, cases, analytics insights, and notices templates. They cannot access the insider risk Content explorer. Insider Risk Management Investigators Use this group to assign permissions to users that will act as insider risk data investigators. Users in this role group can access to all insider risk management alerts, cases, notices templates, and the Content explorer for all cases. Insider Risk Management Auditors Use this group to assign permissions to users that will audit insider risk management activities. Users in this role group can access the insider risk audit log. Users in this role group cannot access and use the recommended actions (preview) feature. https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide
  • 22. Enable the Office 365 audit log • https://docs.microsoft.com/en-us/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365- worldwide
  • 27. Demo Enable and configure privileged access management
  • 28. Demo: Enable and configure privileged access management 1.Create an approver's group 2.Enable privileged access 3.Create an access policy 4.Submit/approve privileged access requests. https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-management-configuration?view=o365- worldwide
  • 29. Customer lockbox Customer lockbox requests allows you to control how a Microsoft support engineer accesses your data
  • 31. Interactive guide Communication Compliance Interactive Guide https://mslearn.cloudguides.com /en- us/guides/Minimize%20communi cation%20risks%20with%20com munication%20compliance%20in %20Microsoft%20365
  • 32. Information barriers Define policies that are designed to prevent certain segments of users from communicating with each other or allow specific segments to communicate only with certain other segments https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers- policies?view=o365-worldwide
  • 33. Ethical walls in Exchange online
  • 34. Demo Create an ethical wall using distribution groups
  • 35. aMS Quiz 01 An employee left work with an unencrypted work laptop, which was stolen days later in a burglary. Data containing sensitive information for 10 projects is on the laptop. This is an example of which type of internal risk? A. Regulatory compliance violation B. Sabotage C. Data leak D. None of the above
  • 36. aMS Quiz 02 You want to search for insider risk alerts that occurred in the past 30 days and are high severity risks. The easiest way to accomplish this is to do which of the following? A. From the Alerts dashboard, select the Filter control. B. Click “Export” to download a CSV file with all alerts. Import this into Excel and use the filter function. C. From the Alerts dashboard search for “last 30 days.” D. None of the above
  • 37. Documentation MS-500: Microsoft 365 Security Administration SC-200: Microsoft Security Operations Analyst Certifications https://docs.microsoft.com/en-us/learn/modules/m365-compliance-insider-manage- insider-risk https://microsoft.github.io/ComplianceCxE/resources/ir/ https://insider-risk-management.azureedge.net/ https://techcommunity.microsoft.com/t5/security-compliance-and-identity/help- protect-your-organization-from-the-inside-out-with-new/ba-p/2540472 https://www.microsoft.com/en-us/security/business/compliance/risk-management
  • 38. Join the aMS Quiz to win Prizes ! Attend the aMS sessions for 2 days Answer as many questions as you can Highest scorers get rewarded! Throughout the 2 days aMS sessions, we will share this QR code with you to participate on a quiz to win some prizes. Answers can be found in every speaker’s session. Submit your quiz latest by 11.59pm on the 16th Oct 2021. ◀ Scan for Feedback & Quiz Join as many session as you can to get the hints on the correct answer of the quiz!
  • 39. Brought to you by: Community for Azure, Microsoft 365 & SharePoint Thank You Do join us for other sessions in different tracks !

Editor's Notes

  1. Insider risk management in Microsoft 365 helps organizations address internal risks, such as IP theft, fraud, and sabotage. We will Learn about insider risk management and how Microsoft technologies can help organization to detect, investigate, and take action on risky activities in your organization.
  2. Data theft by departing employee. When employees leave an organization, either voluntarily or as the result of termination, there is often legitimate concerns that company, customer, and employee data are at risk. Employees may innocently assume that project data isn't proprietary, or they may be tempted to take company data for personal gain and in violation of company policy and legal standards. Leak of sensitive or confidential information. In most cases, employees try their best to properly handle sensitive or confidential information. But occasionally employees make mistakes and information is accidentally shared outside your organization or in violation of your information protection policies. Sometimes employees may intentionally leak or share sensitive and confidential information with malicious intent and for potential personal gain. Actions and behaviors that violate corporate policies. Employee-to-employee communications are often a source of inadvertent or malicious violations of corporate policies. These violations can include offensive language, threats, and cyber-bullying between employees. This type of activity contributes to a hostile work environment and can result in legal actions against both employees and the larger organization.
  3. Using policy templates with pre-defined conditions and comprehensive activity signaling across the Microsoft 365 service, you can use actionable insights to quickly identify and resolve risky behavior. Identifying and resolving internal risk activities and compliance issues with insider risk management in Microsoft 365 uses the following workflow: 1. Policies. Insider risk management policies determine which employees are in-scope and which types of risk indicators are configured for alerts. 2. Alerts. Insider risk management alerts are automatically generated by risk indicators defined in insider risk management policies. These alerts give compliance analysts and investigators an all-up view of the current risk status and allow your organization to triage and take actions for discovered risks. 3. Triage. Reviewers can quickly identify insider risk alerts and examine each to evaluate and triage. Alerts are resolved by opening a new case, assigning the alert to an existing case, or dismissing the alert. 4. Investigate. Cases are manually created from alerts in the situations where further action is needed to address an issue for an employee. 5. Action. After investigating the details of a case, you can take action by sending the employee a notice, resolving the case as benign, or escalating to a data or employee investigation.
  4. In March of 2019, a large auto manufacturer with state-of-the-art, proprietary operations and technology filed a lawsuit against four former employees and a competitor for corporate espionage. The lawsuit was filed after discovering that the employees had downloaded proprietary warehouse schematics and operational procedures before leaving the company and shared them with the competitor.
  5. Before you begin working with insider risk management confirm you have the appropriate licensing. Users included in insider risk policies must have a Microsoft 365 E5 Compliance license or be part of an E5 subscription.
  6. 1. Enable permissions for insider risk management. There are four roles groups used to configure permissions to manage insider risk management features. 2. Enable the Office 365 audit log. Insider risk management uses audit logs for user insights and activities configured in policies. 3. Configure prerequisites for templates. Some insider risk management templates have prerequisites that must be configured for policy indicators to generate relevant activity alerts. 4. Configure insider risk settings. Insider risk settings apply to all insider risk management policies, regardless of the template you chose when creating a policy. 5. Create an insider risk management policy. Insider risk management policies include assigned users and define which types of risk indicators are configured for alerts.
  7. Privileged access management allows granular access control over privileged admin tasks in Office 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings. Privileged access management requires users to request just-in-time access to complete elevated and privileged tasks through a highly scoped and time-bounded approval workflow. This configuration gives users just-enough-access to perform the task at hand, without risking exposure of sensitive data or critical configuration settings. Enabling privileged access management in Microsoft 365 allows your organization to operate with zero standing privileges and provide a layer of defense against standing administrative access vulnerabilities.
  8. Step 1: Create an approver's group Before you start using privilege access, determine who needs approval authority for incoming requests for access to elevated and privileged tasks. Any user who is part of the Approvers' group is able to approve access requests. This group is enabled by creating a mail-enabled security group in Office 365. Step 2: Enable privileged access Privileged access must be explicitly enabled in Office 365 with the default approver group, including a set of system accounts that you want excluded from the privileged access management access control. Step 3: Create an access policy Creating an approval policy allows you to define the specific approval requirements scoped at individual tasks. The approval type options are Auto or Manual. Step 4: Submit/approve privileged access requests Once enabled, privileged access requires approvals for any task that has an associated approval policy defined. For tasks included in an approval policy, users must request and be granted access approval to have permissions necessary to execute the task.
  9. Customer Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval. Customer Lockbox brings you into the approval workflow process that Microsoft uses to ensure only authorized requests allow access to your content.
  10. Communication compliance is part of the new insider risk solution set in Microsoft 365 that helps minimize communication risks by helping you detect, capture, and take remediation actions for inappropriate messages in your organization. Pre-defined and custom policies allow you to scan internal and external communications for policy matches so they can be examined by designated reviewers. Reviewers can investigate scanned email, Microsoft Teams, or third-party communications in your organization and take appropriate remediation actions to make sure they're compliant with your organization's message standards. Identifying and resolving compliance issues with communication compliance in Microsoft 365 uses the following workflow: 1. Configure. Here you identify your compliance requirements and configure applicable communication compliance policies. 2. Investigate. you look deeper into the issues detected as matching your communication compliance policies. 3. Remediate. Here you resolve, tag messages, notify, escalate or create a case to investigate further. 4. Monitor. Keeping track and managing compliance issues identified by communication compliance policies spans the entire workflow process.
  11. Microsoft 365 enables communication and collaboration across groups and organizations. Information barriers is the way to restrict communication and collaboration among specific groups of users when necessary. Information barriers is now supported in Microsoft Teams, SharePoint Online, and OneDrive for Business. Information barrier policies can help your organization maintain compliance with relevant industry standards and regulations and avoid potential conflicts of interest. Information barrier policies can be used for situations like these: ●User in the day trader group should not communicate or share files with the marketing team. ●Finance personnel working on confidential company information should not communicate or share files with certain groups within their organization. ●An internal team with trade secret material should not call or chat online with people in certain groups within their organization. ●A research team should only call or chat online with a product development team.
  12. An information barrier specific to Exchange Online is referred to as an ethical wall. It's a zone of non-communication between distinct departments of a business or organization. This zone is established to help prevent conflicts of interest that might result in the inappropriate release of sensitive information.