A data analyst is planning to leave the company in two weeks and has access to a large volume of sensitive customer data. The compliance team wants to detect if the analyst starts downloading large amounts of files to a personal USB drive or sending sensitive content to an external email address. They need to set up a policy that alerts on such anomalous data exfiltration activities without blocking operations until a thorough investigation is completed. Which Microsoft Purview solution should they configure?
Correct. Insider Risk Management is designed to detect and investigate potential data leaks by employees, including anomalous exfiltration behaviors, with alerting and case management.
Why this answer
Microsoft Purview Insider Risk Management is designed to detect, investigate, and act on risky user activities, including data exfiltration by departing employees. It uses predefined indicators such as downloading files to USB drives or sending emails to external addresses, and can generate alerts without automatically blocking operations, allowing for a thorough investigation first.
Exam trap
The trap here is that candidates often confuse Insider Risk Management with Communication Compliance, but Communication Compliance focuses on communication content (e.g., offensive language) rather than behavioral data exfiltration patterns like USB downloads or bulk external emails.
How to eliminate wrong answers
Option B is wrong because Data Lifecycle Management focuses on retaining, deleting, and archiving data based on policies, not on detecting anomalous user behavior like exfiltration. Option C is wrong because Communication Compliance monitors for policy violations in communications (e.g., harassment, insider trading) but does not specifically detect file downloads to USB drives or bulk external emailing of sensitive data. Option D is wrong because eDiscovery (Standard) is used for searching and exporting content for legal or investigative purposes, not for real-time alerting on suspicious data exfiltration activities.