As a result, your Office 365 platform is filled with confidential, sensitive, and personal data, and the service is accessible on any device, as long as the correct credentials are used. How do you identify suspicious activity and keep it protected?
The General Data Protection Regulation (GDPR) specifies that any potential data loss incident containing personal data needs to be reported to the ICO within a very tight timeframe. Failure to comply can result in hefty fines, so you need to have a strong, repeatable strategy for detecting incidents quickly. Can you afford a slow response?
When an incident occurs, you need to find out what happened, who’s responsible, when it happened, and what action needs to be taken. To get these details, you need comprehensive auditing of all activity. More importantly, the audit trail needs to be clear, responsive, and easily searchable, providing both a ‘micro’ and ‘macro’ view of exactly what’s happened.
Microsoft’s built-in Office 365 Audit log lacks the advanced capabilities required by larger, more complex organizations. The service is simply not built for rapid response, nor extensive filtering, and there’s no visualization of the date, in graph or chart form. Not only that, you have a limited detection window as there’s a 90-day limit on audit data before it’s removed. Finally, you have to make sure auditing is enabled, otherwise it will not capture any activity on your tenant.
When it comes to Office 365 security, you need a proactive, preventative strategy at the forefront, and a fast, effective response acting as your back-up – for if (or when) something manages to break through.
Our Office 365 security and auditing solution enables you to quickly see all activity in your environment in a clear, customizable timeline view, with a range of audit reports, highlighting different areas of vulnerability. The audit data is retained for a year, with the option to extend this further.
Take a proactive approach to improving security settings by isolating sensitive areas of your environment and reviewing your permissions models regularly. Monitor high-level trends and admin activity, so that you know what ‘normal’ looks like.
Respond quickly to a potential threat with intelligent on-event alerts. Configure alerts on any abnormal activities, or sensitive areas which need increased supervision, and receive email or SMS notifications so you can investigate immediately.
Example use cases:
Where your investigation starts depends entirely on the information you have: maybe it’s a date range, a specific action, or a workload that has been targeted. Advanced filtering can be applied to drill down into individual timescales, users, or events, enabling you to rapidly identify the source of the incident.