Search the Petri IT Knowledgebase
search icon

close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video

If you are a large enterprise, don't miss our IT cost-cutting webinar!

Register today!
Icon for Live Conference on December 8!

Live Conference on December 8!

GET-IT Microsoft Teams Conference

Icon for On-Demand Webinar

On-Demand Webinar

MVP Panel Talk: Do You Need to Backup Microsoft 36...

Icon for Live Webinar Coming Dec. 14th!

Live Webinar Coming Dec. 14th!

Recession Proof Your IT: How to Reduce IT Costs Wi...

Icon for New E-Book

New E-Book

Tracking Tasks in Microsoft 365

Home

Office 365

Gain enhanced visibility and control with Office 365 Advanced Security Management

Joseph Finney

 |

Jun 22, 2016

Collaboration teamwork concept pointing finger

Collaboration teamwork concept pointing finger

IT administrators need powerful tools to understand how their network is being used. Microsoft has delivered with the new Office 365 Advanced Security Management tool. Global communication may be easy, but security and management on a global scale is not. Advanced Security Management (ASM) helps it see and truly understand how their resources are being used. From usage reporting to automatic account suspension ASM gives admins the tools they need to keep their company safe.

How does it work?

All companies have a standard for what they would consider ‘typical user behavior’ and consider this behavior safe. This typical behavior becomes a baseline from which to judge what could be malicious activity. The threat detection within ASM will send warnings and can be configured to suspend accounts automatically for strange behavior. Administrators can pick from common policies, or build their own custom policies to flag behavior. Policies are composed of different triggers to deem activity anomalous. These triggers can be: sign-in failures, activity from new IP addresses, activity on accounts previously considered inactive, and more.

Activity Policy and Anomaly Detection Policy

Anomaly detection alert of suspicious administrator activity. - via Microsoft

Anomaly detection alert of suspicious administrator activity. – via Microsoft

Policies are grouped into two categories Activity Policy and Anomaly Detection Policy. Activity Policies are simply alerts to important activities such as administrator activity from a new IP address, mass data downloads, new IP used to access corporate data, and more. Alerts can be sent via email or text message depending on their severity. Alerts can be used to understand behavior that is not malicious but also not routine. Activity Policies help admins understand resource misuse not necessarily malicious behavior. Your users could be using data in ways which puts stress on your network when there are better ways to get the job done.


Anomaly Detection Policies are more focused on strange behavior that could signal malicious behavior. For example, this could be a brute force login attempt, or distant geographic logins close together in time. Additionally, Anomaly Detection Policies can be configured to keep an eye on behavior outside your network to better understand the current state of activity. Automatic rules can be set up to suspend accounts depending on their risk score. Each alert is given a score which is calculated using over 70 different metrics.

Activity policy being created from an out-of-the-box template. - via Microsoft

Activity policy being created from an out-of-the-box template. – via Microsoft

Third-Party App Insights

Advanced Security Management is not limited to user-based access of corporate data. But it can also be extended to understand how third-party services access cooperate data. Administrators can see, evaluate, and revoke access on an app-by-app basis. If they deem any application(s) to be insecure or undesirable. Data access can help people work better with the tools they are comfortable with. However, comfort should not be at the expense of data security.
On top of all these features Microsoft has included the ability to view uploaded network reports on a dashboard. This data rich view helps admins understand network activity such as how much data is being sent to different cloud storage providers. If your company uses OneDrive for Business you would expect lots of traffic to that domain. But maybe some employees are uploading data separately to Dropbox or Box. This tool helps identify behavior like this which could be impairing network health.

Availability

Any E5 subscriber can access the Office 365 Advanced Security Management tool today from the Office 365 security and compliance app. If you are not an E5 subscriber you can add this to your current plan for $3 per user, per month. This tool helps protect data by giving insight and control over behavior and access.

More from Joseph Finney

The Dashboard: Microsoft's Unhealthy Relationship With UWP Devs

Progressive Web Apps Are Coming To The Windows Store

Leveraging OneNote: Working with a Distributed Team

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Office 365

M365 Changelog: (Updated) Loop components in Outlook Mail Preview

Oct 22, 2022 | Rabia Noureen

Microsoft Outlook

How to Schedule an Email in Outlook

Sep 14, 2022 | Siji Roy

Office 365

ESPC22 Conference Discount for Petri Readers

Sep 6, 2022 | Russell Smith

Microsoft Defender for Office 365 Gets Differentiated Protection for Priority Accounts

Apr 14, 2022 | Rabia Noureen

Microsoft 365 Apps

Microsoft 365 Non-Profit Plans to Get a Price Hike in September

Apr 11, 2022 | Rabia Noureen

Cloud Computing

Microsoft to Launch Office 365 Government Secret Cloud in Mid-2022

Mar 29, 2022 | Rabia Noureen

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy