A field guide to fine-tuning Insider Risk Management

While it can be an exceptional tool for protecting organizations from sensitive data theft or loss, Purview Insider Risk Management is also likely to initially flood your analysts and investigators with low-value alerts if not set up correctly. Luckily, this challenge can be solved by implementing the correct fine-tuning methods, which aren't always obvious.

In this session and based on my experiences in the field, I explain how to leverage data sources like DLP auditing (and others) to quickly and confidently increase the alert fidelity of any IRM deployment.

There's also an ongoing companion series of blog articles to this session: https://seppala365.cloud/2023/11/28/fine-tuning-microsoft-purview-insider-risk-management-part-1/ - In the session, I share many tips & experiences not discussed in the articles.

Streamlining Power Platform environment access and security role management with Entra ID

Does the complexity and clumsiness of access and security role management in Power Platform and Dataverse leave you feeling unsure of how to keep things under control at scale? Do you find yourself wishing you could bring in the familiar and powerful access management and governance functionalities of Entra ID (formerly known as Azure AD) to Power Platform and Dataverse?

If so, this is the right session for you!

Through demos and insights, I will walk you through a proven, repeatable and easy-to-understand strategy for managing access to Power Platform environments and the Dataverse security roles in them - all powered by familiar Entra ID capabilities and only utilizing native Microsoft features.

During the session, I will show you how to..
* Manage Dataverse security roles with Entra ID groups
* Control access to Power Platform environments in Entra ID
* Clean up security role assignments from stale user accounts
* Enable easy an self-service access and role management for environment owners - no admin permissions required!
* Implement just-in-time activation (with optional business justification requirements) for System Administrator and other roles - and monitor the use of these roles over time

The end-to-end approach I share and demonstrate in this session is based on a set of solutions I've researched, developed, validated and implemented for real organizations over the last years. I will equip you with a set of patterns you can start implementing immediately in your own (or a customer's) organization.

This session is 75-85% demo-driven with intermittent pauses to discuss tips and raise some points. It takes the audience on a well-explained, end-to-end journey and aims to enable them to take action immediately.

Hunting for accumulations of sensitive data with Content Search and Defender for Cloud Apps

Identifying and hardening significant accumulations of data-at-rest in SharePoint Online and OneDrive is one of the key tasks in preparing an organization's data estate before Copilot for Microsoft 365 rollouts and in general as well. Accomplishing this isn't clear-cut, however.

In this session you will learn and see how to hunt for sensitive data accumulations for real in a clear, repeatable and effective way using tools like Content Search and Defender for Cloud Apps file policies. I will showcase and share KQL search queries, methods and best practices picked up during real-life work with numerous early Copilot for Microsoft 365 adopter organizations.

Dataverse detective: Discovering sensitive information with Purview Data Governance

With Power Platform and Dynamics 365 powering an increasing number of business-critical solutions, there is a growing need to understand and govern sensitive information stored in Dataverse databases. This is where Microsoft Purview Data Governance (Data Map & Data Catalog) comes in.

In this demo-driven session I explain how to integrate Dataverse into an organization's existing data security solutions while discovering, classifying and labeling business-critical information at-scale. Then, I'll tell you how to put these classifications to work, focusing your data security and governance efforts where they will have the greatest positive impact.

To help inform your own implementation efforts, I will share my experience-driven insights, tips and best practices for integrating Purview with Dataverse and raise awareness around some potential avoidable pitfalls when considering a move to production.

This session is 70%+ demo-driven and equips audiences with a solution pattern they can immediately start utilizing in their own organizations.

Advanced Copilot Analytics: From Zero to Hero with the Unified Audit Log, Entra ID and Power BI

A key challenge in achieving a successful outcome with Microsoft 365 Copilot is the lack of proper built-in analytics for administrators to discover and understand Copilot usage trends across scenarios, roles, departments, and more on a detailed level.

However, by cleverly combining the right Unified Audit Log events with Entra ID identity data in Power BI, it is possible to gain valuable insights into Copilot usage.

This can help answer questions such as:
- Which roles were the most active users of Word Copilot over the last 1/3/6/12 months?
- Of all sales executives, who are the top 3 and bottom 3 users by volume of Excel Copilot usage?
- How has Copilot chat usage developed across all users day-by-day after a round of trainings were held?
- How much Confidential content was referenced during last week's Copilot interactions?

In this session, I will discuss and demonstrate how to unlock these game-changing insights to tell compelling, data-driven stories about your organization's use of Microsoft 365 Copilot.

DLP in Teams: A game-changer for raising everyday awareness

People can either be the strongest or weakest link in any organization's data security strategy. As the hub for everyday collaboration, Teams should help us understand when the information we are handling in chats, channel messages or files requires special attention and care.

In this session, we fire up some demos and take a hands-on approach for how to make this happen with Teams DLP - without blowing up business processes or causing undue frustration.

Notes from the field: Best practices for Purview data security rollouts

Embarking on the journey to organization-wide sensitive data discovery, sensitivity labeling and data loss prevention can be daunting. There are plenty of common mistakes that are easy to make if you aren't prepared - I know, because I've made most of them over the years!

During the session, we cover topics including but not limited to:
- Sensitivity label and DLP solution design
- Data Security team-building
- The ring-based data security solution rollout model
- Encryption considerations
- Policy and rule naming conventions
- The phased DLP solution buildup pattern from discovery to protection
- The importance of a proper audit phase coupled with consistent awareness-building with Policy Tips
- How to build your event ingestion pipeline from the Unified Audit Log to Azure Log Analytics
- How to block the bad stuff without messing up business processes
- And of course, the most common "fatal" mistakes you'll want to avoid.

Simply put, the aim of this session is to help you walk a smoother path with your Purview data security deployments. I share my experience-driven tips for reaching a successful data security outcome, both in the short and the mid-to-long term.

Cutting through the noise: Jumpstart your insider risk program with Microsoft Purview

Join me for an insightful session where I share practical tips and insights from my experience in helping organizations establish robust insider risk teams using Microsoft Purview Insider Risk Management (IRM).

Discover how to navigate both the technical and the human aspects of insider risk management:
- Know the other Microsoft data security capabilities and features you want to have in place before using IRM that will help achieve success
- Understand the key roles and responsibilities. It takes more than just IT!
- Learn how to fine-tune technical indicators, policies and other settings
- Master the craft - I share my tips on how to structure the daily, weekly and monthly work of the insider risk team

I will also discuss the toughest challenges I've faced so far, share some proven strategies to achieve quick and meaningful results, and discuss the next steps once your insider risk management practice is up and running.