Coming soon to public preview, Microsoft Purview Insider Risk Management will be rolling out sequence detection for obfuscation involving excluded events.
This message is associated with Microsoft 365 Roadmap ID 124970
[When this will happen:]
Rollout will begin mid-September and is expected to be completed by early October 2023.
[How this will affect your organization:]
This change enhances sequence detection to improve its effectiveness in identifying users who are performing obfuscation activities that may result in a data security incident, such as file renaming, to evade detection. With this improvement, Insider Risk Management can detect sequences that may result in potential data security incidents, even if the obfuscation activities in those sequences involve excluded events, such as an excluded keyword.
[What you need to do to prepare:]
No action is needed to enable these features.
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
You can access the Insider Risk Management solution in the Microsoft Purview compliance portal.
