Steve: Alright, we’re back with 3in3 and we’ve got John Allhizer with us here. He’s a Senior Consultant on the Digital Workplace team.


So John, what is Insider Risk Management?


John: Well, Insider Risk Management is a compliance solution in the Microsoft 365 tenant that helps minimize internal risk by enabling you to detect, investigate, and take action on risky activities in your organization. You can create custom policies that allow you to detect and take action on malicious and inadvertent risk activities in your organization. You can also use templates and those templates are data theft by deporting users, data leaks, security policy violation, and disgruntled users, my favorite.


Steve: So, essentially I think most of us assume that a lot of attacks come from the outside of an organization, but just as much if not more data can be lost from inside the organization and we need to protect against that.


John: Right.


Steve: So, now that we know a little bit about it, what is some interesting things about Insider Risk Management?


John: So, let’s think about it from an HR perspective. When an employee leaves an organization, there are specific risk signals typically associated with data theft by that departing employee. So, the data theft policy that we talked about, it prioritizes these signals and it focuses detection and alerts to risk and this area. It may include downloading files from SharePoint online, downloading it to a USB drive, printing documents, transferring. You don’t have to sit there and monitor your network all the time to see this happen. It does it for you and it knows when that person is scheduled to leave, and it creates that record and will alert you.


Steve: I think that’s the key point John, right there, is that the artificial intelligence bit and the alerting is built in to actually look for insider risk and then report and allow you to respond proactively.


Alright, so now that we know the interesting thing about it and I think really why it’s important for our viewers, what should or what could they do today to get started [with Insider Risk Management]?


John: So, Insider Risk Management is available as part of many different Microsoft 365 licensing schemes and it’s also included with E5, so you need that. It’s a technical solution and there are some things you need to prepare for, but most of it is already there with a little configuration. But it does straddle the worlds of security, privacy, HR, and legal so, I think it’s important to have stakeholders from each one of these to provide input to make sure that your organization’s compliant with what your planning to do.

Steve: Excellent, so essentially get those folks together, let them know that there’s a solution called insider risk management, and then work with your local security or IT team or a partner like us to help configure the solution and get started on a pilot right away.


John: Yes.

Steve: Alright well thanks John. This is has been really fascinating and I think it’s a great topic and a timely topic. So, if you want more information, you can go to our website at, click on the connect button up top, and certainly reach out with any questions you have. Thanks a lot John. I appreciate your time and we’ll see everybody  next time.