Texas A&M UniversityWork In Progress
Infrastructure & Devices
Endpoint ManagementCloud & Compute
Research Computing
HPC ClustersArseven (Statistics)Orchard (Engineering)Linux Workstations
Productivity & Collaboration
Microsoft 365Google Workspace
Security & Identity
IdentityCloud SecurityData Protection
Networking & Telecom
Core NetworkingTelecommunications
Development
Developer Tools

Department IT Support

Find your college or division IT team. Each department has its own documentation, contacts, and service catalog.

Arts & SciencesCollege of Arts & SciencesBush SchoolBush School of Government & Public ServiceBusiness SupportDivision of Business SupportCollege of ArchitectureArchitecture IT supportCollege of EducationEducation & Human DevelopmentCollege of EngineeringEngineering IT supportExecutive SupportExecutive Support ITFacilitiesFacilities Services ITGalvestonTexas A&M at GalvestonHealthSchool of Public HealthLawSchool of Law IT supportMays Business SchoolMays Business School ITPerformance, Visualization & Fine ArtsPVFA IT supportStudent AffairsDivision of Student AffairsTransportationTransportation Services ITUniversity LibrariesLibrary IT supportVeterinary MedicineCollege of Veterinary Medicine

Microsoft Purview Insider Risk Management uses behavioral analytics to detect and respond to risky user activities.

purviewinsider-risksecuritybehavior-analyticsueba

Insider Risk Management

Microsoft Purview Insider Risk Management helps you detect, investigate, and act on risky and malicious activities within your organization. Using behavioral analytics and machine learning, it identifies patterns that may indicate data theft, policy violations, or security threats—before damage occurs.

What is Insider Risk Management?

Insider Risk analyzes user behavior across Microsoft 365:

Signal SourceExamples
EmailUnusual attachment volume, external sends
FilesMass downloads, USB copies, cloud uploads
IdentitySign-ins from new locations, privilege escalation
HR EventsResignation dates, performance issues
BrowsingAccess to job sites, sensitive URLs

How It Works

Signals collected → Risk scoring → Alert generation → Investigation → Action
StageWhat Happens
SignalsAudit logs, DLP events, HR data ingested
ScoringML models analyze behavior patterns
AlertsHigh-risk activities surface to reviewers
InvestigationReviewers examine activity timeline
ActionEscalate, notify, or take remediation steps

Policy Templates

TemplateDetects
Data theft by departing usersExfiltration when employees resign
Data leaksUnusual sharing or downloading patterns
Security policy violationsAccess to blocked sites, banned apps
Patient data misuseUnauthorized access to health records
Risky browser usageVisits to unacceptable websites

Key Capabilities

Activity Explorer

Detailed timeline of user activities across all Microsoft 365 workloads.

Risk Scoring

Each user receives a dynamic risk score based on their behavior patterns.

Intelligent Alerts

Surface only the highest-risk activities, reducing alert fatigue.

HR Integration

Incorporate resignation dates, performance improvement plans, and other HR events.

Privacy Controls

Pseudonymization options protect user identities until investigation warranted.

Common Scenarios

Departing Employee Monitoring

When HR marks someone as leaving, Insider Risk increases monitoring sensitivity to catch data exfiltration.

Unusual Exfiltration

User suddenly downloads 10x their normal file volume or copies to USB—triggers investigation.

Privilege Misuse

Admin account accesses data outside their normal scope—flagged for review.

ResourceDescription
Purview Insider RiskCase management
Insider Risk OverviewMicrosoft documentation
Implementation GuideEnterprise deployment guide