Overview of Office 365 Cloud App Security

Office 365 Advanced Security Management is now Office 365 Cloud App Security.

Evaluation    >

Planning    >

Deployment    >

Utilization   

You are here!

Next steps

Start planning

Start deploying

Start utilizing

Office 365 Cloud App Security gives you insight into suspicious activity in Office 365 so you can investigate situations that are potentially problematic and, if needed, take action to address security issues. With Office 365 Cloud App Security, you can do all of the following:

  • See how your organization's data in Office 365 is accessed and used

  • Define policies that trigger alerts for atypical or suspicious activities

  • Suspend user accounts exhibiting suspicious activity

  • Require users to log back in to Office 365 apps after an alert has been triggered

Note: Office 365 Cloud App Security is available in Office 365 Enterprise E5. If your organization is using another Office 365 Enterprise subscription, Office 365 Cloud App Security can be purchased as an add-on. (As a global admin, in the Office 365 admin center, choose Billing > Add subscriptions.) For more information about plan options, see Compare All Office 365 for Business Plans.

  1. As a global administrator or security administrator for Office 365, go to https://protection.office.com and sign in using your work or school account for Office 365. (This takes you to the Security & Compliance Center.)

  2. In the Security & Compliance Center, choose Alerts > Manage advanced alerts.

    In the Security & Compliance Center, choose Manage Advanced Alerts to go to Office 365 Cloud App Security

    (If Office 365 Cloud App Security is not yet enabled, turn on Office 365 Cloud App Security.)

  3. Choose Go to Office 365 Cloud App Security.

The Cloud Discovery Dashboard, also referred to as Productivity App Discovery, shows information about cloud app usage within your organization. You can view information about apps, users, traffic, transactions, and more using this dashboard. The Cloud Discovery Dashboard resembles the following image:

In the Office 365 CAS portal, choose Discover > Cloud Discovery dashboard

To get to this dashboard, in the Office 365 Cloud App Security portal, go to Discover > Cloud Discovery dashboard.

In the Office 365 CAS portal, choose Discover

Review app discovery findings in Office 365 Cloud App Security

You can use your traffic log files from your firewalls and proxies, and view information gathered from your traffic logs on the Activity log page in Office 365 Cloud App Security.

In the O365 CAS portal, choose Investigate > Activity log

To get to this page, in the Office 365 Cloud App Security portal, go to Investigate > Activity log.

In the O365 CAS portal, choose Investigate.

The more details that are included in those log files, the better visibility you'll have into user activity. You can use log files from Barracuda, Blue Coat, Check Point, Cisco, Clavister, Dell SonicWALL, Fortinet, Juniper, McAfee, Microsoft, Palo Alto, Sophos, Squid, Websence, Zscaler, and more.

Learn about web traffic logs and data sources for Office 365 Cloud App Security

With Office 365 Cloud App Security, you can allow or prevent people in your organization to use third-party apps that access data in Office 365.

In O365 CAS, you can access the Manage App Permissions page from the Investigate menu.

To get to this page, go to Investigate > App permissions.

In the O365 CAS portal, choose Investigate.

Manage app permissions using Office 365 Cloud App Security

Save time in defining policies by using one or more templates as a starting point. You can choose from a variety of templates. For example, you can choose from templates that detect general anomalies, identify users logging in from a risky IP address, detect ransomware activities, detect administrator activities from non-corporate IP addresses, and more.

In the CAS portal, choose Control > Templates to view or create policy templates

To view/use policy templates, in the Office 365 Cloud App Security portal, go to Control > Templates.

In the O365 CAS portal, choose Control

To learn more about policies, see the following resources:

Alerts are set up for two types of policies: Anomaly detection policies that detect suspicious activity; and Activity policies, which are defined for activities that might be atypical for your organization. To view alerts for your organization, choose Alerts in the navigation bar across the top of the screen.

Visit the Alerts page in O365 CAS to view information about triggered alerts

As alerts are triggered you can review them to learn more about what is going on. Then, if the activity is still suspicious, you can take action. For example, you can notify a user about an issue, suspend a user from signing in to Office 365, or require a user to sign back in to Office 365 apps.

To learn more about alerts, see the following resources:

Next steps

Connect with an expert
Contact us
Expand your skills
Explore training

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×