What's new in Office 365 Cloud App Security

Office 365 Advanced Security Management is now Office 365 Cloud App Security.

Read this article to get a quick overview of updates and new features in Office 365 Cloud App Security, which is powered by Microsoft Cloud App Security.

This article is updated frequently, as features are added or improved.

Office 365 Cloud App Security release 117

Releasing with Microsoft Cloud App Security release 117:

  • i-FILTER support. Cloud Discovery now supports i-FILTER.

Office 365 Cloud App Security release 116

Releasing with Microsoft Cloud App Security release 116:

  • Anomaly detection policy enhancements. Anomaly detection polices in Office 365 Cloud App Security were enhanced with new scenario-based detections including impossible travel, activity from a suspicious IP address and multiple failed login attempts. The new policies are automatically enabled, providing out-of-the-box threat detection across your cloud environment. In addition, the new policies expose more data from the Office 365 Cloud App Security detection engine, which can help speed up the investigation process and contain ongoing threats. To learn more, see the Microsoft Cloud App Security article, Get instantaneous behavioral analytics and anomaly detection.

  • Log parser support for Checkpoint formats. The Cloud Discovery log parsers now support two additional Checkpoint formats: XML, and KPC.

Office 365 Cloud App Security release 114

Releasing with Microsoft Cloud App Security release 114:

  • Service status. You can now check the current Office 365 Cloud App Security service status by going to Help > System status.

    Click Help > System Status to view system health status

  • Custom queries for Activity log. Beginning in version 114, the ability to create and save custom queries in the Activity log is rolling out gradually. Custom queries enable you to create filter templates that can be reused for deep-dive investigation. In addition, suggested queries have been added to provide out-of-the-box investigation templates to filter your activities and discovered apps. Suggested queries include custom filters to identify risks such as impersonation activities, administrator activities, risky non-compliant cloud storage apps, enterprise apps with weak encryption, and security risks. Use the suggested queries as a starting point, modify them as needed, and then save them as a new query.

Office 365 Cloud App Security release 113

Releasing with Microsoft Cloud App Security release 113:

  • Log parser support for generic formats. The Cloud Discovery log parsers now support the following generic formats: LEEF, CEF, and W3C.

Office 365 Cloud App Security release 112

Releasing with Microsoft Cloud App Security release 112:

  • Relevant insight drawer. In the Activity log, you can now access the relevant insight drawer by clicking on a user name or IP address.

    Click on a user name or IP address to see the relevant insight drawer in the Activity log.

  • Ability to view more activities with a click. In the relevant insight drawer, you can click the clock icon to view all activities performed within 48 hours of a selected activity.

    In the relevant insights drawer, you can click the clock icon to see activities performed within 48 hours of a selected activity

  • Log parser improvements for Juniper SRX. Improvements were made to the Cloud Discovery log parser for Juniper SRX.

Office 365 Cloud App Security release 111

Releasing with Microsoft Cloud App Security release 111:

  • Time filter improvements. Time filters are now easier to use. To access a time filter, in a view, such as Activity log, Policies, Alerts, using the Advanced view, choose Date in the list of filters. Then choose an option, such as before, after, or in between to apply the time filter.

    Use the Date filter to view information before, after, or in between dates.

Office 365 Cloud App Security release 110

Releasing with Microsoft Cloud App Security release 110:

  • SIEM server integration now generally available. Connect your SIEM server to Office 365 Cloud App Security. You can now send alerts and activities automatically to your SIEM server of choice by configuring SIEM Agents. See Integrate your SIEM server with Office 365 Cloud App Security.

  • Easier access to help content. Using the new question mark in the upper right corner, you can now access the help content from within the pages of the Office 365 Cloud App Security portal. Each link is context-sensitive, taking you to the information you need, based on the page you’re on.

  • Send us feedback. Using the smiley face in the upper right corner, you can now send feedback from every page of the Office 365 Cloud App Security portal. This enables you to report bugs, request new features and share your experience directly with the Office 365 Cloud App Security team.

Office 365 Cloud App Security release 102

Releasing with Microsoft Cloud App Security release 102:

  • New user investigation actions enable an added level of drill-down to user investigations. On an Investigate page, you can hover on an activity, user, or account and apply it as a filter, and from there, you can view related activities or events.

Office 365 Cloud App Security release 100

Releasing with Microsoft Cloud App Security release 100:

  • Security extensions is a new dashboard where you can centrally manage all your security extensions for Office 365 Cloud App Security, including API tokens and SIEM agents. To view the Security extensions dashboard, follow these steps:

    1. Go to https://protection.office.com and sign in using your work or school account for Office 365. (This takes you to the Security & Compliance Center.)

    2. Go to Alerts > Manage advanced alerts.

    3. Choose Go to Office 365 Cloud App Security.

      In the Security & Compliance Center, choose Alerts > Manage advanced alerts > Go to Advanced Security Management

    4. Choose Settings > Security extensions.

      In the ASM portal, choose Settings > Security extensions

  • Improved parsing. Improvements were made in the Cloud Discovery log parsing mechanism. Internal errors are significantly less likely to occur.

  • Expected log formats. The expected log format for Cloud Discovery logs now provides examples for both Syslog format and FTP format.

Related topics

Office 365 Cloud App Security help content
Utilization activities after rolling out Office 365 Cloud App Security  

Connect with an expert
Contact us
Expand your skills
Explore training

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×