You know what data you have, you've classified it, you're stopping it leaking, and you're governing its lifecycle. But what about the person moving the data?
In Episode 5, Luke and Johnny get into Microsoft Purview Insider Risk Management - the detection layer that sits on top of everything else and watches for patterns of risky behaviour before they become incidents. And no, it's not about spying on your employees.
We cover:
- Why most insider risk is accidental, not malicious - and why that matters for how you deploy it
- The two-step setup most people get wrong - indicators first, policies second
- What's included with E5 vs what needs pay-as-you-go billing
- Triggering events and indicators explained - what actually brings a user into scope
- The HR, Legal, and Security triangle - and why you can't deploy IRM without all three
- Sequence detection and cumulative exfiltration - spotting the patterns DLP misses
- Privacy by design - pseudonymisation, RBAC, and how to build trust with employees
- Adaptive Protection - the bridge between data security and identity governance
- The new Risky Agents template and what it means for autonomous AI in your tenant
- Cases, user activity reports, and the new Data Security Triage Agent powered by Security Copilot
This is the fifth pillar of the season - detection. We've built the foundation, classified the data, prevented the leaks, and governed the lifecycle. Now we're watching for the patterns.