MC866451: Microsoft Purview compliance portal: Insider Risk Management cumulative exfiltration tuning

Announcement ID	MC866451	Published Date	08-19-2024
Service	Purview	Last Updated	08-19-2024
Category	Stay informed	Expiration Date	11-30-2024
Roadmap ID	402195	Action Required by Date
Tags	Admin impact, New feature

Summary
Microsoft Purview Insider Risk Management is introducing cumulative exfiltration tuning to reduce alert noise by not scoring previously detected activities. This update will be globally available from mid to late August 2024 and requires no admin action. It is enabled by default and accessible via the Microsoft Purview compliance portal.

More Information
Microsoft Purview Insider Risk Management will be rolling out cumulative exfiltration tuning. With this new feature, Cumulative Exfiltration Activities will not be detected and scored if the events have already been detected in a previous Cumulative Exfiltration Activities risk. This change will reduce noise for alerts generated from Cumulative Exfiltration Activities. When this will happen: General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out mid-August 2024 and complete by late August 2024. How this will affect your organization: With this update, Cumulative Exfiltration Activities will no longer be detected and scored if they have already been identified in a previous cumulative exfiltration alert. This change will reduce unnecessary alerts generated from Cumulative Exfiltration Activities. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy. This feature is enabled by default. What you need to do to prepare: This rollout will happen automatically with no admin action required. You may want to notify your users about this change and update any relevant documentation as appropriate.

More Information

Microsoft Purview Insider Risk Management will be rolling out cumulative exfiltration tuning. With this new feature, Cumulative Exfiltration Activities will not be detected and scored if the events have already been detected in a previous Cumulative Exfiltration Activities risk. This change will reduce noise for alerts generated from Cumulative Exfiltration Activities.

When this will happen:

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out mid-August 2024 and complete by late August 2024.

How this will affect your organization:

With this update, Cumulative Exfiltration Activities will no longer be detected and scored if they have already been identified in a previous cumulative exfiltration alert. This change will reduce unnecessary alerts generated from Cumulative Exfiltration Activities.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

This feature is enabled by default.

What you need to do to prepare:

This rollout will happen automatically with no admin action required. You may want to notify your users about this change and update any relevant documentation as appropriate.

Top News

MC878427: Restricted Content Discoverability for SharePoint Sites

MC761227: Microsoft Teams Phone devices: Advanced calling and contact management on non-touch phones

MC721853: Microsoft New feedback button

MC891238: Microsoft SharePoint and Microsoft Teams: Update on new Microsoft Lists rollout

MC797119: A new Start experience

MC888034: Accept Apple's new terms and conditions to ensure Intune can communicate with Apple as expected

Removing the Default Exchange Server Database: A Step-by-Step Guide

Create and Manage Exchange Groups

Creating a Mailbox in Exchange Server 2013 Using PowerShell

MC888036: Prevent/Fix: PnP PowerShell authentication failures

MC866451: Microsoft Purview compliance portal: Insider Risk Management cumulative exfiltration tuning

When this will happen:

How this will affect your organization:

What you need to do to prepare:

Contact Form

Top News

MC866451: Microsoft Purview compliance portal: Insider Risk Management cumulative exfiltration tuning

When this will happen:

How this will affect your organization:

What you need to do to prepare:

You Might Like

Contact Form