Get ready for Office 365 Cloud App Security

Office 365 Advanced Security Management is now Office 365 Cloud App Security.

Evaluation    >

Planning    >

Deployment    >

Utilization   

Start evaluating

You are here!

Next steps

Start deploying

Start utilizing

Tip: Office 365 Cloud App Security is available in Office 365 Enterprise E5 or as an add-on for another Office 365 Enterprise subscription. To view or add to your subscription, as a global admin, sign in to Office 365, and then choose Admin > Billing. For more information about plan options, see Compare All Office 365 for Business Plans.

As you prepare to turn on and implement Office 365 Cloud App Security for your organization, there are a few things to take into account. Use this article as a guide to plan for Office 365 Cloud App Security.

  1. Identifying your global and security administrator accounts

  2. The Office 365 Cloud App Security portal

  3. Defining policies and alerts

  4. Cloud usage in your organization

  5. Managing apps that your organization uses with Office 365

  6. Using your security information and event management (SIEM) server with Office 365 Cloud App Security

Identifying your global and security administrator accounts

Only global administrators or security administrators can access the Office 365 Cloud App Security portal to define policies, view reports, or take other actions to protect your organization. However, you also want to be careful with your user accounts that have elevated permissions. See Protect your Office 365 global administrator accounts for more information.

Getting to the Office 365 Cloud App Security portal

  1. As a global or security administrator, go to https://protection.office.com and sign in using your work or school account for Office 365. (This takes you to the Security & Compliance Center.)

  2. Go to Alerts > Manage advanced alerts.

  3. Choose Go to Office 365 Cloud App Security to go to the Office 365 Cloud App Security portal.

    In the Security & Compliance Center, choose Manage Advanced Alerts to go to Office 365 Cloud App Security

    When you go to the Office 365 Cloud App Security portal, the first page you see is the Policies page, which resembles the following image:

    When you go to the Office 365 Cloud App Security portal, you start with the Policies page

Defining policies and setting up alerts & actions

When you define your policies, you also set up your alerts and actions. An alert is a criteria based notification that appears in a view or is sent to you. There are two types of alerts in Office 365 Cloud App Security: anomaly detection alerts that detect suspicious activity, and activity alerts, which you create for activities you know might be atypical for your organization. Alerts notify you when there's an activity in your tenant that's outside the ordinary for your organization.

See the following resources to set up your policies and alerts:

Learning about your organization's cloud usage through reports

You can learn about your organization's cloud usage through reports and a Cloud Discovery dashboard (also called Productivity App Discovery). This dashboard shows information about users, apps, web traffic, and risk levels.

In the Office 365 CAS portal, choose Discover > Cloud Discovery dashboard

To go to the Productivity App Discovery dashboard, in the Office 365 Cloud App Security portal, choose Discover > Cloud Discovery dashboard.

In the Office 365 CAS portal, choose Discover

To populate reports with the information you need, upload your log files from your organization's firewalls and proxies. To learn more, see the following resources:

Managing apps that your organization is using to access Office 365

As a global or security administrator, you can manage apps, such as custom apps or third-party apps, that people in your organization are using on their devices with Office 365. For example, suppose that someone has downloaded a custom app they want to use with Office 365. You can review the apps people are using, ban untrusted apps, or mark apps as approved for your tracking purposes. Manage app permissions using Office 365 Cloud App Security.

Using your SIEM server with Office 365 Cloud App Security

Is your organization using a security information and event management (SIEM) server? Office 365 Cloud App Security can now integrate with your SIEM server to enable centralized monitoring of alerts. Integrating with a SIEM service allows you to better protect your cloud applications while maintaining your usual security workflow, automating security procedures and correlating between cloud-based and on-premises events. The SIEM agent runs on your server, pulls alerts from Office 365 Cloud App Security, and streams those alerts into your SIEM server. See SIEM integration with Office 365 Cloud App Security.

Next steps

Expand your skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×