Update an Insider Risk Management Policy Demo
Start course

In this course, you will learn what Insider Risk Management policies are, what they do, and how to create and manage them.

Learning Objectives

  • Effectively create and manage Insider Risk Management policies in Microsoft 365

Intended Audience

  • IT professionals who are interested in earning Microsoft 365 certification
  • Those who may find themselves working with Insider Risk Management policies


  • Have at least a basic understanding of Microsoft 365 and Insider Risk Management

Hello and welcome back. So, in the previous demonstration, we walked through the process of creating a new Insider risk management policy. What I want to do here in this, this is going to be quick demo. I just I want to show you how to edit an existing policy. Now on the screen here, we are right where we left off with the MyPolicy showing on the policy's page. Now, you'll notice here we actually have a policy warning and a recommendation. If we select this policy, and I'm just left clicking on this here, we can see that we get a notice that physical badging data isn't being uploaded, and that's because we don't have physical badging in our environment. So, that's to be expected. And then the second recommendation here or the, that was the warning, the second piece here is the recommendation is that we need to review all of our warnings which is the physical badging warning, and it's telling me that policy isn't assigning risk scores to an activity; that's the badging activity. So, this is to be expected.

Now, what we'll do here in this page you'll see right here, this is where we can do the editing. So, if we edit the policy, you'll notice we can't change the policy template because then it would be a completely different policy. So, we're going to next through here, we could add a description. We could include specific users and groups, but remember we're focusing on Active Directory terminations so we need to include all users and groups. So, we'll leave this alone. We could change the content we want to prioritize, but we'll leave that alone for now, and then you'll see here we could choose the different triggering events, but again, we don't have the HR connector, so we'll leave the user account deleted from Azure AD trigger for this policy. We'll go ahead and 'Next'. And this is where we can maybe select some additional policy indicators if we need to. So, what we did originally was select the sharing SharePoint files with people outside the organization.

What we'll do for this demonstration here just to edit the policy, we'll add on sharing SharePoint folders with people outside the organization. Once we select that, we can go ahead and 'Next' it. Again, we'll leave everything else the way we had it set before, we'll review our settings, and then we can submit it, and then we're done. And that is how you edit an existing Insider risk management policy.


About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.