I see Azure Information Protection is listed as a security provider for Microsoft Graph Security—how does this work and what alerts will I receive?

Marilee Turscak-MSFT 36,961 Reputation points Microsoft Employee
2019-10-30T22:03:15.857+00:00

I see Azure Information Protection is listed as a security provider for Microsoft Graph Security—how does this work and what alerts will I receive?

Sourced from FAQ

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
551 questions
0 comments No comments
{count} votes

Accepted answer
  1. Grmacjon-MSFT 18,646 Reputation points
    2019-10-30T23:12:16.387+00:00

    Hello,

    Yes, as a public preview offering, you can now receive an alert for Azure Information Protection anomalous data access. This alert is triggered when there are unusual attempts to access data that is protected by Azure Information Protection. For example, accessing an unusually high volume of data, at an unusual time of day, or access from an unknown location.

    Such alerts can help you to detect advanced data-related attacks and insider threats in your environment. These alerts use machine learning to profile the behavior of users who access your protected data.

    The Azure Information Protection alerts can be accessed by using the Microsoft Graph Security API, or you can stream alerts to SIEM solutions, such as Splunk and IBM Qradar, by using Azure Monitor.

    For more information about the Microsoft Graph Security API, see Microsoft Graph Security API overview.

    Sourced from FAQ

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.