By: Thor Oluvsrud
Microsoft aims to give IT more visibility and control into Office 365 environments with advanced security features that leverage behavioral analytics and machine learning for threat detection.
Security in the cloud is all about visibility and control, and Microsoft is aiming to give Office 365 customers more of both with Wednesday’s introduction of Office 365 Advanced Security Management.
“This is really tailored to the chief security officer, the IT administrator — in smaller businesses, the IT manager,” says Ron Markezich, corporate vice president for Office 365 Commercial Marketing, formerly Microsoft’s CIO. “It allows you to see what apps are being used within the environment. A lot of customers want to manage where their data goes.”
Markezich says that Advanced Security Management is built on three pillars:
- Threat detection. Using behavioral analytics and machine learning, the new capabilities help you identify high-risk and abnormal usage along with security incidents. “We look for different anomalies,” Markezich says. “If someone logs in from the U.S. and 10 minutes later they log in from China, we’ll flag that. If someone is looking to download a huge amount of information to an external cloud app, we’ll flag that. If you’ve got an inactive account that suddenly gets very active, we’ll flag that.”
- Enhanced control. These capabilities allow you to shape your Office 365 environment with granular controls and security policies. Out-of-the-box templates allow IT to create policies around downloading large amounts of data, multiple failed sign-in attempts or sign-ins from a new IP address. With activity filters, IT can look for the location of a user, device type, IP address or if someone is granted admin rights. You can create alerts to notify an IT lead immediately via email or text message. After review, directly from the alert, IT can stop the user from doing anything else or even immediately suspend the account.
- Discovery and insights. This gives IT enhanced visibility into Office 365 usage and shadow IT, without the need for an endpoint agent. “Customers can see what cloud apps, shadow apps, are integrated with Office 365 across their environment,” Markezich says. “All these cloud apps that are so easy to start consuming outside of IT, you have the visibility to discover what’s out there.”
Advanced Security Management is available as part of the top-tier Office 365 E5 package, but is also available as an add-on to all other Office 365 plans for $3 per user per month. The threat detection and activity policy creation features are available immediately. Microsoft says the discovery and insights portion will be available by the end of the third quarter this year.
“Office 365, at its core, is extremely secure,” Markezich says. “Everyone that buys Office 365, regardless of the SKU they buy, are getting premium security Office 365. We’re broadening capabilities to keep the broader set of data in their entire organization secure.”
Markezich also notes you can expect more advanced capabilities in Office 365 down the road, including voice capabilities and richer analytics capabilities built with Power BI and Delve.
“I think that’s going to be the next wave of Office 365 — all these premium services customers will be able to build on top of their Office 365 environments,” he says. “They’ll be advanced premium capabilities that only the largest customers could have in the past.”