Get started with Advanced Security Management

With Office 365 Advanced Security Management, global or security administrators can manage your organization's cloud activity more securely. After Advanced Security Management is turned on, the next steps are to:

  1. Go to the Advanced Security Management portal

  2. Define policies and alerts

  3. Learn about cloud usage in your organization

  4. Manage apps that your organization uses with Office 365

You can also use your SIEM server with Advanced Security Management.

You must be a global administrator or security administrator to perform the procedures in this article.

Tip: Advanced Security Management is available in Office 365 Enterprise E5 or as an add-on for another Office 365 Enterprise subscription. To view or add to your subscription, as a global admin, sign in to Office 365, and then choose Admin > Billing. For more information about plan options, see Compare All Office 365 for Business Plans.

The Advanced Security Management portal resembles the following image:

When you go to the ASM portal, you start with with Policies page

  1. Go to and sign in using your work or school account for Office 365. (This takes you to the Security & Compliance Center.)

  2. Go to Alerts > Manage advanced alerts.

  3. Choose Go to Advanced Security Management to go to the Advanced Security Management portal.

    In the Security & Compliance Center, choose Alerts > Manage advanced alerts > Go to Advanced Security Management

In the Advanced Security Management portal, you can:

  • Define policies and set up alerts & actions

  • Learn about cloud usage across your organization through reports and a dashboard

  • Manage third-party apps that people in your organization are using with Office 365

An alert is a notification based on a set of criteria that appears in a view or is sent to you. There are two types of alerts in Advanced Security Management: anomaly detection alerts, which are based on automatic algorithms that detect suspicious activity, and activity alerts, which you create for different activities you know might be atypical for your organization. For example, you might want the system to alert you when a user takes an administrative action, like creating a new user from a non-admin location.

With alerts, you can be notified whenever there's an activity in your tenant that's outside the ordinary for your organization. How does Office 365 know what is "outside the ordinary" for you? You define one or more policies that include different criteria that "trigger" the alert to tell you there's something up that you should check out.

See the following resources to set up your policies and alerts, and take action:

You can learn about your organization's cloud usage through reports and a Cloud Discovery dashboard (also called Productivity App Discovery). This dashboard shows information about users, apps, web traffic, and risk levels.

Example report in the Cloud Discovery Dashboard in ASM

To go to the dashboard, in the Advanced Security Management portal, choose Discover > Cloud Discovery dashboard.

In the ASM portal, go to Discover > Cloud Discovery dashboard

To populate reports with the information you need, you'll upload log files from your organization's firewalls and proxies. Then, you can view data in the dashboard and reports, and even create your own custom reports. To learn more, see the following resources:

As a global or security administrator, you can manage apps, such as custom apps or third-party apps, that people in your organization are using with Office 365. For example, suppose that someone has downloaded a custom app they want to use with Office 365. You can ban untrusted apps, or mark apps as approved for tracking purposes. To learn more, see Manage app permissions using Advanced Security Management.

Is your organization using a SIEM server? Advanced Security Management can now integrate with your SIEM server to enable centralized monitoring of alerts. Integrating with a SIEM service allows you to better protect your cloud applications while maintaining your usual security workflow, automating security procedures and correlating between cloud-based and on-premises events. The SIEM agent runs on your server and pulls alerts from Advanced Security Management and streams them into the SIEM server. For more information, see SIEM integration with Office 365 Advanced Security Management.

Related topics

Advanced Security Management (help and how-to)
What is Cloud App Security?

Expand your skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.