Exploring the Security and Compliance Center – Part 7: Alerts
Last but not least, our final post in this series on the Security and Compliance Center takes a look at Alerts. If you haven’t already, why not take a look back over the series so far? We have posted on First Impressions, Reports, Permissions, Data Loss Prevention, Data Management and Service Assurance and Search and Investigation.
If you’ve enjoyed the series, why not download our white paper ‘Getting Started with the Security and Compliance Center’ which includes all the blogs on Office 365 Security and Compliance. Get your copy here
Alerts are part of the new Advanced Security Management – ‘a new set of capabilities powered by Microsoft Cloud App Security – to give you greater visibility and control over your Office 365 environment’.
This feature is a new addition to the center, and is available with Office 365 E5 licences, or as an add-on to other Enterprise plans for $3 per user, per month. It began rolling out last week, so you may or may not have seen it in the center just yet.
According to the release blog Advanced Security Management includes:
- Threat detection—Helps you identify high-risk and abnormal usage, and security incidents.
- Enhanced control—Shapes your Office 365 environment leveraging granular controls and security policies.
- Discovery and insights—Get enhanced visibility into your Office 365 usage and shadow IT without installing an end point agent.
When you go into the Alerts section of the center, there is a button that directs you to Advanced Security Management.
As you can see above, there is a list of different activities with a range of insights such as: User, App, IP Address, Location, Device and Date. You can search or filter items, and the portal also allows you to create new activity policies. The Alerts section shows you any activity that could be deemed odd, suspicious or harmful. There are anomaly detection alerts automatically set up for certain actions based on Microsoft’s algorithms, but you can also set up personalised alerts (activity alerts) – for example if you have a certain document that you want to monitor for viewing/download/modification activity, you can set this up here.
It is important to note that you have to enable Advanced Security Management, and after you do this, it will be 7 days before you start receiving any anomaly detection alerts – allowing the algorithm some time to understand what is ‘normal’ activity and what isn’t. The alerts are ranked on a scale of low, medium and high severity.
If you have an Office 365 E5 licence, you should be able to go in and see information for your environment, it can take some time for the data to sync, so you may not have a full view of all activity when you first enter the portal. As you can see above in the blue banner, we got the message: ‘Sync in progress…it might take a few hours for all the data to appear’.
As we have seen throughout the series, the Security and Compliance Center has a range of useful tools that can help you to review your environment, and implement compliance and security policies to regulate and safeguard it. When using the center in its current form, pre-empting your compliance needs and usage is a priority – if you try to do this when you actually need the data it will be too late. A handful of the features need to be turned on in order to work or require prior configuration, so if you need to set policies and permissions for different elements of the center it is best to do this sooner rather than later, so that your requirements are in place, and no data goes uncollected or unseen. At this stage, the best practice might be to make your configurations, and create basic policies as early as possible then test the changes you make, they can always be amended, refined, or even removed based on the results.
While it is likely that certain industries that have strict regulation or perhaps rigid security requirements may not have all of their needs met by the current Security and Compliance Center, the ever-growing set of features and functionality are a solid starting point for mapping out these requirements in Office 365. We hope that this series has given you a preliminary introduction to the center, so that you can now explore it for yourself, and begin to test and configure the features for your organisation’s needs.
Want to keep a copy of the full Security and Compliance series? Why not download our white paper?
Cogmotive is the leading global provider of enterprise level reporting and analytics applications for Office 365. Find out more now.