Microsoft Boosts Office 365 Security With Threat Detection, Visibility Tools

Microsoft is boosting the security of enterprise deployments of Office 365 with Advanced Security Management, a suite of tools that offers admins threat detection, policy making tools and insights into how the software is being used.

This, Microsoft says, will help protect corporate environments – particularly against Shadow IT – and help IT departments maximise their resources by seeing what how Office 365 is being used and which applications are interacting with it.

Advanced Security Management allows admins to set up anomaly detection policies that scan user activities and issue alerts if a potential breach of network is spotted. There are more than 70 different indicators, including failed logins and inactive accounts, and behavioural analytics to spot any unusual patterns.

Office 365 security

Admins can also track specific activities and set default actions for certain events, such as multiple failed logins, risky IP address. Offending accounts can be prevented from doing anything further or even suspended in extreme situations.

A new dashboard gives greater visibility into behaviour and can track about 1,000 applications. For example, it is possible to see how much data is being sent to cloud repositories such as OneDrive, Box or Dropbox.

The features are include in some Office 365 enterprise plans but in others cost $3 per user per month.

“The threat detection and activity policy creation features are rolling out to Office 365 E5 customers worldwide starting today,” said Microsoft. “The ability to view an application’s permissions into Office 365 and the application discovery dashboard will be available by the end of the third quarter of 2016.”

Security drive

Recent research from Skyhigh networks found three quarters of enterprise users have a compromised account each month and more than 200 files called ‘password’. The average company sees 5.6 million ‘events’ each month, such as file uploads, logins and edits, of which 256 are described as ‘anomalous’.

These might be logins from two separate locations or unusual volumes of download traffic. Just 2.7 are genuine threats.

Earlier this year, Microsoft patched a vulnerability that could have allowed an attacker to gain access to any account at a business with a federated domain. The group of companies that use federated domains includes some of the biggest names in technology, such as IBM, Cisco, BT, Vodafone and Microsoft itself, and high profile firms like British Airways, PwC and KPMG.

Think you know all about Microsoft Office? Try our quiz!