Microsoft Enables Threat Detection in Office 365

Enterprise customers can now keep an eye out for security threats that can endanger Office users and their data.

Office 365

Microsoft took the wraps off Office 365 Advanced Security Management, a new set of tools for Office administrators powered by the company's shadow IT-busting Cloud App Security offering.

Cloud App Security itself hails from Microsoft's acquisition of Adallom in 2015. The product provides businesses with insights on whether unsanctioned cloud services are being used in the workplace—hence the term "shadow IT"—and can detect suspicious activity.

Now, those protections are available to Office 365 Enterprise customers.

One of Office 365 Advanced Security Management's key capabilities is threat detection. The solution, explained the Office 365 team in a blog post, "enables you to set up anomaly detection policies, so you can be alerted to potential breaches of your network. Anomaly detection works by scanning user activities and evaluating their risk against over 70 different indicators, including sign-in failures, administrator activity and inactive accounts."

The service can alert administrators to highly suspicious behavior, explained Microsoft. For example, if it detects that a user's Office 365 account was used to check email in the U.S. and then accessed SharePoint half way around the world a few minutes later, it will trigger an alert.

Further, Advanced Security Management uses behavioral analytics to spot unusual behavior and insights gathered from Microsoft's efforts to safeguard its own globe-spanning cloud services slate.

Activity filters enable organizations to zero in on particular types of risky behavior. Configurable templates can be used to notify administrators via text or email if there are changes to a user's location, IP address or device type or if a user has been granted admin rights, among other parameters.

Depending on an organization's tolerance for risky behavior, an administrator can configure activity policies to automatically suspend a user account if it crosses the line. Advanced Security Management can also be used to control which third-party apps are allowed access to Office 365 data.

If users take it upon themselves to link a helper app to their Office calendar data, for example, administrators are made aware and can revoke the offending app's permissions. In total, the service can detect 1,000 apps across several categories, including Webmail, collaboration and cloud storage.

Office 365 Advanced Security Management is included as part of the Office 365 E5 plan. Customers with other Office 365 Enterprise plans can subscribe to it for $3 per user per month.

Microsoft's recent fixation with shadow IT doesn't extend to Windows 10 Pro, however, as some small and midsize business (SMB) users found out last month.

The company quietly disabled a Group Policy setting in version 1511 of the operating system that allowed organizations to block access to the Windows Store, the system software's built-in app marketplace. Restricting app store access is a common technique used by IT pros to dissuade users from installing unauthorized software.

"This behavior is by design. In Windows 10 version 1511, these policies are applicable to users of the Enterprise and Education editions only," explained Microsoft in a support document.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...