Office 365 Security & Compliance: Get Started in Five Steps
No time to read the full series now? Download our white paper ‘Getting Started with the Security and Compliance Center’ which includes all the blogs on Office 365 Security and Compliance. Get your copy here
If you’re a regular reader of this blog you may have seen our recent series on the new Office 365 Security and Compliance Center. You can read some/all of the posts here: First Impressions, Reports, Permissions, Data Loss Prevention, Data Management and Service Assurance, Search and Investigation, and Alerts. But more often than not, there isn’t enough time for a 7 blog post binge read – we get that.
What most people need to know about new Office 365 functionality is where to start – maybe you just need to know the basic ‘do’s and don’ts’ before you jump in, and try it out for yourself? This is why we have created a checklist of the absolute ‘must-do’ items when you come to configure the Security & Compliance Center for your platform.
So here they are:
1. First things first: Consider what Office 365 security and compliance settings your organisation needs before you make any changes in the center. Just because certain functionality or features are available doesn’t necessarily mean that they will benefit your environment, and it is easy to become distracted from the essentials.
Try to begin with a clear list of requirements and expectations, then it should make the initial process easier – you can always build on your current configurations as your needs change or develop.
2. Switch on Audit Logging: There are very few technologies in the world that are able to work if they’re not switched on (go on, see if you can think of five). One slightly troublesome issue with the new center is that a couple of the features need to be turned on. One such feature is audit logs.
If you want to use audit logging (or any of the useful reports that can be generated from the logs), you have to turn it on. To do this, click ‘Start recording user and admin activity’ on the Audit log search page in the Security and Compliance Center.
Once you enable this, you cannot search immediately, and will need to wait a couple of hours while the data is being prepared. If this link is not available then it means that audit logging has already been enabled for your organisation.
3. Permissions: Also extremely important, and if you want to keep everyone happy, permissions should be one of the first things you get sorted. The Security and Compliance Center offers a range of permission settings to allow moderated access to all the features your users need. Note: You have to be a global Office 365 admin to assign permissions.
The center splits permissions into roles and role groups for each feature – it’s a little confusing, but it basically means that you have fine-grained control of any permissions you choose to set (click here for a longer explanation). It’s easy to review, amend and remove permissions in the center, giving you visibility and control when it comes to user access.
4. Switch on Alerting: Audit logging is not the only setting that needs to be enabled. Alerting with Advanced Security Management also needs to be switched on. Currently available with E5 licences, or as an add-on to other Enterprise plans, Advanced Security Management is the newest security feature in the center, providing ‘threat detection’, ‘enhanced control’, and ‘Discovery and insights’. If you’ve got it, turn it on by:
- Signing into Office 365, and going to the Security & Compliance Center.
- Selecting ‘Alerts’, then Manage advanced alerts.
- Turn on Advanced Security Management for Office 365.
5. Test it First: Finally, if you want to start configuring your policies, but don’t want to restrict or confuse your end users while you’re figuring out the parameters or trying features out – why not use Test mode? For DLP policies, you can set your requirements, create your policy and collect data without notifying, restricting or interfering with your end users in the slightest. This allows you to review the effectiveness of your policy, and refine it as necessary.
As you see below, there are clear options to allow you to choose the action you would like in the event of a policy breach.
The Security and Compliance Center is a large and complex offering, with numerous invaluable features and resources. This checklist of the basics should help you avoid any data loss or security risks while you get further acquainted with the center – but it is by no means exhaustive. If you want to get more information about each of the features, or if you would like to see the Security and Compliance Center in action, then why not download our white paper – ‘Getting Started with the Security and Compliance Center’.