Microsoft Purview Insider Risk Management

Quickly identify and take action on insider risks with an integrated end-to-end approach.

A person using a large touchscreen desktop monitor.

Take action on insider risks

Intelligently identify, investigate, and take quick action on insider risks.

Built-in privacy

Manage data risks with pseudonymization and strong controls.

Rich insights

Identify hidden risks with customizable machine learning templates requiring no endpoint agents.

Collaborate on investigations

Work with teams across security, human resources, and legal departments with integrated investigation workflows.

Insider Risk Management

Learn more about Insider Risk Management

Discover how to get started and identify potential risks across a broad range of user activities with this guided video.

Addressing insider risks is a challenge

93%

of organizations are concerned about insider risks1.

25%

of all data breaches are due to insider activity2.

77 days

average time to contain an insider incident3.

Key features of Microsoft Purview Insider Risk Management

Potential data leak activities in Microsoft 365 compliance.

Analytics

Conduct an evaluation of potential insider risks in your organization without configuring any insider risk policies.

Policy template creation in Microsoft 365 compliance.

Machine learning playbooks

Quickly create a policy with customizable machine learning templates that require no scripting or endpoint agents to deploy.

An Insider risk management overview in Microsoft 365 compliance.

Guided experience

Get step-by-step guidance when you onboard to Insider Risk Management.

Suspicious access alerts being displayed in Microsoft 365 compliance.

Healthcare playbook

Identify patient data misuse risks with built-in indicators and detectors that use data from electronic medical record systems.

A confidentiality obligation alert in Microsoft 365 compliance.

Contextual alert review

Easily understand the context of an alert to help focus your investigation on the riskiest activities.

Updates in a potential IP theft case in Microsoft 365 compliance.

Case management

Deeply investigate and act on issues generated by risk indicators defined in your policies.

Potential data leak activities in Microsoft 365 compliance.

Analytics

Conduct an evaluation of potential insider risks in your organization without configuring any insider risk policies.

Policy template creation in Microsoft 365 compliance.

Machine learning playbooks

Quickly create a policy with customizable machine learning templates that require no scripting or endpoint agents to deploy.

An Insider risk management overview in Microsoft 365 compliance.

Guided experience

Get step-by-step guidance when you onboard to Insider Risk Management.

Suspicious access alerts being displayed in Microsoft 365 compliance.

Healthcare playbook

Identify patient data misuse risks with built-in indicators and detectors that use data from electronic medical record systems.

A confidentiality obligation alert in Microsoft 365 compliance.

Contextual alert review

Easily understand the context of an alert to help focus your investigation on the riskiest activities.

Updates in a potential IP theft case in Microsoft 365 compliance.

Case management

Deeply investigate and act on issues generated by risk indicators defined in your policies.

See what our customers are saying

Additional resources

Accelerate time to action

Read the blog for the latest news and updates about Insider Risk Management.

Get started

Explore detailed information to help you get started with Insider Risk Management.

Interactive guide

Quickly become familiar with Insider Risk Management capabilities.

Video series

Learn how Insider Risk Management can help you quickly identify and take action on potential insider risks.

Get started with Microsoft Security

1. 93% of organizations are concerned about insider risks (Insider Risk Management, Microsoft Market Research, January 2021)
2. 25% of all data breaches are due to insider activity (Communication Compliance, Microsoft Market Research, May 2021)
3. 77 days average time to contain an insider incident (2020 Cost of Insider Threats: Global Report, The Poneman Institute.)