The cloud offers many security benefits to organizations, but also raises new security considerations. It can also add to existing ones such as shadow IT, the use of software that is not formally sanctioned by the organization. Today, we are thrilled to introduce Office 365 Advanced Security Management, a new set of capabilities powered by Microsoft Cloud App Security—to give you greater visibility and control over your Office 365 environment.
Advanced Security Management includes:
- Threat detection—Helps you identify high-risk and abnormal usage, and security incidents.
- Enhanced control—Shapes your Office 365 environment leveraging granular controls and security policies.
- Discovery and insights—Get enhanced visibility into your Office 365 usage and shadow IT without installing an end point agent.
Let’s go a bit deeper into each one of these areas.
Advanced Security Management enables you to set up anomaly detection policies, so you can be alerted to potential breaches of your network. Anomaly detection works by scanning user activities and evaluating their risk against over 70 different indicators, including sign-in failures, administrator activity and inactive accounts. For example, you can be alerted to impossible travel scenarios, such as if a user signs in to the service to check their mail from New York and then two minutes later is downloading a document from SharePoint Online in Tokyo.
Anomaly detection alert of suspicious administrator activity.
Advanced Security Management also leverages behavioral analytics as part of its anomaly detection to assess potentially risky user behavior. It does this by understanding how users typically interact with Office 365, spotting anomalies and giving the anomalous activity a risk score to help IT decide whether to take further action. Advanced Security Management incorporates Microsoft’s insights from our view into the threat landscape that are the result of operating a range of cloud services at massive worldwide scale.
Advanced Security Management lets you set up activity policies that can track specific activities. With out-of-the-box templates, IT can easily create policies that flag when someone is downloading an unusually large amount of data, has multiple failed sign-in attempts or signs in from a risky IP address. Policies can also be customized to your environment. Using activity filters, IT can look for the location of a user, device type, IP address or if someone is granted admin rights. Alerts can be created to notify an IT lead immediately via email or text message.
Activity policy being created from an out-of-the-box template.
After reviewing an alert and investigating a user’s activities, IT may deem that the behavior is risky and want to stop the user from doing anything else. This can be done directly from the alert. Some activities may be deemed so risky that IT may want to immediately suspend the account. To help with this, IT can configure the activity policy so that an account is automatically suspended if that risky activity takes place.
We have also heard from organizations that they need a way to monitor the applications users are connecting with Office 365. Users are often unaware of which Office 365 data their third-party applications may have access to. Advanced Security Management shows which apps are connected to Office 365 in their environment, who is using them and the permissions they have. For example, if a user grants a scheduling application access to their Office 365 calendar data, IT will be able to see the details of the connection and revoke that application’s permissions with one click if they deem it a security risk.
Discovery and insights
Advanced Security Management also provides an app discovery dashboard that allows IT Pros to visualize your organization’s usage of Office 365 and other productivity cloud services, so you can maximize investments in IT-approved solutions. With the ability to discover about 1,000 applications in categories like collaboration, cloud storage, webmail and others, IT can better determine the extent to which shadow IT is occurring in your organization. Advanced Security Management will also give you details about the top apps in each category. For example, you can see how much data is being sent to OneDrive for Business, Box, Dropbox and other cloud storage providers.
You can do all this without installing anything on device end points. To load the data into the dashboard, all you have to do is take the logs from your network devices and upload them via an easy-to-use interface.
How to get Advanced Security Management
Advanced Security Management is included in Office 365 E5 and is also available as an add-on to other Office 365 enterprise plans for US $3 per user, per month. The threat detection and activity policy creation features are rolling out to Office 365 E5 customers worldwide starting today. The ability to view an application’s permissions into Office 365 and the application discovery dashboard will be available by the end of the third quarter of 2016.
To learn more about Advanced Security Management, check out this Microsoft Mechanics video: