API & Integrations - Microsoft Purview Integration

Updated

This article provides information on integrating Mimecast with Microsoft Purview to enhance Human Risk scoring by analyzing sensitive data handling behaviors. It includes information on configuring the integration, required permissions, and navigating the Human Risk Command Center.

Overview

The integration with Mimecast's Human Risk platform and Microsoft Purview data assists in enhancing the robustness of human risk scoring with signals regarding human interaction with sensitive data on devices and allows security awareness practitioners to send training and other information based on the user's sensitive data handling-associated behavior.

The integration periodically reads endpoint protection alerts and incidents from Microsoft Purview via API. These are forwarded to the Human Risk Platform, which associates each event with a user and updates the Sensitive Data Handling behavior score for that user.

Historical events will not be pulled from Microsoft, only events from the point of integration onward.

The integration can be accessed from the Human Risk Command Center, which is available to all Mimecast Email Security Cloud Gateway customers.  

 

Prerequisites 

  • A Microsoft Purview Data Loss Prevention license, which is included with E3 and E5 licensing. More information on the licenses that include Purview Data Loss Prevention is available here.
  • Mimecast Administrator Account.

Permissions 

In order to add, edit, or delete the configuration, the user must have one of the following roles:

  • Global Sys Admin
  • Sys Admin - SD Full
  • Super Administrator
  • Full Administrator
  • Basic Administrator
  • Partner Administrator
  • Custom Role with Integrations Marketplace (Read/Write permissions must be enabled).

Configuration 

Follow the steps below to configure the integration with Microsoft Purview:

  1. Log in to the Mimecast Administration Console
  2. Navigate to IntegrationsIntegrations Hub.
  3. Click the Configure New option on the Microsoft Purview tile.  

IntegrationsHub.png

  1. Enter an Application Name and Description, then click Authorize.

Details.png

  1. The authorization flow for Microsoft Purview will be started.

Authorization.png

  1. Log in to your Microsoft account.

MicrosoftSignIn.png

  1. Accept the required permissions.

Permissions.png

  1. A notification will appear confirming that the integration has been added successfully.

Successfullyauthorized.png

  1. Ensure that the Status reflects as Connected

You can also click on the ellipsis Ellipsis.png to View/Edit or Delete an Integration.

Connected.png

  1. Navigate to Human Risk Command Center | Dashboard. The integration is successful and you should now be able to receive the data from Microsoft Purview.

dashboardintegration.png

  1. Click View Details in the right-hand corner of the Sensitive Data Handling section for additional information on the Human Risk Score.

You can also click on a specific user under Highest Risks, to see data for that user:

HumanRiskDashboard.png

  1. Clicking on Sensitive Data Handling will lead to the Events tab, where details on each event will be accessible. 

Events.png

Related to

Was this article helpful?
1 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.