Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies to manage security and compliance. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Protecting the privacy of users that have policy matches in Microsoft Purview Insider Risk Management is important. It helps promote objectivity in data investigation and analysis reviews for insider risk alerts. For users with an insider risk policy match, choose one of the following settings:
Important
With the anonymized versions of usernames setting enabled, you cannot use data risk graph.
Show anonymized versions of usernames: The solution anonymizes the names of users to prevent admins, data investigators, and reviewers from seeing who is associated with policy alerts. For example, a user 'Grace Taylor' appears with a randomized pseudonym such as 'AnonIS8-988' in all areas of the Insider Risk Management experience. Choosing this setting anonymizes all users with current and past policy matches and applies to all policies.
Important
If you're using the Alert Triage Agent for Insider Risk Management, user names in prioritized alerts aren't anonymized in the Alert Triage Agent dashboard (preview) if Show anonymized versions of usernames is enabled.
User profile information in the insider risk alert and case details won't be available when this option is chosen. However, names of users that appear in the metadata of an activity, in the metadata of files in Content explorer, and within content of files in Content explorer aren't anonymized. Usernames are displayed when adding new users to existing policies or when assigning users to new policies. If you choose to turn off this setting, usernames are displayed for all users that have current or past policy matches.
Important
To maintain referential integrity for users who have insider risk alerts or cases in Microsoft 365 or other systems, anonymization of usernames isn't preserved for exported alerts when using the exporting API or when exporting to Microsoft Purview eDiscovery solutions. Exported alerts display usernames for each alert in this case. If you export to CSV files from alerts or cases, anonymization is preserved.
Do not show anonymized versions of usernames: Usernames are displayed for all current and past policy matches for alerts and cases. User profile information (the name, title, alias, and organization or department) is displayed for the user for all Insider Risk Management alerts and cases.
Change the privacy setting
- Sign in to the Microsoft Purview portal with an admin account in your Microsoft 365 organization.
- Select Settings in the upper-right corner of the page.
- Select Insider Risk Management to go to the Insider Risk Management settings.
- Select Privacy.
- Select the option you want, to show anonymized names or not.