Control 1.12: Insider Risk Detection and Response
Control ID: 1.12
Pillar: Security
Regulatory Reference: FINRA Rule 3110 (Supervision), FINRA Rule 4511 (Books and Records), FINRA Notice 21-18 (Cybersecurity), FINRA Notice 25-07 (AI — RFC, contextual only), SEC Rule 17a-3/17a-4 (Recordkeeping), SEC Regulation S-P (2024 amendments — 30-day customer notice; 72-hour service-provider notice), NYDFS 23 NYCRR §500.06 / §500.16 / §500.17, GLBA 501(b) (Safeguards Rule), SOX Sections 302/404 (Internal Controls), OCC Bulletin 2011-12 / Federal Reserve SR 11-7 (Model Risk), FFIEC IT Examination Handbook (Information Security; Management)
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated
Objective
Detect potentially malicious or inadvertent insider activities that could harm the organization, including risky data movement, abusive prompts, suspicious agent interactions, and security-policy violations. Microsoft Purview Insider Risk Management is primarily a detection, triage, and investigation capability — it is not a standalone blocking control, a books-and-records retention plane, an HR investigation workflow, or a substitute for supervisory review by a registered principal. Use it as one layer of defense-in-depth alongside DLP, Communication Compliance, Audit (Premium), Conditional Access, eDiscovery (Premium), incident response, and the firm's documented Written Supervisory Procedures.
Non-Substitution
Insider Risk Management does not replace HR investigations, employee-relations processes, legal-hold / eDiscovery decisions, supervisory review under the firm's Written Supervisory Procedures (FINRA Rule 3110), formal incident response and regulator-notification workflows (Control 3.4), books-and-records retention (Control 1.7, Control 1.9), or model-risk governance for AI-driven scoring (Control 2.6).
Sovereign Cloud Availability — GCC, GCC High, DoD
Microsoft Learn explicitly states that Adaptive Protection is not available for US Government cloud programs at this time. Risky Agents (preview), Risky AI usage (which depends on a browser signal source on Windows), Forensic Evidence, and the Triage Agent (which depends on Microsoft Security Copilot + SCUs) require feature-by-feature parity verification before being claimed as in-scope for sovereign tenants. For tenants where a feature is not available, document the compensating controls — DLP (Control 1.5), Communication Compliance (Control 1.10), Audit (Premium) (Control 1.7), Defender for Cloud Apps, Sentinel UEBA (Control 3.9), manual supervisory review, and an exception register — and re-verify quarterly.
Why This Matters for FSI
- GLBA 501(b): Helps detect insider activity that could expose customer NPI; Adaptive Protection (where available) raises DLP / DLM / Conditional Access posture as a user's risk level changes
- SOX 404: Supports internal-control monitoring of insider activity touching financial reporting data and supervisory systems
- SEC 17a-4 / 17a-3 / FINRA 4511: Insider Risk Management is a detection and investigation surface, not a books-and-records retention plane. IRM cases, alerts, and Forensic Evidence clips are working investigative artifacts (Forensic Evidence clips auto-delete 120 days after capture unless exported). Durable, tamper-resistant retention is provided by retention policies, retention labels, and records management — see Control 1.9
- FINRA 3110 / 25-07: Helps support supervisory expectations over insider activity, including AI-agent activity; FINRA 25-07 expects supervision of AI/agent behavior at parity with employees — IRM contributes detection signal, Communication Compliance (Control 1.10) and DLP/DSPM (Control 1.5 / Control 1.6) provide complementary coverage
- OCC 2011-12 / Fed SR 11-7: ML-powered risk scoring and the AI Triage Agent are model-driven; firms should bring them into their model inventory, validation, and ongoing-monitoring program — see Control 2.6
- NYDFS 23 NYCRR 500 §500.17(a): IRM detections may surface determinations that trigger the 72-hour cybersecurity-event clock; cross-link to FSI Incident Handling in the troubleshooting playbook
No companion solution by design
Not all controls have a companion solution in FSI-AgentGov-Solutions; solution mapping is selective by design. This control is operated via native Microsoft admin surfaces and verified by the framework's assessment-engine collectors. See the Solutions Index for the catalog and coverage scope.
Control Description
| Capability | Description |
|---|---|
| Data theft detection | Detect unauthorized data extraction by users leaving your organization (Microsoft 365 and non-Microsoft 365 apps) |
| Data leak monitoring | Identify external sharing, email exfiltration, USB copy |
| Security violations | Monitor failed access attempts and risky sign-ins |
| Agent abuse detection | Identify misuse of agent capabilities and configurations |
| ML-powered analytics | AI-driven risk pattern detection and scoring |
Risky Agents Policy Template
Microsoft Purview Insider Risk Management includes a Risky Agents (preview) template targeting agents hosted on Microsoft Copilot Studio and Microsoft Foundry. Per Microsoft Learn this template is applied by default for organizations using Insider Risk Management — it is not added through the Create policy wizard. It helps detect risky prompts, sensitive agent responses, access to sensitive or priority SharePoint content, risky website access, external sharing, and activity above the agent's normal baseline. Do not treat this as blanket coverage for all agent types or as full runtime inspection of every Microsoft 365 Copilot interaction. Verify preview / GA status and tenant availability on Microsoft Learn at deployment time.
Risky AI Usage Policy Template
The Risky AI usage template detects risky prompts and responses across Microsoft 365 Copilot, Microsoft Copilot, and other AI surfaces. This template requires a browser signal source on the user's device (see Browser Signal Prerequisites below) and feeds Adaptive Protection scoring.
Forensic Evidence (Opt-In, Dual-Authorization, PAYG)
Forensic Evidence is an opt-in capability that captures customizable visual activity for high-risk users. It is off by default. Per Microsoft Learn (insider-risk-management-forensic-evidence):
- Requires a separate Forensic Evidence policy in addition to the in-scope detection policy
- Uses a dual-authorization model — capture requests are submitted by an Insider Risk Management Investigator and approved by a member of the Insider Risk Management Approvers role group (which must be distinct from Investigators)
- Requires devices onboarded to Microsoft Purview, Windows 10 / 11 Enterprise, and the Microsoft Purview Client
- Billed via pay-as-you-go (PAYG) with an organizational storage trial (verify current trial size on Learn at deployment time)
- Captured clips are deleted 120 days after capture unless downloaded or transferred before deletion. Do not treat forensic evidence as your compliant books-and-records retention mechanism. If a clip becomes evidentiary, export and preserve it under the firm's retention, legal-hold, and supervisory-evidence process (see Control 1.7, Control 1.9, and eDiscovery (Premium))
- State-law notice requirements (e.g., Connecticut, Delaware, New York employee monitoring laws) may apply; coordinate with Privacy / Legal before enabling
Browser Signal Prerequisites
Risky AI usage, Risky browser usage, and several browser-derived indicators require a browser signal source. Per Microsoft Learn (insider-risk-management-browser-support):
- Microsoft Edge — install the Microsoft Insider risk extension (or use the Microsoft Purview extension where indicated by Learn for the specific scenario)
- Google Chrome — install the Microsoft Purview extension
- Windows-only; non-Windows devices are not supported
- Devices must be onboarded to Microsoft Purview
- The relevant browsing indicators must be enabled in Settings → Policy indicators → Browsing indicators
Adaptive Protection
Adaptive Protection dynamically assigns DLP, Data Lifecycle Management (120-day retention preservation for elevated-risk users), and Conditional Access controls based on calculated insider risk level (Minor / Moderate / Elevated). Adaptive Protection consumes signals from IRM policies including Risky AI usage and Risky Agents.
Triage Agent
The Triage Agent is a Security Copilot–powered agent that helps prioritize alerts. Verify the current lifecycle (Preview vs GA), feature scope, and any consumption / capacity prerequisites on Microsoft Learn at the time of deployment — these change frequently.
Other AI / Detection Surfaces
- Data risk graphs — visualize relationships between users, agents, data sources, and signals during investigation
- Content preview — investigators can preview related files from SharePoint, Exchange, OneDrive directly during alert triage; verify current lifecycle on Learn
Sovereign Cloud Availability
Important — FSI sovereign cloud caveat: Per Microsoft Learn, Insider Risk Management — and in particular Adaptive Protection — has limited availability in US Government cloud programs (GCC, GCC High, DoD). Confirm current availability of each IRM capability (core IRM policies, Risky AI usage, Risky Agents, Risky browser usage, Forensic Evidence, Adaptive Protection, Triage Agent) for your tenant cloud before relying on this control. For tenants where IRM or Adaptive Protection is unavailable, document the gap as a control exception and apply compensating controls (Communication Compliance, Audit Premium, DLP, Defender for Cloud Apps, Sentinel UEBA).
Key Configuration Points
Licensing and PAYG (verify on Learn at deployment):
- IRM core requires Microsoft 365 E5, E5 Compliance, Insider Risk Management standalone, or Microsoft Purview Suite (per-user)
- Specific indicators / capabilities (notably Forensic Evidence) require pay-as-you-go (PAYG) billing on a linked Azure subscription
- Sovereign cloud: confirm current availability per the Sovereign Cloud Availability note above
Tenant-level prerequisites:
- Unified Audit Log on — IRM policies and analytics scans use UAL; without it, policies produce no signal (this is the most common silent-failure mode)
- Insider Risk Management role groups configured per the table in Roles & Responsibilities (six groups, including Approvers for Forensic Evidence dual-auth)
- Pseudonymization — usernames are pseudonymized in IRM by default; preserve this default unless your privacy framework requires otherwise, and audit any re-identification
- Administrative units — for FSI subsidiaries, broker-dealer / RIA / bank LOB segregation, and regional review teams, scope IRM admin/analyst/investigator membership using administrative units where supported on Learn
Connector and integration prerequisites:
- Microsoft 365 HR connector (CSV upload + scheduled ingestion) — required for Data theft by departing users, Data leaks by risky users (priority-user PIP signal), and termination-driven scoping. Map
EmployeeID,ResignationDate,LastWorkingDateminimum - Microsoft Defender for Endpoint integration — required for Security policy violations and the priority-/departing-/risky-users variants (security control evasion, unwanted software, MDE alerts). Without MDE the policy template will not produce signal
- Microsoft Defender for Cloud Apps connectors (Box, Dropbox, Google Drive, Amazon S3, Azure) — required for cloud-app coverage in Data theft by departing users; the template itself is single — the cloud-app indicators come from the connectors
- Physical badging connector (optional) — supports physical-access correlation for high-security floors / trading floors
- DLP for High-severity incident reports — required when DLP is the trigger source for Data leaks
Policy templates to consider for FSI (use Learn-canonical names verbatim):
- Data theft by departing users (single template; cloud-app coverage via Defender for Cloud Apps)
- Data leaks
- Data leaks by priority users (MNPI, trading desk, RIA staff)
- Data leaks by risky users (PIP / Communication-Compliance-flagged)
- General security policy violations (and priority-/departing-/risky-users variants)
- Risky AI usage (requires browser extension)
- Risky browser usage (preview — verify lifecycle on Learn; requires browser extension)
- Forensic evidence (separate paired policy with dual-auth opt-in)
- Risky Agents — applied by default; not selected via Create policy
- Patient data misuse — out of scope unless healthcare; document exclusion
Operational:
- Enable analytics (de-identified scans; Learn states scans may take up to 48 hours to complete)
- Define priority user groups (agent admins, trading desk, client-facing) and the role groups permitted to view each priority user group
- Define an alert triage workflow with documented severity, owner, and escalation per the firm's WSP — Microsoft does not publish IRM investigation SLAs
- Configure case escalation path to eDiscovery (Premium) for legal hold
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Data leaks policy with high-severity alerts; review under firm-defined supervisory cadence (WSP) | Limited scope and risk |
| Zone 2 (Team) | Data leaks + General security policy violations + Risky AI usage; HR connector configured for in-scope populations; firm-defined SLA documented in WSP | Shared data and AI usage increase risk |
| Zone 3 (Enterprise) | All applicable templates including Data theft by departing users, Data leaks by priority/risky users, Risky AI usage, Risky Agents (default), Adaptive Protection, Forensic Evidence (where licensing + cloud parity permit); priority user groups for trading / RIA / client-facing; eDiscovery (Premium) escalation defined; firm-defined SLA documented in WSP | Maximum protection and supervisory coverage |
Microsoft Learn does not publish IRM investigation or alert-response SLAs. Where this framework or your WSP cites response targets, those are firm-defined supervisory commitments, not Microsoft-stated ceilings. Document them in your WSP and align with FINRA 3110 supervisory expectations.
Roles & Responsibilities
Insider Risk Management defines six role groups in Microsoft Purview (per Learn insider-risk-management-permissions). Use canonical role names verbatim (role catalog). Role-group membership changes propagate within approximately 30 minutes.
| Role group | Responsibility | FSI separation-of-duties note |
|---|---|---|
| Insider Risk Management (catch-all) | Full IRM access — configure policies, investigate alerts and cases, view forensic captures (where Approver also assigned), export | Avoid in regulated FSI tenants; prefer the segmented groups below |
| Insider Risk Management Admins | Configure IRM policies, settings, role groups, priority user groups, priority content | Assign to Compliance / IRM admin function |
| Insider Risk Management Analysts | Triage and review alerts; cannot view file/email content | Tier-1 supervisory analyst |
| Insider Risk Management Investigators | Investigate cases, view content (subject to pseudonymization), submit Forensic Evidence capture requests | Tier-2 investigator; logs all unmask actions |
| Insider Risk Management Auditors | View IRM audit logs (admin actions, settings changes, unmask events) | Independent assurance / Internal Audit; must not also be Admin or Investigator |
| Insider Risk Management Approvers | Required to approve Forensic Evidence capture requests (dual-authorization) | Must be distinct from Investigators; assign to a separate Compliance / Privacy approver |
| Microsoft 365 HR connector owner (Microsoft Entra app + connector role) | Maintain HR connector ingestion, CSV schema, scheduled job health | Coordinate with HRIS team |
| Microsoft Defender for Endpoint admin | Maintain MDE integration required for Security policy violations templates | Security operations |
| Privacy Officer / Legal | Approve Forensic Evidence enablement, state-law notice posture, pseudonymization re-identification policy | Required gate before Forensic Evidence opt-in |
Related Controls
| Control | Relationship |
|---|---|
| 1.5 - DLP and Sensitivity Labels | DLP signals for insider risk |
| 1.7 - Audit Logging | Audit data for detection |
| 1.10 - Communication Compliance | Communication signals |
| 1.8 - Runtime Protection | Threat detection correlation |
| 1.6 - Grounding Data Protection / DSPM for AI | DSPM for AI signals feed Risky AI usage |
| 1.9 - Records Retention and Immutability | Durable retention plane for IRM artifacts (IRM is not the records store) |
| 2.6 - Model Risk Management | ML risk scoring + Triage Agent require MRM governance |
| 2.12 - Supervision and Oversight | FINRA 3110/25-07 AI agent supervision |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- License entitlement (E5 / E5 Compliance / Purview Suite) and any required PAYG billing confirmed; sovereign cloud availability documented (or exception logged)
- Unified Audit Log enabled in the tenant
- All six IRM role groups assigned per separation-of-duties model; Approvers distinct from Investigators
- Pseudonymization default-on confirmed; re-identification audit trail tested
- Microsoft 365 HR connector ingesting on schedule; required fields populated
- Microsoft Defender for Endpoint integration configured (for Security policy violations templates)
- Microsoft Defender for Cloud Apps connectors configured (for departing-user cloud-app coverage)
- Browser extension (Edge / Chrome) deployed via Intune to in-scope Windows devices; browsing indicators enabled
- All in-scope FSI policy templates created with Learn-canonical names, scope (priority groups, AUs), and exclusions
- Analytics scan completed (allow up to 48h)
- Seed activity by a named test user generates an alert in the dashboard within the documented window
- Investigation workflow creates a case, assigns to Investigator, and (where in scope) escalates to eDiscovery (Premium)
- Adaptive Protection (where available) enabled with thresholds and consumer DLP / DLM / Conditional Access policies bound; verify with a threshold-trigger test
- Forensic Evidence (where opted in): dual-auth approver list captured; PAYG storage healthy; clip retention 120-day handoff to eDiscovery / records retention exercised
- Risky Agents default policy producing signal in Standard / Triage Agent dashboard
- IRM admin actions are emitted to the unified audit log under the InsiderRiskManagement* operations and reviewed on cadence
- FSI Incident Handling cross-referenced from the troubleshooting playbook
Additional Resources
- Microsoft Learn: Insider Risk Management Overview
- Microsoft Learn: Configure Insider Risk Management
- Microsoft Learn: Insider Risk Management Permissions
- Microsoft Learn: Adaptive Protection
- Microsoft Learn: Forensic Evidence
- Microsoft Learn: Browser Signal Detection
- Microsoft Learn: Policy Templates
- Microsoft Learn: Create Insider Risk Policies
- Microsoft Learn: Policy Indicators
- Microsoft Learn: Insider Risk Activities
- Microsoft Learn: Insider Risk Cases
- Microsoft Learn: HR Data Connector
- Microsoft Graph Beta: Insider Risk Cases
Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current