Intelligent Detections Configuration - Microsoft Purview

To meet the compliance needs for your organization, we need to configure several insider risk management settings. These settings apply to all insider risk management policies, regardless of the template we are going to use when creating a policy. 

Several areas we need to look and configure right settings there, starting from policy indicators, timeframes, detection groups, intelligent detections, data sharing, groups, assets etc.



One interesting configuration area is intelligent detections.

Why we need Intelligent Detections and how we can see the value

Detecting unusual activities within a minimum number of daily events and place a score for unusual event. Events like increase/decrease access specific media/files/data, access request from specific range of IP or some unallowed domains, access volume data in unusual time - All these unusual events detecting by intelligent detections configuration are getting scored up, and lately this score will be transformed into low, medium, high severity. 


Remember, your policy can be changed at any time, indeed it is required with the time. May be some quarter, you can expect more hits or download from internal users or even external users as well. During new product launch, more API hit is going to be expected, another one example is quarterly result published by the organizations. Place the policy within timeframe. You can create multiple policy for same set or keep updating your policy on monthly basis.


Policy timeframes configuration allow us to setting activation windows (for pre and post detection). This is pretty easy and you can tweak to update the date based on the policy implementation demands. 



Areas like adding new domain group is pretty easy and staring forward. Just to make sure you identify the domain and the needs for you created this.
Privacy is important but not more than the threat. Privacy setting allow you to choose/log the actual employee's information who is carrying/showing some kind of risk in respect to number or severity from Insider Risk Management.

Important areas like adding unallowed domians or 3rd party domain configurations. You can listed out the list of domains which put in high radder when soneone from your organization share data with them. For example, share access or send email to them. 


You can configure some physical assets in your configuration list as well. For example, if any employee entering any specific data storae area, or anyone using any specific printer.   



Stay tuned!

Comments

Post a Comment

Popular posts from this blog

How to fix Azure DevOps error MSB4126

Image
Setting up build and release pipeline always tedious and we face many build related issues. Here is one common error I face couple of times while setting app Web or windows apps in Azure DevOps After placing the code in repos, and creating the build pipeline and run it, you can face the following error ##[error]D:\a\8\s\<your solution file>.sln.metaproj(0,0): Error MSB4126: The specified solution configuration "release|$(BuildPlatform)" is invalid. Please specify a valid solution configuration using the Configuration and Platform properties (e.g. MSBuild.exe Solution.sln /p:Configuration=Debug /p:Platform="Any CPU") or leave those properties blank to use the default solution configuration. To understand what is target platform defined in your project you need to visit or open the solution(.sln) file and review the following sections. In my case, this has been defined as x86 as target platform.                   GlobalSecti
Read more

SharePoint Admin Center

Image
 SharePoint Admin Center allows you to view your organization's SharePoint site including communication sites, channel sites, and sites that belong to Microsoft 365 group. This is same like Site Admin in earlier days of SharePoint versions. You can search organizational site, sort them or filter sites the way you want. Easy way to find and apply/change site settings. Under Policies, click on Sharing - This will allow you to create rules/ set control sharing at the organization level in SharePoint and OneDrive Here, in this page, you can apply settings to restrict how users are allowed to access content in SharePoint and OneDrive. Term store, the word getting populated from SharePoint 2010. You can feed metadata of metadata information of your organization level, program level, project level in Term store. helps your organization's knowledge better.  AI soon will play a vital role here and using AI, you can acyually find collect and process and finally yoour organization's d
Read more

How to create Custom Visuals in Power BI – Initial few Steps

Image
This post will help you to know the steps to create custom visuals in PowerBI. Microsoft defined them as well at https://docs.microsoft.com/en-us/power-bi/service-custom-visuals-getting-started-with-developer-tools . First things first, and you need to download and install NodeJS , in case if you do not have npm setup in your machine.  Second step is to run couple of npm commands to install Power BI Visual Tools and create & publish the cert. Finally, create your own package and upload with the help of npm. 1.       npm install -g powerbi-visuals-tools 2.       pbiviz --create-cert pbiviz --install-cert 3.       pbiviz new My Visual name – This will create the file under the name of your visual file. 4.      pbiviz start – You need to go to the folder where your custom visual  resides, and run this command. You can change a few things in your pbiviz.json file, like author, display name, icon, style etc. Finally, package your
Read more