Data risk management

Data risk management

Identify, manage, and reduce insider risk and other potential data vulnerabilities

Managing data protection and compliance can be a massive challenge. And it’s made tougher by larger data volumes, increasing regulatory complexity, remote work environments, and growing insider risk.
Once you’ve understood and protected your data, the final step in a comprehensive data protection approach is reducing your data risk.
With Microsoft Purview, you’ll be able to get a better handle on risk by following the steps in this section.

Step 1
Leverage machine learning to identify potential insider risks

The proliferation of digital data and the rise of remote and
hybrid work have increased concern around insider risks.
Organizations everywhere face real challenges in protecting
themselves from harm arising from misuse of authorized
access—both accidental and malicious.
Microsoft Purview Insider Risk Management uses machine
learning to correlate a broad range of signals to identify
potential insider risks, so you can quickly identify and
act on them.

Step 2
Detect potential violations in
communications related to regulatory compliance or business conduct

It’s important to foster compliant communications, by
protecting sensitive information and detecting inappropriate messages, such as those containing harassing or threatening
language or adult content.
Microsoft Purview Communication Compliance provides
tools to help organizations identify these kinds of issues,
including compliance violations related to regulations
like SEC or FINRA. Built with privacy by design, these
tools provide role-based access controls, pseudonymize
usernames by default, and maintain audit logs to help
ensure user-level privacy.

Step 3
Store and retain core business records

Your organization likely needs to meet regulatory and
compliance requirements around records management.
You need to be ready at any time to demonstrate
compliance with regulations, but ideally you also want
to dispose of data that’s no longer valuable or no longer
required for business or regulatory reasons.
Microsoft Purview Records Management gives you
a reliable system to manage and store regulatory,
legal, and business-critical records, retaining them in
unalterable, compliant formats.

Step 4
Power forensic investigations with audit-ready reporting and insights

Your organization might need to conduct forensic or
compliance investigations at times, especially when
researching possible breaches and determining the scope
of a compromise.

This can require specific information,
such as when and what a user searched for, as well as when
particular emails were accessed, replied to, or forwarded.
Microsoft Purview Audit makes forensic investigations
more productive and efficient.

It provides insights on user
activity, high-bandwidth data access, and reporting that
helps you feel more prepared for audits. It can also help
you preserve audit logs to meet regulatory requirements
for up to 10 years.

Step 5
Identify legal risks and investigate

If your organization needs to respond to a legal matter or
internal investigation, the first step will be discovering where
the relevant data lives.

You’ll need to identify persons of interest and their data sources, apply holds to preserve data,
and manage the communication process around legal holds.
Microsoft Purview eDiscovery provides an end-to-end
workflow to preserve, collect, analyze, review, and export
content for both internal and external investigations.
Intelligent machine learning capabilities such as deep
indexing, email threading, and near-duplicate detection can
also help you narrow down large volumes of data.

Step 6
Continuously assess and track your compliance effectiveness

Managing compliance requirements in a multicloud
environment can be challenging. You need to take
inventory of data protection risks, deal with complexity
when implementing controls, stay current with regulations
and certifications, and be ready to report to auditors.
Microsoft Purview Compliance Manager can help
you continuously assess and track the effectiveness of
your compliance efforts. It has many capabilities that
simplify compliance and reduce risk, including pre-built
assessments for common standards—for example, around certain industry or governmental bodies.  

You also get stepby-step guidance on suggested improvements, as well as a risk-based compliance score to help you understand your
compliance posture.

Step 7
Automate workflows and reporting

Microsoft Purview has built-in extensibility that can
help you adapt, extend, integrate, accelerate, and
support your compliance solutions, primarily using data
connectors and APIs.
One example is Microsoft Graph APIs for eDiscovery.

If your organization handles many eDiscovery requests and
cases, you know that the associated workflows can be
frequent, critical, and high volume. Automation can be a
big help, especially with common repeated tasks or large numbers of activities.


Microsoft Graph APIs for eDiscovery provide a scalable
way to repeat processes consistently and effectively.

By supporting workflows with APIs, you can give yourself
flexible options for automation and integration, from upstream processes (such as case creation) to downstream
(such as collection, review set queries, or export).

Step 1

Leverage machine learning to identify potential insider risks

The proliferation of digital data and the rise of remote and
hybrid work have increased concern around insider risks.
Organizations everywhere face real challenges in protecting
themselves from harm arising from misuse of authorized
access—both accidental and malicious.
Microsoft Purview Insider Risk Management uses machine
learning to correlate a broad range of signals to identify
potential insider risks, so you can quickly identify and
act on them.

Step 2

Detect potential violations in communications related to regulatory compliance or business conduct

It’s important to foster compliant communications, by
protecting sensitive information and detecting inappropriate
messages, such as those containing harassing or threatening
language or adult content.
Microsoft Purview Communication Compliance provides
tools to help organizations identify these kinds of issues,
including compliance violations related to regulations
like SEC or FINRA. Built with privacy by design, these
tools provide role-based access controls, pseudonymize
usernames by default, and maintain audit logs to help
ensure user-level privacy.

Step 3

Store and retain core business records

Your organization likely needs to meet regulatory and
compliance requirements around records management.
You need to be ready at any time to demonstrate
compliance with regulations, but ideally you also want
to dispose of data that’s no longer valuable or no longer
required for business or regulatory reasons.
Microsoft Purview Records Management gives you
a reliable system to manage and store regulatory,
legal, and business-critical records, retaining them in
unalterable, compliant formats.

Step 4

Power forensic investigations with audit-ready reporting and insights

Your organization might need to conduct forensic or
compliance investigations at times, especially when
researching possible breaches and determining the scope
of a compromise. This can require specific information,
such as when and what a user searched for, as well as when
particular emails were accessed, replied to, or forwarded.
Microsoft Purview Audit makes forensic investigations
more productive and efficient. It provides insights on user
activity, high-bandwidth data access, and reporting that
helps you feel more prepared for audits. It can also help
you preserve audit logs to meet regulatory requirements
for up to 10 years.

Step 5

Identify legal risks and investigate

If your organization needs to respond to a legal matter or
internal investigation, the first step will be discovering where
the relevant data lives. You’ll need to identify persons of
interest and their data sources, apply holds to preserve data,
and manage the communication process around legal holds.
Microsoft Purview eDiscovery provides an end-to-end
workflow to preserve, collect, analyze, review, and export
content for both internal and external investigations.
Intelligent machine learning capabilities such as deep
indexing, email threading, and near-duplicate detection can
also help you narrow down large volumes of data.

Step 6

Continuously assess and track your compliance effectiveness

Managing compliance requirements in a multicloud
environment can be challenging. You need to take
inventory of data protection risks, deal with complexity
when implementing controls, stay current with regulations
and certifications, and be ready to report to auditors.
Microsoft Purview Compliance Manager can help
you continuously assess and track the effectiveness of
your compliance efforts. It has many capabilities that
simplify compliance and reduce risk, including pre-built
assessments for common standards—for example, around
certain industry or governmental bodies. You also get stepby-step guidance on suggested improvements, as well as a
risk-based compliance score to help you understand your
compliance posture.

Step 7

Automate workflows and reporting

Microsoft Purview has built-in extensibility that can
help you adapt, extend, integrate, accelerate, and
support your compliance solutions, primarily using data
connectors and APIs.
One example is Microsoft Graph APIs for eDiscovery. If
your organization handles many eDiscovery requests and
cases, you know that the associated workflows can be
frequent, critical, and high volume. Automation can be a
big help, especially with common repeated tasks or large
numbers of activities.
Microsoft Graph APIs for eDiscovery provide a scalable
way to repeat processes consistently and effectively. By
supporting workflows with APIs, you can give yourself
flexible options for automation and integration, from
upstream processes (such as case creation) to downstream
(such as collection, review set queries, or export).

Veuillez activer JavaScript dans votre navigateur pour remplir ce formulaire.
Nom