Quadra

Connecting Technology and Business.

Secure Your Cloud Users with these Advanced Management Features

The cloud offers many security benefits to organizations, but also raises new security considerations. It can also add to existing ones such as shadow IT, the use of software that is not formally sanctioned by the organization. Office 365 Advanced Security Management, a new set of capabilities powered by Microsoft Cloud App Security gives you greater visibility and control over your Office 365 environment.

Advanced Security Management includes:

  • Threat detection - Helps you identify high-risk and abnormal usage, and security incidents.

  • Enhanced control - Shapes your Office 365 environment leveraging granular controls and security policies.

  • Discovery and insights - Get enhanced visibility into your Office 365 usage and shadow IT without installing an end point agent.

Threat Detection

Advanced Security Management enables you to set up anomaly detection policies, so you can be alerted to potential breaches of your network. Anomaly detection works by scanning user activities and evaluating their risk against over 70 different indicators, including sign-in failures, administrator activity and inactive accounts. For example, you can be alerted to impossible travel scenarios, such as if a user signs in to the service to check their mail from New York and then two minutes later is downloading a document from SharePoint Online in Tokyo.



Advanced Security Management also leverages behavioral analytics as part of its anomaly detection to assess potentially risky user behavior. It does this by understanding how users typically interact with Office 365, spotting anomalies and giving the anomalous activity a risk score to help IT decide whether to take further action.

Enhanced Control

Advanced Security Management lets you set up activity policies that can track specific activities. With out-of-the-box templates, IT can easily create policies that flag when someone is downloading an unusually large amount of data, has multiple failed sign-in attempts or signs in from a risky IP address. Policies can also be customized to your environment. Using activity filters, IT can look for the location of a user, device type, IP address or if someone is granted admin rights. Alerts can be created to notify an IT lead immediately via email or text message.



Default activity policy templates that are included:

  • Administrative activity from a non-administrative IP address Alert when an admin user performs an administrative activity from an IP address that is not included in a specific IP range category.

  • User logon from a non-categorized IP address Alert when a user logs on from an IP address that is not included in a specific IP range category.

  • Mass download by a single user Alert when a single user performs more than 30 downloads within 5 minutes.

  • Multiple failed user log on attempts to an app Alert when a single user attempts to log on to a single app, and fails more than 10 times within 5 minutes.

  • Logon from a risky IP address Alert when a user logs on from a risky IP address to your sanctioned services. The Risky IP category contains, by default, anonymous proxies and TOR exits point.

After reviewing an alert and investigating a user’s activities, IT may deem that the behavior is risky and want to stop the user from doing anything else. This can be done directly from the alert. Some activities may be deemed so risky that IT may want to immediately suspend the account. To help with this, IT can configure the activity policy so that an account is automatically suspended if that risky activity takes place.

Advanced Security Management also shows which apps are connected to Office 365 in their environment, who is using them and the permissions they have. For example, if a user grants a scheduling application access to their Office 365 calendar data, IT will be able to see the details of the connection and revoke that application’s permissions with one click if they deem it a security risk.

Discovery and Insights

Advanced Security Management also provides an app discovery dashboard that allows IT Pros to visualize your organization’s usage of Office 365 and other productivity cloud services, so you can maximize investments in IT-approved solutions. With the ability to discover about 1,000 applications in categories like collaboration, cloud storage, webmail and others, IT can better determine the extent to which shadow IT is occurring in your organization. Advanced Security Management will also give you details about the top apps in each category. For example, you can see how much data is being sent to OneDrive for Business, Box, Dropbox and other cloud storage providers.



You can do all this without installing anything on device end points. To load the data into the dashboard, all you have to do is take the logs from your network devices and upload them via an easy-to-use interface.

Many organizations allow users to connect apps to Office 365 without IT intervention to help them be more productive. The challenge is that it reduces the visibility and control that IT has over what apps are doing with the data. App Permissions as part of Office 365 Advanced Security Management can help mitigate that risk.

App Permissions provides information to IT about which applications in their network have access to Office 365 data, what permissions they have and which users granted these apps access to their Office 365 accounts.



Based on this information, IT admins can choose to approve the app or revoke its access to Office 365. If they choose to revoke permissions to the app, it will no longer be able to access the information for any of the users in the Office 365 tenant. App Permissions also makes it easy for IT admins to notify users who have installed the application that is going to be banned.

- Office 365: Everything You Wanted to Know - Jan 2017 - Microsoft




Loading