Intelligent Detections Configuration - Microsoft Purview

To meet the compliance needs for your organization, we need to configure several insider risk management settings. These settings apply to all insider risk management policies, regardless of the template we are going to use when creating a policy. 

Several areas we need to look and configure right settings there, starting from policy indicators, timeframes, detection groups, intelligent detections, data sharing, groups, assets etc.



One interesting configuration area is intelligent detections.

Why we need Intelligent Detections and how we can see the value

Detecting unusual activities within a minimum number of daily events and place a score for unusual event. Events like increase/decrease access specific media/files/data, access request from specific range of IP or some unallowed domains, access volume data in unusual time - All these unusual events detecting by intelligent detections configuration are getting scored up, and lately this score will be transformed into low, medium, high severity. 


Remember, your policy can be changed at any time, indeed it is required with the time. May be some quarter, you can expect more hits or download from internal users or even external users as well. During new product launch, more API hit is going to be expected, another one example is quarterly result published by the organizations. Place the policy within timeframe. You can create multiple policy for same set or keep updating your policy on monthly basis.


Policy timeframes configuration allow us to setting activation windows (for pre and post detection). This is pretty easy and you can tweak to update the date based on the policy implementation demands. 



Areas like adding new domain group is pretty easy and staring forward. Just to make sure you identify the domain and the needs for you created this.
Privacy is important but not more than the threat. Privacy setting allow you to choose/log the actual employee's information who is carrying/showing some kind of risk in respect to number or severity from Insider Risk Management.

Important areas like adding unallowed domians or 3rd party domain configurations. You can listed out the list of domains which put in high radder when soneone from your organization share data with them. For example, share access or send email to them. 


You can configure some physical assets in your configuration list as well. For example, if any employee entering any specific data storae area, or anyone using any specific printer.   



Stay tuned!

Comments

Popular posts from this blog

How to fix Azure DevOps error MSB4126

How to create Custom Visuals in Power BI – Initial few Steps

SharePoint Admin Center