Microsoft Purview compliance portal: Insider Risk Management - User analytics
Why it matters: In preview
What to do: Customers can enable/disable user analytics in their tenant from Insider Risk Management settings.
With this feature, insights will be generated for potentially risky behaviors at a user level and will be surfaced across the following experiences: 1) Insider risk management context in DLP alert investigation 2) Insider risk management context in Communication compliance alert investigation 3) Insider risk management context in Microsoft Defender XDR user entity page 4) Advanced hunting in Microsoft Defender XDR User analytics will cover all eligible users in the tenant including users not in the scope of any Insider risk management policy. Customers can enable/disable user analytics in their tenant from Insider Risk Management settings. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Affected: Microsoft Purview