Help CenterMicrosoft Purview Insider Risk Management is designed to help organizations identify and mitigate insider risks, such as data leaks, policy violations, and malicious activities from within the organization. The licensing for Insider Risk Management within Microsoft Purview is included in certain Microsoft 365 plans, primarily focusing on advanced compliance and security needs. Below is a guide to understanding which licenses are needed to access the features of Insider Risk Management.
Core Licenses for Purview Insider Risk Management
1. Microsoft 365 E5
- Best for: Large enterprises needing comprehensive security, compliance, and risk management.
- Features:
- Full access to Insider Risk Management: Detect, investigate, and respond to potential insider risks by analyzing user behavior across Microsoft 365 services (such as email, Teams, SharePoint, and OneDrive).
- Advanced Communication Compliance: Enables monitoring of inappropriate communications in Teams, email, and third-party integrations.
- Microsoft Defender for Office 365 Plan 2: Protects against advanced threats such as phishing, ransomware, and malware.
- Advanced Data Loss Prevention (DLP): Prevents unauthorized sharing of sensitive information through monitoring, blocking, and alerting on potential data leakage.
- Customer Lockbox: Ensures that Microsoft engineers can only access your data after explicit approval, suitable for regulated industries.
- Advanced Audit and eDiscovery: Provides long-term auditing, investigation, and monitoring capabilities to detect and trace insider activities.
2. Microsoft 365 E3 + E5 Compliance Add-on
- Best for: Organizations already using Microsoft 365 E3 but looking to add advanced compliance and insider risk features.
- Features:
- Basic Insider Risk Management: Limited insider risk detection is included with Microsoft 365 E3, but full access to Insider Risk Management requires the E5 Compliance add-on.
- Basic Data Loss Prevention (DLP): Provides core DLP capabilities, but for advanced features like policy-based encryption and broader scope of data monitoring, the E5 Compliance add-on is needed.
- Basic eDiscovery: The E3 plan includes standard auditing and eDiscovery features but lacks the advanced tools found in the E5 Compliance add-on.
- Communication Compliance: Available with E5 Compliance add-on, enabling monitoring of internal and external communications for compliance purposes.
Key Features of Purview Insider Risk Management
1. Risk-Based Policies: Create policies to track and monitor specific user behaviors that might indicate insider risks, such as file sharing, email forwarding, or sensitive data transfers. Policies can be tailored to detect abnormal activities that deviate from normal user behavior.
2. Activity Monitoring: Monitors user activity across Microsoft 365 services, including email, SharePoint, OneDrive, and Teams. This helps detect and prevent suspicious activities that could lead to data leakage or policy violations.
3. Risk Scoring and Alerts: Automatically assesses risk levels based on user activity, assigning risk scores and triggering alerts for further investigation.
4. Investigative Tools: Provides in-depth investigative tools to examine user activity timelines and identify the intent behind potentially risky behaviors. Investigators can take actions such as blocking access or restricting privileges.
5. Integrated DLP: Insider Risk Management integrates with Microsoft Purview Data Loss Prevention (DLP) to prevent the unauthorized sharing of sensitive information both within and outside the organization.
6. Communication Compliance: Monitors user communications for violations of company policies. This includes detecting inappropriate language, unauthorized sharing of confidential information, and non-compliant communications in email and Teams.
7. Audit and Reporting: Advanced auditing features allow long-term tracking of user activities, which is crucial for compliance and forensic investigations. Reports can be generated to review user actions over extended periods.
Licensing Breakdown
- Microsoft 365 E5: Full insider risk management capabilities, including advanced threat protection, audit, eDiscovery, and DLP. This is the most comprehensive license for organizations focused on preventing insider risks.
- Microsoft 365 E3 + E5 Compliance Add-on: For organizations using Microsoft 365 E3, the E5 Compliance add-on is necessary to access full Insider Risk Management features, making it a cost-effective option for adding advanced compliance features to an existing plan.
Choosing the Right License
- For enterprises needing comprehensive insider risk management: Microsoft 365 E5 is the best option, providing access to a full suite of advanced security, compliance, and risk management tools.
- For organizations already using Microsoft 365 E3: The E5 Compliance add-on can be used to add advanced risk management and compliance features to your existing setup without upgrading fully to Microsoft 365 E5.
Conclusion
Microsoft Purview Insider Risk Management is a powerful tool for organizations aiming to detect and mitigate insider threats. By choosing the right license—whether it’s Microsoft 365 E5 or E3 with the E5 Compliance add-on—organizations can enhance their internal security posture and ensure compliance with data protection regulations. Implementing risk-based policies, monitoring user behavior, and leveraging advanced DLP and communication compliance features will help reduce insider risks and safeguard sensitive data.