跳到主要內容

Configure Adaptive Protection and Priority User Groups

Implementation Effort: Medium – Requires integration between Insider Risk Management and DLP policies, plus identification of priority users.
User Impact: Medium – Elevated risk users experience blocking or override prompts when interacting with AI apps.

Overview

Adaptive Protection dynamically adjusts DLP enforcement based on real-time insider risk levels, while priority user groups enable elevated monitoring for users with access to sensitive data. Together, these capabilities operationalize the risk signals from Risky AI usage policies into protective actions. This supports the Zero Trust principle of Use Least Privilege Access by restricting AI interactions for users exhibiting risky behavior, and Assume Breach by continuously adapting protection based on observed risk patterns.

Without Adaptive Protection, DLP policies apply uniformly regardless of user risk context—a low-risk employee receives the same restrictions as someone exhibiting data exfiltration patterns. Priority user groups ensure that users in sensitive roles (executives, finance, departing employees) receive heightened scrutiny for AI-related activities that could expose confidential information.

Key activities include:

  • Enable Adaptive Protection: Connect insider risk levels to DLP policy enforcement for dynamic protection
  • Configure risk level actions: Define blocking, override, or audit actions for elevated, moderate, and minor risk users
  • Create priority user groups: Identify users requiring elevated AI monitoring based on role, access level, or risk history
  • Link to AI-specific DLP policies: Apply adaptive enforcement to policies governing AI app interactions

Reference