Office 365 Advanced Security Management is now Office 365 Cloud App Security.
You are here!
Note: Office 365 Cloud App Security is available in Office 365 Enterprise E5. If your organization is using another Office 365 Enterprise subscription, Office 365 Cloud App Security can be purchased as an add-on. (As a global administrator, in the Office 365 admin center, choose Billing > Add subscriptions.) For more information, see Office 365 Platform Service Description: Office 365 Security & Compliance Center and Buy or edit an add-on for Office 365 for business.
As you prepare to turn on and implement Office 365 Cloud App Security for your organization, there are a few things to take into account. Use this article as a guide to plan for Office 365 Cloud App Security.
Identify and protect your global and security administrator accounts
Global administrators, security administrators, and security readers can access the Office 365 Cloud App Security portal to view policies, review alerts, and use reports. Global administrators and security administrators can define policies and take other actions to protect your organization. (For more information, see Permissions in the Office 365 Security & Compliance Center.) Review your organization's user accounts that have elevated permissions as a precaution.
Turn on audit logging for your organization
In order for Office 365 Cloud App Security to work correct, audit logging must be turned on. This is typically done by an Exchange Online administrator or a global administrator.
Go to the Office 365 Cloud App Security portal
Go to https://protection.office.com and sign in using your work or school account for Office 365. (This takes you to the Security & Compliance Center.)
Go to Alerts > Manage advanced alerts.
Choose Go to Office 365 Cloud App Security to go to the Office 365 Cloud App Security portal.
When you go to the Office 365 Cloud App Security portal, the first page you see is the Policies page, which resembles the following image:
Define policies and set up alerts & actions
Global administrators and security administrators define policies in Office 365 Cloud App Security. During the process of defining policies, alerts and actions are also set. An alert is a criteria-based notification that appears in a view or is sent via email.
There are two types of alerts in Office 365 Cloud App Security: anomaly detection alerts that detect suspicious activity, and activity alerts, which are defined for activities that might be atypical for your organization. Alerts notify global administrators and security administrators when there's an activity in your Office 365 environment that's unusual for your organization.
See the following resources to learn more:
Learn about your organization's cloud usage
As a global administrator, security administrator, or security reader, you can learn about your organization's cloud usage through reports and a Cloud Discovery dashboard (also called Productivity App Discovery). This dashboard shows information about users, apps, web traffic, and risk levels.
To go to the Productivity App Discovery dashboard, in the Office 365 Cloud App Security portal, choose Discover > Cloud Discovery dashboard.
To populate reports with the information you need, upload your log files from your organization's firewalls and proxies. To learn more, see the following resources:
Manage apps that your organization is using to access Office 365
As a global administrator or security administrator, you can manage apps, such as custom apps or third-party apps, that people in your organization are using on their devices with Office 365. For example, suppose that someone has downloaded a custom app they want to use with Office 365. You can review the apps people are using, ban untrusted apps, or mark apps as approved for your tracking purposes. Manage app permissions using Office 365 Cloud App Security.
Use your SIEM server with Office 365 Cloud App Security
Is your organization using a security information and event management (SIEM) server? Office 365 Cloud App Security can now integrate with your SIEM server to enable centralized monitoring of alerts. Integrating with a SIEM service allows you to better protect your cloud applications while maintaining your usual security workflow, automating security procedures and correlating between cloud-based and on-premises events. The SIEM agent runs on your server, pulls alerts from Office 365 Cloud App Security, and streams those alerts into your SIEM server. See SIEM integration with Office 365 Cloud App Security.