Search

Priority Users and IRM Priority Groups

Jan 103 min read

In this blog entry I am going to show you how to create a Priority User Group in IRM. Then I am going to demonstrate how to create an IRM Policy using Priority Users Policy Template.

Business Case: IRM Policies with Priority User Group

Here are examples of the Priority Users that you might want to monitor:

1. Administrators or other privileged access within M365.

2. Users who have access to highly confidential information.

3. New employees who have access to organization’s assets.

4. A temporary project that gives access to its member to confidential information

5. Users that are flagged by HR.

MS Purview has HR Data Connector that should be used for such scenarios. However, if for whatever reason your organization cannot implement HR Data Connector, you can leverage Priority Groups for the following users:

· Resignation

· Job level change

· Bad performance review

· Performance improvement plan

Note: Enabling HR Data Connector is a far superior and a more compliant solution – check a full review of its functionality, or learn how to automate HR Data Connector.

Create Priority User Group

Required Permissions: Risk Management or Insider Risk Management Admins role.

Insider Risk Management allows you to create Priority User Groups in one location and then use Groups with any of its policies.

In MS Purview, go to Settings and select Insider Risk Management Settings.

In the Settings, scroll down to locate “Priority user groups” and select it.

Click “Create priority user group”.

Name your group and provide a description. I named mine HR-flagged users. This Priority User group will be monitoring users who submitted resignation or had a bad performance review.

In the “Members” screen you have two options. You can either add the members, or by uploading a CSV file. The CSV column where you list the user must be named user principal name. You can add up to 10,000 users to a priority user group.

I added two users manually.

Next screen will let you choose users who can view data involving users in this priority group. You need to have at least one user selected.

It is a good idea to make sure that only authorized users have access to this priority group, particularly since this group is dealing with employees that are flagged by HR.

Note that you if you are selecting an individual user, instead of Email, you will see the Permission for a user. You can also select the Role Group.

Click Next.

Review group settings and submit.

The Priority User Group is created.

Create IRM Policy

Next go to Insider Risk Management solution and then to Policies.

Click “Create Policy” and select “Custom Policy”.

Select “Data Leaks by priority users” template. Note that the required prerequisite here is a “Priority user group”, which we already created for this policy.

Click Next and name the policy. I named it “HR-flagged users Policy”

In the next screen we need to specify a priority user group.

Click “Add or edit priority user groups”. Note that you can choose up to 10 priority user groups for a policy.

Select the group and click “Add”.

Click “Next”

We do not want to prioritize content for this Policy. We want this Policy to monitor all content that these priority users have access to. So I am going to select “I don’t want to prioritize content right now”.