Microsoft has announced new Advanced Security Management (ASM) capabilities, promising to "give you greater visibility and control over your Office 365 environment".
ASM introduces threat detection tools powered by Microsoft Cloud App Security, including the ability to establish anomaly detection policies that can signal potential breaches, as Microsoft explains:
Anomaly detection works by scanning user activities and evaluating their risk against over 70 different indicators, including sign-in failures, administrator activity and inactive accounts. For example, you can be alerted to impossible travel scenarios, such as if a user signs in to the service to check their mail from New York and then two minutes later is downloading a document from SharePoint Online in Tokyo.
Threat detection capabilities are also enhanced, Microsoft says, through the use of behavioral analytics to identify "potentially risky behavior", by building a profile of how users generally use Office 365, and assigning a 'risk score' to anomalies that deviate from these norms, helping admins to make an assessment and determine whether or not to intervene.
ASM also offers granular controls for setting up policies to track particular activities:
With out-of-the-box templates, IT can easily create policies that flag when someone is downloading an unusually large amount of data, has multiple failed sign-in attempts or signs in from a risky IP address. Policies can also be customized to your environment. Using activity filters, IT can look for the location of a user, device type, IP address or if someone is granted admin rights. Alerts can be created to notify an IT lead immediately via email or text message.
After reviewing an alert and investigating a user’s activities, IT may deem that the behavior is risky and want to stop the user from doing anything else. This can be done directly from the alert. Some activities may be deemed so risky that IT may want to immediately suspend the account. To help with this, IT can configure the activity policy so that an account is automatically suspended if that risky activity takes place.
And in response to feedback from its corporate customers, Microsoft is also introducing monitoring tools to give organizations and users visibility over how their Office 365 data connects with third-party applications. Microsoft says that, for example:
...if a user grants a scheduling application access to their Office 365 calendar data, IT will be able to see the details of the connection and revoke that application’s permissions with one click if they deem it a security risk.
Finally, ASM includes an 'app discovery dashboard', which it says "allows IT Pros to visualize your organization's usage of Office 365 and other productivity cloud services, so you can maximize investments in IT-approved solutions":
Advanced Security Management will also give you details about the top apps in each category. For example, you can see how much data is being sent to OneDrive for Business, Box, Dropbox and other cloud storage providers.
You can do all this without installing anything on device end points. To load the data into the dashboard, all you have to do is take the logs from your network devices and upload them via an easy-to-use interface.
Microsoft says that Advanced Security Management is included in Office 365 Enterprise E5 plans, and threat detection and activity policy creation are rolling out to E5 customers around the world from today.
Other Enterprise plans can add ASM for $3 per user per month. App discovery insights and application permissions views will be available by the end of Q3 2016.
You can get an overview of the new Office 365 Advanced Security Management features in the video below:
Source: Office Blogs (Microsoft)