Insider Risks and Conditional Access

Why Insider Risks matter?

Employees now have greater ability to produce, manage, and exchange data across a variety of platforms and applications. In most circumstances, firms have limited resources and tools to detect and reduce organizational risks while adhering to compliance requirements and employee privacy standards. These hazards include potential data theft by departing workers, as well as the danger of information leaks outside your organization due to inadvertent oversharing or malevolent intent.

To put it to numbers and quoting Microsoft “87% of organizations stated that they experienced data breaches in the past year. A substantial 63% of these incidents stem from inadvertent or malicious insiders with access to sensitive information.”

So let’s see what kind of solutions we have to prevent these leaks.

Insider Risk in Conditional Access

Key features

  • Dynamic Risk Assessments: Machine learning identifies users exhibiting potentially risky behavior.
  • Risk-Based Access Controls: Access to sensitive data or actions automatically adjusts based on a user’s assigned risk level.

Adaptive Protection risk level that’s assigned to the user. Risk levels define how risky a user’s activity is and can be based on criteria like how many potential data theft activities they performed.

Different risk levels

Elevated – User performed activities that might indicate a high degree of risk. Typically requires an insider risk admin to take proactive measures to prevent further risky activity from occurring.

Moderate – User performed activities that might indicate a moderate degree of risk. While not as severe as an elevated risk, insider risk admins will still take appropriate actions to prevent further risky activity from occurring.

Minor – User performed activities that might indicate a minimal degree of risk. Typically, insider risk admins will continue to detect risky user activity to determine whether further action is required.

What you could do with it?

  • Effortless Policy Management: A simple toggle activates risk-based access control.
  • Granular Control Options: Admins can choose between requiring additional verification (e.g., terms of use agreement) or complete access block.
  • Streamlined Access: Low-risk users experience uninterrupted access.

Scenario: A high-risk user attempting to access a sensitive application is automatically blocked, while a low-risk user seamlessly gains entry.

Key benefits:

  • Mitigates data security risks by proactively addressing insider threats.
  • Simplifies security management with automated access control based on real-time risk assessment.

How to enable?

Easily by hitting Quick setup.

And waiting up to 72hrs, so no.

I don’t want to wait, let’s see the Custom setup then. Open Risk levels and select policy

But you have to create it manually, so let’s do that one now. Note! this is not Conditional Access policy

For easiness I will use the wizard to create one for me. But first enabling the Adaptive protection feature

And then defining the risk levels

And finally, let’s create one Conditional Access policy

And there we go, easy as that.

See here for the announcement

And here for Microsoft Mechanics video


Your company can protect its data from external threats and internal hazards more thoroughly thanks to the synergy between compromised user risk and insider risk. This all-encompassing and multi-layered strategy fortifies your organization’s overall data security by guarding against data theft, data breaches, and unauthorized access. Your data stays safe when your organization presents a unified front against insider dangers as well as external ones. This increases your organization’s resilience against ever-changing cyber threats.

If you want to find out more, see here from this Learn article.

Author: Harri Jaakkonen