SecOps
ITOps
Event Analysis and Notification: Events from OneDrive and SharePoint are analyzed for unusual activity spikes. This task, typically requiring manual review, is automated to quickly identify potential threats and notify relevant teams, enhancing response time and reducing the risk of oversight.
Historical Data Comparison: To detect anomalies, user actions are compared against historical data. This process, which is often labor-intensive, is automated to ensure consistent and accurate threat detection, minimize false positives, and improve security posture.
Remediation Action Suggestions: Based on analysis, actionable remediation steps are suggested. This replaces manual decision-making with automated recommendations, ensuring timely and effective responses to potential security incidents, thereby reducing the impact of threats.
Microsoft Purview: In this use case, Microsoft Purview acts as the source of audit events from OneDrive and SharePoint. It provides the necessary data for analysis, enabling the detection of unusual activity patterns that may indicate security threats.
OneDrive and SharePoint: These platforms are the focus of the event analysis. They generate the activity logs, which are monitored for anomalies. This ensures that any unusual user behavior is quickly identified and addressed.
Microsoft Teams: Microsoft Teams delivers notifications and remediation suggestions. It is the communication channel for alerting relevant teams about detected threats, facilitating swift action and collaboration.
Azure Active Directory: Azure Active Directory is involved in managing user identities and access. It supports the automation of remediation actions, such as account locking or password resets, to mitigate identified security risks.
