Achieve a Microsoft 365 Insider Risk Management (IRM) production pilot, which is expected to provide solutions, detection, and investigation for insider threat scenarios.
A sensitive data classification and governance program within a Microsoft 365 E5 license package with the intent of deploying data protection, governance, and insider threat management capabilities to their enterprise. Designed to deploy functions of the Microsoft Information Protection (MIP) service, specifically the Microsoft 365 Compliance Insider Risk Management service and supporting components. This quick start will provide capabilities to monitor, detect, and analyze user usage patterns and generate alerts for investigation within the organization.
Deliverables: • Information gathering for the Insider Risks Management requirements • Enable Advanced Audit in Microsoft Purview portal • Configure Insider Risk to address prioritized requirements for up to two business units • Test and validate IRM configuration • Configuration of one associated Microsoft Information Governance preservation
Scope included: • Insider Threat Roadmap with recommendations for maintaining and improving risk posture and attack surface • Quick Start deliverables • Analysis of user risk based on all available Microsoft 365 telemetry sources • Microsoft 365 Data Security Operations plan to support monitoring, tuning, trigger analysis, and response support workflows