In the rapidly evolving digital era, organizations face an uphill battle in securing sensitive data – as evidenced by our recent Microsoft “Rethinking Security from the Inside Out” report where 87% of organizations stated that they experienced data breaches in the past year. A substantial 63% of these incidents stem from inadvertent or malicious insiders with access to sensitive information.
Organizations struggle to keep up with the dynamic nature of risks due to their reliance on fragmented tools and one-size-fits-all security policies, causing friction for users who need to use and access data for legitimate purposes. We continue to hear from customers that they need a user and data-centric approach that enables them to dial up and dial down data security controls based on evolving insider risk levels.
Enter Adaptive Protection, a powerful capability in Microsoft Purview designed to improve overall data security. Adaptive Protection helps you protect your organization’s data by integrating dynamic insider risk levels, determined by data related activities, with various policy engines to automatically moving users in and out of policies as their risk levels change over time.
In February 2023, we announced, enabling users to be automatically included in the scope of data loss policies based on insider risk levels. For example, a DLP policy integrated with insider risk levels will prevent high-risk users from printing sensitive data, while allowing low-risk users to do so. This balances security and productivity and avoids blanketed policies that can be both very noisy and difficult to manage, while also hindering the end user experience.
Today, we are excited to announce Adaptive Protection is now also integrated with Conditional Access. You can now create Conditional Access polices to automatically add users to policies in response to insider risks levels.
Adaptive Protection integrated with Conditional Access
One of the challenges organizations face when trying to implement data security measures is the reliance on fragmented and siloed solutions. These solutions can make it difficult to roll out new data security controls consistently and can create gaps in protection that can be exploited by insiders. With the integration of Adaptive Protection and Conditional Access, Microsoft provides a seamless and easy solution for organizations to automatically move users in and out of policies based on their risk levels. This eliminates the need for organizations to manage multiple, siloed solutions and provides a more streamlined and effective approach to data security.
One of the key components of this integrated solution is Conditional Access, which plays a crucial role in enhancing an organization’s security by enforcing access to applications, data, and infrastructure, thereby minimizing the risk of external threats. It evaluates signals like user identity, location, device, user-risk, and sign-in risk to determine access to resources. And depending on the identity’s risk level, a range of controls is applied, be it implementing Multi-Factor Authentication (MFA), necessitating a password change, or outright blocking access to the application.
Now consider a scenario where a once-trusted employee on your sales team becomes a high-risk user, having submitted their resignation and starting to engage in data exfiltration activities. The Adaptive Protection and DLP integration allows you to prevent unauthorized use of data, but preventing access in the first place to critical applications like Salesforce adds another layer of defense.
With Adaptive Protection integrated with Conditional Access, you can now also configure a policy to automatically add the high-risk employee to the policy and block access to stealing data from your Salesforce application. Admins simply need to toggle the insider risk configuration switch to Yes and activate policy controls, such as mandating a terms of use agreement or outright blocking access. In the scenario above, you could seamlessly prevent a high-risk salesperson from accessing Salesforce – an application housing their beloved client list, while enabling a low-risk salesperson to access the application.
Figure 1: New ‘insider risk’ condition in Conditional Access
The synergy between compromised user risk and insider risk provides your organization with a more comprehensive solution to safeguarding your data against both external threats and internal risks. This comprehensive and multi-layered approach protects your organization against unauthorized access, data leaks, and data theft – ultimately strengthening your overall data security. With a united front against both external and insider risks, your data remains safe, reinforcing your organization’s resilience in the face of evolving cyber threats.
Read our ”Rethinking Security from the Inside Out” Report
We recently surveyed more than 500 data security and identity and access management professionals to gain deep insights into the data security landscape, the challenges organizations face with existing tools, and best practices for protecting against data breaches. Download our report!
Get started
- These capabilities will start rolling out to customer’s tenants in the coming weeks. To get started, read more in our technical documentation.
- Stay up to date on our Microsoft Purview features through the Microsoft 365 Roadmap for Microsoft Purview.
- Learn more about these solutions in the Microsoft Purview compliance portal.
- Visit your Microsoft Purview compliance portal to activate your free trial and begin using our new features. An active Microsoft 365 E3 subscription is required as a prerequisite to activate the free trial.
Thank you,
Erin Miyake, Principal Product Manager, Microsoft Purview
Poulomi Bandyopadhyay, Sr. Product Manager, Microsoft Entra
