Tag Archives: technology

SOC Analyst Guide: Investigating Insider Risk Alerts in Microsoft Purview

DLP, Microsoft 365, Purview October 2, 2025 Leave a comment

This blog post provides a comprehensive guide for SOC analysts to investigate and respond to alerts generated by Microsoft Purview’s Insider Risk Management and Adaptive Protection. It outlines step-by-step workflows for accessing alerts, triaging incidents, analyzing user behavior, managing cases, and leveraging Microsoft Defender integration.

The guide also includes best practices and suggested screenshots to help SOC teams effectively mitigate insider threats and maintain organizational security.

Introduction

Microsoft Purview’s Insider Risk Management (IRM) and Adaptive Protection empower SOC teams to detect and respond to insider threats dynamically. This guide walks through how SOC analysts can triage, investigate, and respond to alerts generated by these systems.

Part 1: Investigating Insider Risk Management Alerts

1. Access the Alerts Dashboard

Go to: Microsoft Purview Portal > Insider Risk Management > Alerts

Continue reading

What’s New in Azure Firewall: Draft & Deploy, Selective Logging, Explicit Proxy, Security Copilot & More

Cloud Security, Network Security, Security September 28, 2025 Leave a comment

Azure Firewall continues to evolve with powerful new features that enhance security, governance, and operational efficiency.

Whether you’re managing complex enterprise environments or hybrid architectures, these updates offer greater control, visibility, and automation.

Here’s an overview into the latest innovations:

Draft and Deploy – Azure Firewall Policy Changes (Preview)

Managing firewall policies just got smarter.

With the Draft and Deploy feature, administrators can now:

  • Clone active policies to create editable drafts.
  • Collaborate on bulk changes without impacting live environments.
  • Stage deployments to minimize disruption.
  • Apply all changes at once, improving governance and reducing human error.

This is a game changer for environments requiring frequent policy updates, such as dynamic cloud workloads or multi team operations.

Continue reading