Posts

Intelligent Detections Configuration - Microsoft Purview

Image
To meet the compliance needs for your organization, we need to configure several insider risk management settings. These settings apply to all insider risk management policies, regardless of the template we are going to use when creating a policy.  Several areas we need to look and configure right settings there, starting from policy indicators, timeframes, detection groups, intelligent detections, data sharing, groups, assets etc. One interesting configuration area is intelligent detections. Why we need Intelligent Detections and how we can see the value Detecting unusual activities within a minimum number of daily events and place a score for unusual event. Events like increase/decrease access specific media/files/data, access request from specific range of IP or some unallowed domains, access volume data in unusual time - All these unusual events detecting by intelligent detections configuration are getting scored up, and lately this score will be transformed into low, med...

Insider Risk Management - Policy Creation

Image
Insider Risk Management - One of the important wings of Microsoft Purview which help us to setup policy to minimize the insider threat being executed/exposed. Following are simple setup setps to create one such policy. Micrsoft provider simple template to configure the policy. Go to Microsoft Purview portal >> Click on Insider Rick Management .  On the left navigation bar, click on Policies . And finally Click on  + Create Policy. Specific to this exsmple, this policy is going to monitor all the interaction is happening with health related data managed and support by a specific team. You can select all user base, or selective user/group who are e;ligible to work with health related data. Most of the cases, we select all user base where thispolicy could be applied, however, for quick turn around on daily basis for specific support-team/project-team, you can setup an additional policy here. Triggering events are events that determine if a user is active in an insider...

Microsoft Purview - Insider Risk Management - Final Part Two

Image
Insider Risk Management - What it does? - Activities intended to detect and/or prevent a person from using authorized access to the organization’s assets—either maliciously or unintentionally—in a way that negatively affects the organization. BTW - here is Part 1 of Insider Risk Management post -  https://www.blogger.com/blog/post/edit/474784438622669562/6058210346412545481     There are two main types of insider risk we found: inadvertent and malicious.   Inadvertent: An employee unintentionally causes harm -  unsafe actions, misuses resources, causes accidental data leakage   Malicious: An employee sets out to cause harm - data stole, IP theft, Unauthorized disclosure   Malicious cases, while less common, can be more costly.     Question is how does a company help mitigate all these risk factors and free from all these bad things and concentrate on Organizational growth only. This is most sensitive program, and person who lead or ...

Micrsoft Purview - Insider Risk Management

Image
With the emerge and vast acceptable of digitalization and as the digital landscape continues to grow, the risk landscape for organizations has been changed significantly. Earlier days, insider risk management team are part of the security team who make sure some kind of end-user training on data protection is in place and ensuring the security of corporate assets are in place.  Due to digitalization and as industry shift totally towards cloud era, the data size is keep growing and growing in exponential manner. More apps, more application organization is demanding and hence more monitoring and required tight control is required to be in place. Personally, I believe due to Covid, the work from home culture demands more the role of Chief Information Security Officer (responsible for data protection and manage the insider risk threats).  Controlling the security/threats/damages now is not limited to some modules/check points/assessments, it is now altogether a new era and hence M...

Microsoft Purview - The New Road

Image
  Microsoft Purview - A comprehensive set of solutions comming by clubbing Azure Purview and Microsoft 365 Compliance products which help your organization govern, protect, and manage your data. You can see more insights of your data wherever it lives and gain full control data life cycle. Three Pillars Data security: Solutions include: Data Loss Prevention Information Barriers Information Protection Insider Risk Management Privileged Access Management By defining and applying DLP policies, you can identify, monitor, and automatically protect sensitive items - PI, and SPI. DLP detects sensitive items by using deep content analysis. DLP lifecycle - Plan, Prepare, and Deploy. DLP policies can be applied to data at rest, data in use, and data in motion in locations such as: Exchange Online email SharePoint sites OneDrive accounts Teams chat and channel messages Microsoft Defender for Cloud Apps Windows 10, Windows 11, and macOS (three latest released versions) devices On-premise...

Spark seetings in Microsoft Fabric

Image
Micrsoft Fabric brings many teams in one platform - It joining Data Engineering, Data Science, and Reporting landscape in one platform.  Lakehouse is new concept in Faric and here it is. Question is why we are going to use Lakehouse while Micrsoft do have existing data storage platform. They do have multiple options in Data Engineering area. I believe Microsoft is now looking to operate on a fully managed compute platform that can support Data Engineering and Data Science experiences - Selecting Apache spark features and services, Microsoft Fabric started it's journey. Fabric do using starter pools. With starter pools, we can expect rapid Spark session initialization, typically within 5 to 10 seconds, with no need for manual setup. Starter pools have Spark clusters that are always on and ready for your requests.  Starter pools are a fast and easy way to use Spark on the Microsoft Fabric platform within seconds. You can use Spark sessions right away, instead of waiting for Spar...

How to fix ModuleNotFoundError - No module named pymongo in Notebook

Image
One common issues while working with python or spark is getting error message which says - module not found. Module not found here points that proper configuration or installation is required in respect to libray level. Once this is done, application will able to find my required module. For example, while using below code in Fabric Notebook and trying to connect with MongoDB database and display records, getting no module found error message. Running the code, it is throwing error - ModuleNotFoundError - No module named pymongo To fix the abobe issue, it is required to install the required libries. #install the required packages ! pip install pymongo ! pip install certifi Once done, Azure notebook now able to connect with Mongo database, and getting the confirmation log from Azure. Collecting pymongo Downloading pymongo-4.6.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (676 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 676.9/676.9 kB 17.3 MB/s eta 0:00:00 a 0:00...