Office 365 Advanced Security Management is now Office 365 Cloud App Security.
You are here!
Tip: Office 365 Cloud App Security is available in Office 365 Enterprise E5 or as an add-on for another Office 365 Enterprise subscription. To view or add to your subscription, as a global admin, sign in to Office 365, and then choose Admin > Billing. For more information about plan options, see Compare All Office 365 for Business Plans.
As you prepare to turn on and implement Office 365 Cloud App Security for your organization, there are a few things to take into account. Use this article as a guide to plan for Office 365 Cloud App Security.
Identifying your global and security administrator accounts
Only global administrators or security administrators can access the Office 365 Cloud App Security portal to define policies, view reports, or take other actions to protect your organization. However, you also want to be careful with your user accounts that have elevated permissions. See Protect your Office 365 global administrator accounts for more information.
Getting to the Office 365 Cloud App Security portal
As a global or security administrator, go to https://protection.office.com and sign in using your work or school account for Office 365. (This takes you to the Security & Compliance Center.)
Go to Alerts > Manage advanced alerts.
Choose Go to Office 365 Cloud App Security to go to the Office 365 Cloud App Security portal.
When you go to the Office 365 Cloud App Security portal, the first page you see is the Policies page, which resembles the following image:
Defining policies and setting up alerts & actions
When you define your policies, you also set up your alerts and actions. An alert is a criteria based notification that appears in a view or is sent to you. There are two types of alerts in Office 365 Cloud App Security: anomaly detection alerts that detect suspicious activity, and activity alerts, which you create for activities you know might be atypical for your organization. Alerts notify you when there's an activity in your tenant that's outside the ordinary for your organization.
See the following resources to set up your policies and alerts:
Learning about your organization's cloud usage through reports
You can learn about your organization's cloud usage through reports and a Cloud Discovery dashboard (also called Productivity App Discovery). This dashboard shows information about users, apps, web traffic, and risk levels.
To go to the Productivity App Discovery dashboard, in the Office 365 Cloud App Security portal, choose Discover > Cloud Discovery dashboard.
To populate reports with the information you need, upload your log files from your organization's firewalls and proxies. To learn more, see the following resources:
Managing apps that your organization is using to access Office 365
As a global or security administrator, you can manage apps, such as custom apps or third-party apps, that people in your organization are using on their devices with Office 365. For example, suppose that someone has downloaded a custom app they want to use with Office 365. You can review the apps people are using, ban untrusted apps, or mark apps as approved for your tracking purposes. Manage app permissions using Office 365 Cloud App Security.
Using your SIEM server with Office 365 Cloud App Security
Is your organization using a security information and event management (SIEM) server? Office 365 Cloud App Security can now integrate with your SIEM server to enable centralized monitoring of alerts. Integrating with a SIEM service allows you to better protect your cloud applications while maintaining your usual security workflow, automating security procedures and correlating between cloud-based and on-premises events. The SIEM agent runs on your server, pulls alerts from Office 365 Cloud App Security, and streams those alerts into your SIEM server. See SIEM integration with Office 365 Cloud App Security.