ADVANCED SECURITY MANAGEMENT WITHIN OFFICE 365

Be better informed about events in the Office 365 environment and take action to respond to a breach.

Case Studies

“With Office 365, we no longer worry about security, virus and spam issues because these are handled by Microsoft”

Matthew Li, Manager, Nova Business Services Limited

IMPROVE YOUR RISK PROFILE BY ALERTING AND EVEN SHUTTING DOWN ACCOUNTS WHEN ACCESS IS COMPROMISED.

A user logs in from an unexpected subnet. A server experiences repeated login attempts from the same IP address. An account authenticates from Moscow two hours after logging in from Atlanta. If such anomalies go undetected, attackers can eventually seize Command and Control of machines, hop off to more lucrative financial systems, and execute code to create significant data breaches.

In their lighthearted take on a serious topic, Verizon’s “Data Breach Investigation Report” showed server security breaches in decline, but only in relation to the quickly growing device and person categories.  User/person attacks are rising due to malware and because users are falling prey to phishing.  

Microsoft’s made significant investments in end user security, including rolling out Advanced Threat Protection to all Office 365 E5 subscribers.  And aof June 2016, another layer of security, called Advanced Security Managementwas added to Microsoft Office 365.  It’s automatically a part of the E5 bundle, or can be purchased a la carte for $3/user/month. 

Advanced Security Management allows you to: 

  • Identify high risk usage, security incidents, and threats 

  • Protect your Office 365 environment with granular security policies/controls 

  • Gain enhanced visibility into cloud SaaS apps, with no agent required 


Using ASM allows the Security team to be better informed about events occurring in the Office 365 environment, and enables them to take action to avoid or respond to a breach.  Policies can be set up to watch for general anomalies or very specific ones.  Responses can vary from alerting an administrator to locking a potentially compromised account. 

 

The configurations are made in the Compliance Center within the Office 365 Admin Console.  The rules are actually stored in Azure, because ASM is a stripped-down Office 365 version of Cloud Apps Security, the service that tracks SaaS usage and allows organizations to bring that under control. 

 

Below, you can see that one “General Anomaly” policy is already set up by default, which is looking for anomalies against the baseline threshold.  Two specific policies are also configured. 



When an anomaly is detected, an administrator can analyze the cause.  An example alert triggered by the general policy is shown below.  It shows that an admin’s account was used to log in from an anonymous proxy, via an unknown ISP, and ran a rare command.  All these oddities together combined for a combined risk score of 85/100, enough to cause an alert. 


 

Given such a Maltov cocktail of events, an administrator could respond by deactivating that account immediately, or drill down. If that IP address, for instance, was the source of attempted logins to multiple accounts, an administrator would know to take a different course of action.

Additional rules can be created for more narrow cases where an organization has concerns.

Advanced Security Management improves your risk profile, by alerting and even shutting down accounts when access is compromised.

For more info about keeping attacks from happening, return to our security landing page or look at the DLP/Identity Management capabilities in Office 365.

Enabling Technologies are experts in securing productivity applications in the cloud. See one recommendation to get started and learn more, or contact us

And for a terrific article on securing on premises Windows accounts (to servers, etc.), click here to view.

Enabling Technologies' capabilities provides organizations with secure, cloud communications using Office 365 and Azure. Professional security services include:

GUIDANCE

Need to refresh your security policy for SaaS, BYOD, and DLP? Enabling’s experts can help.

 

 

PLAN

TRAINING

Do your IT Pros need training on O365/Azure security? Check out our security training courses.

 

 

LEARN

SERVICES

Microsoft’s 400+ cloud security features are off by default. Let us handle the day to day so you can get on with your business.

 

DEPLOY

SUPPORT

If monitoring your security alerts is a daunting task, our support team can filter and triage anomalies.

 

 

MANAGE

O365 SECURITY

SOLUTIONS

RESOURCES

ENABLING TECHNOLOGIES

We build a smarter, more connected, more enjoyable workplace using the Microsoft Communications and Collaboration stack. Our perspective from thousands of projects and predictable methodology translates to your successful project. Our award winning Organizational Change Management program drives user adoption and acceptance which delivers full value for your UC investment.

CAREERS AT ENABLING TECHNOLOGIES

We are always looking for dynamic new talent to join our team. If you have a passion for innovation and learning, we encourage you to browse our current openings!

About Us
Contact
Technologies
Successes