Insider Risk Management: Exfiltration of business sensitive data to free public domain emails

News Informatique

Insider Risk Management: Exfiltration of business sensitive data to free public domain emails

Microsoft Purview Insider Risk Management will roll out exfiltration of business sensitive data to free public domain emails.

When this will happen:

General Availability: available since July 2024.

How this will affect your organization:

We are enhancing the existing email insight alerts to provide additional information when business sensitive data is potentially leaked from a work email account to a free public domain email, potentially leading to a data security incident. The new domain detection group “Free public domains” will list the common domains used for personal email accounts. Admins with appropriate permissions can choose to select these domains in their indicator variants.

You can also modify the “Free public domains” detection group. Administrators with the necessary permissions now have the flexibility to tailor the default domain list in the “Free public domains” by adding new domains or removing existing ones. Should there be a need to revert to the original domain list provided by Microsoft, the “Reset” function can be utilized. The maximum number of domains allowed per detection group remains capped at 200, and this includes the “Free public domains” group. Any changes made to this group will be taken into account when analyzing potential data exfiltration to personal email accounts.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. 

Any email going to free public domains (including email sent to self) will be automatically highlighted in email insights.

Updated email insight:

admin settings

Free public domains:

admin settings

New column and filters for email activities:

admin settings
View image in new tab

What you need to do to prepare:

You may want to update any relevant documentation as appropriate. We will update this comm before rollout with revised documentation.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. 

You can access the Insider Risk Management solution in the Microsoft Purview compliance portal.

0 26 August 2024
Insider Risk Management

No Comments

Add your comment

Thibault CHÂTIRON

Expert Sécurité

À propos de moi

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts

Categories
AADConnect AIP Application Guard Azure Azure ATP Blockchain Conditional Access Copilot Delve DLP eDiscovery EntraID ethereum Exchange Online Graph API Guest Hello For Business Information barriers Insider Risk Management Intune MCAS MDE MDI MDO MFA Microsoft 365 Microsoft Threat Protection Non classé OneDrive Passwordless Prim'X Purview Sentinel SharePoint Online Solidity SSPR Windows Zed
Recent Posts
August 2024
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728293031  
Categories
Archives

©  2024 Thibault Chatiron