Posts

Showing posts from July, 2024

Intelligent Detections Configuration - Microsoft Purview

Image
To meet the compliance needs for your organization, we need to configure several insider risk management settings. These settings apply to all insider risk management policies, regardless of the template we are going to use when creating a policy.  Several areas we need to look and configure right settings there, starting from policy indicators, timeframes, detection groups, intelligent detections, data sharing, groups, assets etc. One interesting configuration area is intelligent detections. Why we need Intelligent Detections and how we can see the value Detecting unusual activities within a minimum number of daily events and place a score for unusual event. Events like increase/decrease access specific media/files/data, access request from specific range of IP or some unallowed domains, access volume data in unusual time - All these unusual events detecting by intelligent detections configuration are getting scored up, and lately this score will be transformed into low, medium, high