Microsoft has moved to give IT administrators greatly increased peace of mind about their use of Office 365, with a series of new features that allow them to track anomalous and possibly nefarious usage and to set rules controlling how service can be accessed.
The features — collectively known as Advanced Security Management and detailed in a Microsoft blog on 1 June — are in three categories: threat detection; enhanced control; discovery and insights. Microsoft says they incorporate insights from its operation of a range of cloud services at massive worldwide scale.
Threat detection is a bit of a misnomer: it’s really anomaly detection — which often equates to a threat. For example: multiple failed logins, access from a new location, or from two widely separated locations within an unrealistic short interval.
Anomaly detection also uses behavioural analytics: Microsoft can garner a great deal of information on typical usage patterns, making anything abnormal easy to spot. Each anomaly is given a risk score based on its rating against 70 different factors.
Office 365 Advanced Security Management also lets administrators set many parameters defining what they consider ‘normal’ behaviour and raising alerts, or preventing access and usage outside these limits. For example they can set flags for alerts if a user downloads data volumes in excess of a predetermined limit.
Advanced Security Management also give IT administrators the ability to monitor, and if required restrict, shadow IT by determining what other applications are being used. It has the ability to discover about 1,000 applications in categories like collaboration, cloud storage and webmail and to report on how much data is being sent to OneDrive for Business, Box, Dropbox and other cloud storage services.
Earlier this year, prior to the release of Advanced Security Management Microsoft produced a white paper detailing the security features of Office 365. It explained that there were two distinction dimensions ot security, compliance and privacy in Office 365: Microsoft-managed service-level capabilities that include technologies, operational procedures, and policies that are enabled by default: Customer-managed controls that enable users to customise their Office 365 environment based on the specific needs of their organisation.
User controls detailed in the white paper, and additional to those offered in Advanced Security Management, are: encryption of data at rest or in transit, malware detection and two factor authentication. Options available include a code via text message, a voice message that tells the user to press a certain key, and delivery of one-time code to a smartphone app (Windows, iPhone or Android).