While it can be an exceptional tool for protecting organizations from sensitive data theft or loss, Purview Insider Risk Management is also likely to initially flood your analysts and investigators with low-value alerts if not set up correctly. Luckily, this challenge can be solved by implementing the correct fine-tuning methods, which aren't always obvious.

In this session and based on my experiences in the field, I explain how to leverage data sources like DLP auditing (and others) to quickly and confidently increase the alert fidelity of any IRM deployment.

There's also an ongoing companion series of blog articles to this session: https://seppala365.cloud/2023/11/28/fine-tuning-microsoft-purview-insider-risk-management-part-1/ - In the session, I share many tips & experiences not discussed in the articles.