Office 365 Advanced Security Management is now Office 365 Cloud App Security.
After Office 365 Cloud App Security is turned on, the next steps for your global or security administrators to take so they can better monitor and manage your organization's cloud activity are:
Tip: Office 365 Cloud App Security is available in Office 365 Enterprise E5 or as an add-on for another Office 365 Enterprise subscription. To view or add to your subscription, as a global admin, sign in to Office 365, and then choose Admin > Billing. For more information about plan options, see Compare All Office 365 for Business Plans.
As a global or security administrator, go to https://protection.office.com and sign in using your work or school account for Office 365. (This takes you to the Security & Compliance Center.)
Go to Alerts > Manage advanced alerts.
Choose Go to Office 365 Cloud App Security to go to the Office 365 Cloud App Security portal.
When you go to the Office 365 Cloud App Security portal, the first page you see is the Policies page, which resembles the following image:
When you define your policies, you also set up your alerts and actions. An alert is a criteria based notification that appears in a view or is sent to you. There are two types of alerts in Office 365 Cloud App Security: anomaly detection alerts that detect suspicious activity, and activity alerts, which you create for activities you know might be atypical for your organization. Alerts notify you when there's an activity in your tenant that's outside the ordinary for your organization.
See the following resources to set up your policies and alerts:
You can learn about your organization's cloud usage through reports and a Cloud Discovery dashboard (also called Productivity App Discovery). This dashboard shows information about users, apps, web traffic, and risk levels.
To go to the Productivity App Discovery dashboard, in the Office 365 Cloud App Security portal, choose Discover > Cloud Discovery dashboard.
To populate reports with the information you need, upload your log files from your organization's firewalls and proxies. To learn more, see the following resources:
As a global or security administrator, you can manage apps, such as custom apps or third-party apps, that people in your organization are using on their devices with Office 365. For example, suppose that someone has downloaded a custom app they want to use with Office 365. You can review the apps people are using, ban untrusted apps, or mark apps as approved for your tracking purposes. Manage app permissions using Office 365 Cloud App Security.
Is your organization using a security information and event management (SIEM) server? Office 365 Cloud App Security can now integrate with your SIEM server to enable centralized monitoring of alerts. Integrating with a SIEM service allows you to better protect your cloud applications while maintaining your usual security workflow, automating security procedures and correlating between cloud-based and on-premises events. The SIEM agent runs on your server, pulls alerts from Office 365 Cloud App Security, and streams those alerts into your SIEM server. See SIEM integration with Office 365 Cloud App Security.