As cyber threats evolve, organizations face increasing challenges, especially with data sabotage attacks where data is intentionally disrupted or deleted, causing significant damage and high costs. Identifying such harmful attacks is difficult, as it is often unclear whether actions were taken intentionally by attackers or mistakenly by organizational users. To address this, Microsoft comes with adaptive protection integration with Data Lifecycle Management (DLM) in Microsoft Purview, which is now in public preview.
Adaptive protection in Microsoft Purview secures data by automatically adjusting and applying Data Loss Prevention (DLP) policies based on users’ risk levels. On the other hand, the data lifecycle management aids in retaining and deleting files and emails within Microsoft 365. This new integration provides a robust defense against data sabotage attacks, making it highly beneficial for admins. The feature is set to become generally available starting in mid-December 2024, with full deployment expected by late December 2024.
How Adaptive Protection Integration with Data Lifecycle Management Works?
Adaptive protection uses Insider Risk Management’s machine learning to monitor user interactions with data, identify risky activities, and automatically apply DLP controls based on detected risks. After the new integration rollout, once the adaptive protection is enabled, the retention label and auto-apply policy for Microsoft Purview’s Data lifecycle management will be automatically created. Then, the policy will include the elevated risk level users detected by Insider Risk Management.
If these users delete content from Microsoft SharePoint, OneDrive, or Microsoft Exchange, the retention labels will be applied to preserve the content for up to 120 days until which admins can retrieve the deleted data. Retention labels will be automatically applied to unlabeled content deleted by these users.
Once these users are removed from the elevated risk level, they are automatically removed from the DLM policy, and the content deleted by them afterward will no longer be preserved by the system. Thus, this feature helps to protect your data from insider data sabotage.
Points to remember:
- The retention label will not be visible to users and admins don’t need to create or manage the retention label or policy in MS Purview compliance portal.
- Now, you can’t change the retention period or assign different policies based on various risk levels or for different locations.
How to Enable Adaptive Protection Integration with Data Lifecycle Management in MS Purview?
If you want to automatically retain content deleted by elevated risk users and you are using adaptive protection already, follow the steps below.
- Sign in to the Microsoft Purview compliance portal.
- Navigate to Data lifecycle management –> Microsoft 365 –> Adaptive protection settings (in the top right corner).
- Move the toggle to turn ON the setting and select Save.
Note: If you’re not using adaptive protection in your organization, enable Adaptive protection in Insider Risk Management and this new feature will be enabled along with it.
I hope this blog helps you to understand the benefits and working of adaptive protection integration with data lifecycle management and how to enable it in your organization. Drop your queries through the comment section. Happy securing!