Interactive Guide: Insider Risk Management

Exercise 1 – Analytics


In this exercise, you will see how to use the scan function to quickly get an understanding of the insider risks an organization is exposed to, show suggested policies, and, see how to customize built-in policies as part of setup and deployment.

The exercise begins in the M365 compliance center (, logged in as the administrator of Contoso.

Exercise 2 – Configuring Policies


In this exercise, you will use the Microsoft 365 compliance center to create an insider risk policy for the data theft by departing employee use case.

Exercise 3 – Alerts & triage experience


In this exercise, we will look at the steps involved to triage alerts, investigate to determine the actual event or issue, and drill down to determine validity by creating a case and preparing for remediation.

Now that we have triaged the alerts and created a case, in the next exercise we will show how to collaborate with others to remediate the case.

Exercise 4 - Remediation


In this exercise, we will look at available escalation paths such as inviting others, sending a notice, and escalating to Advanced eDiscovery. We will also take a quick look at Power Automate, Teams integration, and SIEM integration and see how easy it is to package up relevant details and send to others for review.

The exercise begins on the Case dashboard page.


To learn more and get started go to and