This week, Microsoft announced Office 365 Advanced Security Management, a set of tools that will provide organizations with better visibility and control over their Office 365 environments. Some of this functionality is available immediately, while the remainder will ship by the end of the third quarter.
Office 365 Advanced Security Management builds on Microsoft’s Cloud App Security platform, which launched in early April and was itself the result of Microsoft’s acquisition of Adallom. Microsoft describes this solution as “a set of capabilities to help companies design and enforce a process for securing cloud usage; from discovery and investigation capabilities, to granular control and protection.” In other words, it is designed as a way to fight so-called “shadow IT” cloud usage, where organizations without a formal cloud infrastructure find that employees are nonetheless heavily using cloud services.
Office 365 Advanced Security Management, then, is an Office 365-specific implementation of Cloud App Security. And it provides three core capabilities:
Threat detection. Advanced Security Management helps you configure anomaly detection policies that can help you identify high-risk and abnormal usage and prevent network breaches. “Anomaly detection works by scanning user activities and evaluating their risk against over 70 different indicators, including sign-in failures, administrator activity and inactive accounts,” Microsoft explains. Advanced Security Management also assesses potentially risky user behavior, providing insights into your overall threat landscape.
Enhanced control. Advanced Security Management lets you configure activity policies that can track specific activities such as unusually large downloads, multiple sign-in failures, and sign-ins from risky ISP addresses. When you are alerted to this behavior, you can block it right from the alert or even suspend the affected account.
Discovery and insights. A new app discovery dashboard provides a visual view of your organization’s Office 365 usage, plus usage of about 1,000 other cloud services so you can “better determine the extent to which shadow IT is occurring in your organization.” This includes the top apps in each category, so you can see how much data is being sent to OneDrive for Business and rival services like Box, Dropbox and the like. The best part? It doesn’t require a client agent install.
“The cloud offers many security benefits to organizations, but also raises new security considerations,” the Office 365 team explains of Advanced Security Management. “It can also add to existing ones such as shadow IT, the use of software that is not formally sanctioned by the organization.”
Advanced Security Management is included with Office 365 E5 plans, but it is also available as an add-on for other Office 365 commercial plans at a cost of $3 per user per month. As noted, not all Advanced Security Management features are available immediately: The threat detection and activity policy creation features are rolling out to Office 365 E5 customers worldwide starting today, Microsoft says. But the application permissions and discovery dashboard won’t be available until the end of the third quarter of 2016.