You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: microsoft-365/compliance/insider-risk-management-activities.md
+23-2Lines changed: 23 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ f1.keywords:
10
10
ms.author: robmazz
11
11
author: robmazz
12
12
manager: laurawi
13
-
ms.date: 05/09/2023
13
+
ms.date: 06/30/2023
14
14
audience: itpro
15
15
ms.collection:
16
16
- tier1
@@ -124,9 +124,30 @@ To dismiss an insider risk alert, complete the following steps:
124
124
4. On the **Dismiss alerts** detail pane, you can review the user and policy details associated with the selected alerts.
125
125
5. Select **Dismiss alerts** to resolve the alerts as benign or select **Cancel** to close the details pane without dismissing the alerts.
126
126
127
+
## Assign an alert
128
+
129
+
If you're an administrator with the appropriate permissions, you can assign ownership of an alert to yourself or to an insider risk management user with the Insider Risk Management, Insider Risk Management Analyst, or Insider Risk Management Investigator role. After an alert is assigned, you can also reassign it to a user with any of the same roles. You can only assign an alert to one admin at a time.
130
+
131
+
After an admin is assigned, you can filter by admin.
132
+
133
+
### Assign an alert from the Alerts dashboard
134
+
135
+
1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to **Insider risk management**, and then select the **Alerts** tab.
136
+
2. On the **Alerts dashboard**, select the alert(s) that you want to assign.
137
+
3. In the button bar above the alerts queue, select **Assign**.
138
+
4. In the **Assign owner** pane on the right side of the screen, search for an admin with the appropriate permissions, and then select the checkbox for that admin.
139
+
5. Select **Assign**.
140
+
141
+
### Assign an alert from the Alerts detail page
142
+
143
+
1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to **Insider risk management**, and then select the **Alerts** tab.
144
+
2. Select an alert.
145
+
3. In the detail pane for the alert, in the upper-right corner of the page, select **Assign**.
146
+
4. In the **Suggested contacts** list, select the appropriate admin.
147
+
127
148
## Triage alerts
128
149
129
-
To triage an insider risk alert, complete the following steps:
150
+
To triage an insider risk alert:
130
151
131
152
1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to **Insider risk management** and select the **Alerts** tab.
132
153
2. On the **Alerts dashboard**, select the alert you want to triage.
Copy file name to clipboardExpand all lines: microsoft-365/compliance/insider-risk-management-cases.md
+22-1Lines changed: 22 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ f1.keywords:
10
10
ms.author: robmazz
11
11
author: robmazz
12
12
manager: laurawi
13
-
ms.date: 02/21/2023
13
+
ms.date: 06/30/2023
14
14
audience: itpro
15
15
ms.collection:
16
16
- tier1
@@ -63,6 +63,27 @@ Use the **Search** control to search for a Case ID or to search for specific tex
63
63
- Time case opened, start date, and end date
64
64
- Last updated, start date, and end date
65
65
66
+
## Assign a case
67
+
68
+
If you're an administrator with the appropriate permissions, you can assign ownership of a case to yourself or to an insider risk management user with the Insider Risk Management, Insider Risk Management Analyst, or Insider Risk Management Investigator role. After a case is assigned, you can also reassign it to a user with any of the same roles. You can only assign a case to one admin at a time.
69
+
70
+
If an admin is assigned to a case, you can filter by admin.
71
+
72
+
### Assign a case from the Cases dashboard
73
+
74
+
1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to **Insider risk management**, and then select the **Cases** tab.
75
+
2. On the **Cases dashboard**, select the case(s) that you want to assign.
76
+
3. In the button bar above the cases queue, select **Assign**.
77
+
4. In the **Assign owner** pane on the right side of the screen, search for an admin with the appropriate permissions, and then select the checkbox for that admin.
78
+
5. Select **Assign**.
79
+
80
+
### Assign a case from the Cases detail page
81
+
82
+
1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com), go to **Insider risk management**, and then select the **Cases** tab.
83
+
2. Select a case.
84
+
3. In the detail pane for the case, to the left of the **Resolve a case** button, select **Assign**.
85
+
4. In the **Suggested contacts** list, select the appropriate admin.
86
+
66
87
## Filter cases
67
88
68
89
Depending on the number and type of active insider risk management policies in your organization, reviewing a large queue of cases can be challenging. Using case filters can help analysts and investigators sort cases by several attributes. To filter alerts on the **Cases dashboard**, select the **Filter** control. You can filter cases by one or more attributes:
0 commit comments