How to send email notifications to specific users/groups when an IRM alert is generated

JoMi 20 Reputation points
2024-02-16T08:38:42.4733333+00:00

I am seeking advice on how to send email notifications to a specific group of users when an Insider Risk Management (IRM) alert is generated within Microsoft Compliance. I am aware of the "Admin notification" feature, but it's not viable as the targeted users can't have the roles listed. Is there an alternative way to send automated notifications by event type? Creating Alert Policies in Microsoft Compliance hasn't been useful as I couldn't find any conditions related to IRM. Thank you for your help. Thanks

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,218 questions
Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
528 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,358 questions
0 comments
Accepted answer
  1. Alberto Troisi (willoz) 80 Reputation points
    2024-02-21T08:13:14.0066667+00:00

    Regarding Insider Risk Management you can send alerts to users assigned to these role groups:

    • Insider Risk Management
    • Insider Risk Analysts
    • Insider Risk Investigators

    So, you can configure a shared mailbox, give it access to specific people, and add the shared mailbox to one of the roles above, according to your specific needs.

    Tested in my lab, it works!

    hope this help.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ricky Simpson 165 Reputation points
    2024-02-16T23:25:55.9166667+00:00

    Not as graceful a solution as you may be looking for, but you could use the Insider Risk connector for Microsoft Sentinel, then create rules within Sentinel to notify the appropriate people once an IR alert is generated, or based on a host of other criteria. https://video2.skills-academy.com/en-us/azure/sentinel/data-connectors/microsoft-365-insider-risk-management

    1 person found this answer helpful.
    0 comments