How to prevent and expose “unknown unknown” threats

How to prevent and expose “unknown unknown” threats

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Webinar2.png

Check out the joint Microsoft and Morphisec webinar next Tuesday, November 19, at 10am EST where two rockstar women in cybersecurity will show you how to how to prevent and expose “unknown unknown” threats through an integration with Morphisec’s Moving Target Defense and Microsoft Defender ATP.

 

To register and learn more, click here

 

Looking forward to seeing you next week!

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Speed up time to detect and respond to user compromise and limit breach scope with Office 365 ATP

Speed up time to detect and respond to user compromise and limit breach scope with Office 365 ATP

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Attackers are driven by the desire to cause damage or build their brand. They focus on gaining access to sensitive data to expose it, use it, sell it or hold it for ransom. Or they focus on impacting critical infrastructure – whatever will increase their bottom line, be it financial gain or notoriety. Regardless of their goals, attackers often look to achieve them by first gaining a foothold in the organization through a compromised user, device, or application. And then exercising a variety of steps in the ‘kill-chain’ of their attack to achieve their intent. 

A compromised entity in an organization can therefore have serious repercussions. And the longer a compromise goes undetected, the larger the potential for widespread impact and cost to the organization, their customers, and partners. Early detection and remediation of compromise is therefore critical to limit the scope of a breach.

To speed-up that time to detection, limit the scope of the breach and help security teams more effectively and efficiently detect and respond to compromised users, I’m excited to announce the preview of new enhanced compromise user detection and response capabilities in Office 365 ATP

Let me give you a quick look at what these enhanced detections look like, the alerts we raise in the Office 365 Security Center and the insights and powerful automation we offer security teams to investigate and respond to end-user compromise to limit the spread of the attack across the organization.

 

Figure1a.png

 Figure 1: Office 365 ATP auto-investigation into user suspected of being compromised

 

Improving detections across the kill chain

In the past few years, attacks targeting users using identity-based attacks, like password spray attacks, or social engineering attacks, like phishing, to try and compromise credentials has become increasingly common and sophisticated. For instance, over the past year across Office 365 we’ve seen a 60 percent increase in phishing attacks.

Attackers target users to land their exploit and then look to expand their attack scope. They compromise users and then leverage the victim’s contacts, accessible resources, applications they use, and more, to launch a variety of internal attacks to spread across the organization. These can include internal phishing campaigns orchestrated through emails and other collaboration tools to target other users, systems and data repositories inside the organization or in partner organizations.

 

Internal detections of such attacks are therefore a key piece of an organization’s protection and detection strategy. Paired with advanced investigation and response mechanisms, this can help ensure that compromised entities are detected quickly, and the breach does not prove too costly.

The attacker’s activities when using a compromised account are often atypical or anomalous relative to the user’s regular behavior. For instance, there is no good reason for trusted users to be sending any phish or spam emails to other recipients. Being able to detect anomalies in user activity is therefore a key signal source for detection. Office 365 ATP is able to detect these anomalies in email patterns and collaboration activity within Office 365.

 

The attacker may or may not trigger a suspicious login. And often suspicious login alerts, when viewed in isolation can be noisy. However, by pairing these O365 detections with other identity and endpoint-related suspicious signals we can greatly enhance the speed and accuracy of compromise detection

We’ve also built-in automation to investigate the source of the breach, determine if there are other potentially impacted users, and to the analyze the impact of the compromise. Further recommendations are then provided the security teams to remediate and ultimately reduce their attack surface.

 

Alerting security teams to potential compromise

A common attack technique is to use a compromised account to ‘spray’ a phishing campaign and target other users. The compromised mailbox is used to send phishing messages to a large number of users inside and outside the organization with the intent of compromising these other recipients.

When Office 365 detects suspicious email or anomalous activity patterns it will raise an alert to call out the suspicious activity. For example, figure 2 below shows an alert that was raised because of suspicious sending patterns of a user.

 

Fgure 2.png

Figure 2: Office 365 alert raised when suspicious email sending patterns were observed for a user

 Office 365 also allows security teams to define sending limits for users in advance to limit the scope of a possible breach. As shown in Figure 3 below, the admin can set hourly and daily sending limits for users and also specify the action to take if those limits are hit. And when these thresholds are breached, admins are alerted.

 

Figure 3.png

 Figure 3: Office 365 policy for internal and outbound email sending thresholds configuration with notification options

 

In some cases, as shown in figure 4 below, Office 365 will automatically restrict the user from sending any more emails and raise the alert below. 

 

Figure 4.png

 Figure 4: Office 365 alert when user is restricted from sending email detecting compromise

 

These alerts are meant to raise the awareness of security teams so they can quickly contain and investigate the issues.

 

Containing and investigating the threat

As called out above, there are cases where Office 365 will automatically block the user’s ability to send further emails to contain the impact. While an alert is raised, the user is also put on a “restricted” user list, as shown in figure 5 below. Admins can then unblock the user’s ability after investigating the user and assessing impact of the compromise.

 

Figure 5.png

 Figure 5: Users suspected of compromise and therefore restricted from sending email

 

O365 also offers recommendations to guide security teams through the process of unblocking a user manually. As shown in figure 6 below, specific recommendations are offered to check relevant user settings and activity logs to assess the potential impact of the breach. And specific remediation steps are recommended to ensure that the user is secured before re-enabling mail flow. O365 ATP P2 customers get the benefit of automation (covered in next section) where these investigation steps automatically carried out by the system.

 

Figure 6.png

 Figure 6: Admin workflow for mitigating and containing compromised users detected by Office 365

 

Automating investigation and response

Office 365 ATP P2 customers get the added benefit of automation to help with quick investigation and response. When any of the above alerts are raised, they are automatically investigated using detailed, built-in playbooks to determine the scope, impact and cause of the attack. The playbook intersects signals from identity sources, mail flow, DLP and mailbox settings and other O365 events to investigate and analyze the alert.

 

Doing the analysis above quickly and comprehensively is critical to reducing the cost of breach to the organization and preventing data theft or exfiltration. And automating the process achieves this.

 

Figure 7.png

 Figure 7: Office 365 ATP auto-investigation into user suspected of being compromised

 

Figure 7 below shows the automatic investigation results summary. The other tabs in the investigation offer up more details. The ‘Alerts’ tab, includes the other alerts aggregated into the investigation. The ‘Email’ tab includes details of how the automation looked for other emails matching the suspicious emails sent to see if there were other users impacted. The analysis also includes looking for the source of the compromise. The ‘users’ tab highlights other user activity anomalies detected. All the detailed steps of the playbook are captured in the ‘Log’ tab.

These details capture a comprehensive analysis of the alert to determine cause, scope and impact. And offer ways for security teams to verify the investigation steps and results should they choose to. Best of all, because it is the system doing this analysis, it can save security teams a lot of time and effort.

 

The ‘Actions’ tab, shown in figure 8, captures the list of recommended actions for the security teams to take based on the investigation results. This gives security teams the opportunity to review the recommendations prior to taking action.

 

Figure 8.png

 Figure 8: Office 365 ATP recommended response actions as a result of the investigation.

 

Try if for yourself!

These new updates are available in preview worldwide. If you’re not signed up for Office 365 Advanced Threat Protection, check it out here to experience the full security benefits and built-in protection, detection, response and automation capabilities of Office365 ATP.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Simplify compliance and reduce risk with Microsoft Compliance Score

Simplify compliance and reduce risk with Microsoft Compliance Score

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

More than half of risk management decision makers state that IT and cybersecurity risks are their biggest concern[1]. Amid all the challenges in risk management, identifying and assessing risks continue to be the most time-consuming tasks[2]. Many companies rely on manual and point-in-time assessments like annual auditing, which can quickly go out of date and expose companies to unidentified risks between audits. It’s more important than ever to equip IT professionals with the knowledge and tools to work across compliance and risk teams to effectively assess and monitor risks.

 

We are excited to announce the public preview of Microsoft Compliance Score, which helps you simplify compliance and reduce risks. Even if you are not an expert in complex regulations like GDPR, you can still quickly learn the actions recommended to help you progress toward compliance.

01_Microsoft Compliance Score.gifMicrosoft Compliance Score helps demystify compliance and provides recommended actions that help reduce risk.

With Microsoft Compliance Score, you can now continuously assess and monitor data protection controls, get recommendations on how to reduce compliance risks, and leverage the built-in control mapping to scale your compliance effort across global, industrial, and regional regulations and standards.

 

Continuously assess and monitor controls with a risk-based score

Microsoft Compliance Score can scan through your Microsoft 365 environments and detect your system settings, continuously and automatically updating your technical control status[3]. For example, if you configured a compliance policy for Windows devices in the Azure AD portal, Microsoft Compliance Score can detect the setting and reflect that in the control details. Conversely, if you have not created the policy, Microsoft Compliance Score can flag that as a recommended action for you to take. With the ongoing control assessment, you can now proactively maintain compliance, instead of reactively fixing settings following an audit.

 

automated assessments.pngAutomated assessments help you continuously monitor your data protection controls.

Improve your score with recommended actions and solutions

Microsoft Compliance Score provides you with improvement actions in different areas, such as information protection, information governance, device management, and more. This allows you to easily understand the contribution you are making towards organizational compliance by category. Each recommended action has a different impact on your score, depending on the potential risk involved, so you can prioritize important actions accordingly.

 

Score breakdown by category.pngScore breakdown by category helps you identify categories that need more immediate attention.

Risk managers and compliance professionals can assess controls using the assessments view, which shows you the scores of GDPR, ISO 27001, ISO 27018, NIST CSF, NIST 800-53, HIPAA, FFIEC, and more. To help you better prepare for new waves of privacy regulations coming in 2020, we have released the new California Consumer Privacy Act (CCPA) assessment. Microsoft Compliance Score helps make connections between each regulatory requirement and the solutions that can help you enhance your controls, thus increasing your overall score.

Assessment view.pngMicrosoft Compliance Score provides more than 10 out-of-box assessments across global, regional, and industrial regulations and standards.

Scale your compliance effort with built-in control mapping

With more than 220 updates every day from 1,000 regulatory bodies around the world, it’s overwhelming for organizations to keep up to date with the evolving compliance landscape. At Microsoft, we have a team of subject matter experts building out and maintaining a common control framework to scale our compliance effort. We are sharing this knowledge by building it into Microsoft 365 so you can scale your compliance program across global, industrial, and regional regulations and standards. With the built-in control mapping in Microsoft Compliance Score, when you implement one common control, the status and the evidence of the control will be automatically synchronized to the same control in other assessments, helping you reduce duplicate work.

Control mapping view.pngBuilt-in control mapping helps you scale your compliance effort.

Get started today

Microsoft Compliance Score is available to all Microsoft 365 and Office 365 enterprise licenses. You can sign up for a trial or navigate to the Microsoft 365 compliance center (compliance.microsoft.com) to get started today. You can learn more about Microsoft Compliance Score in this supporting document.

 

Compliance Score is a risk-based score that helps you simplify and automate risk assessments and provides recommendations to help you address risks. It does not express an absolute measure of organizational compliance with any particular standard or regulation. It expresses the extent to which you have adopted controls which can reduce the risks to personal data and individual privacy. Compliance Score should not be interpreted as a guarantee in any way.

 

[1] Integrated Risk Management (IRM) market landscape web survey, Gartner, May 2019 (n=500, buyers and influencers of IRM solutions, 1000+ employees)

[2] Deloitte’s 2019 survey of risk management

[3] Note that this functionality is currently available to part of the technical actions. Over the next few months, we will continue integrating more solutions to automate additional control assessments.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Manage eDiscovery for Teams – Announcing conversation reconstruction and more

Manage eDiscovery for Teams – Announcing conversation reconstruction and more

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Reconstruct conversations to provide context for chats

We are excited to announce that the new conversation reconstruction capability is now generally available in the Microsoft 365 Advanced eDiscovery. This capability threads the Microsoft Teams messages into conversations, allowing you to efficiently review and export complete dialogues with context, not just individual messages.

 

Automatically identify and preserve chat content based on people of interest

Today, when you add people of interest (custodians) in Microsoft Advanced eDiscovery, the system can automatically identify these people’s Exchange mailboxes, OneDrive for Business accounts, SharePoint sites, and Teams in which they are members. Through this, you can easily identify the locations where the relevant Teams content may be stored and place a legal hold on it.

 

picker2.PNG

 

Review chat content with context

With our new built-in conversation reconstruction capability, you can identify relevant chats by using targeted queries and include contextual messages in your collection. You will no longer need to run multiple searches to understand the context surrounding your search results.

 

chat threaded.PNG

 

Messages in conversations are processed individually but displayed in a conversation view. You can annotate, tag, and redact messages inside a chat conversation, instead of in individual messages. This makes the review process much more intuitive.

 

Export conversations, not just individual messages

Chats can be exported as threaded conversations or as individual messages. You can choose the format that integrates better with your downstream processes. Regardless of your export format, your export will include all the metadata unique to each message such as sender, time sent, etc. You also have the option to export all your case work on the content, including tags and redactions.

 

export.PNG

Smart tag to intelligently detect attorney client privileged communications

A major and costly aspect of the eDiscovery process is reviewing documents to identify privileged content. We are thrilled to announce the smart tag feature to make this process more intelligent and efficient.

 

The new smart tag capability leverages a pre-trained machine learning model to identify attorney client privileged communications. Once enabled, Advanced eDiscovery will analyze your documents and let you instantly search, identify, and tag potentially privileged documents.

smarttag.png

 

eDiscovery for Yammer to broaden services coverage

We are  excited to let you know that eDiscovery for Yammer is coming soon! We will support hold, search, review and export Yammer content natively in Advanced eDiscovery by end of calendar year 2019.

Get started today

If you have the Microsoft E5 suite, you have access to all features in this announcement. Simply navigate to the Microsoft 365 Compliance Center to get started.

 

If you have not had the Microsoft E5 suite yet, sign up today for a trial!

Visit the following resources to learn more about eDiscovery in Microsoft 365

 

Misha Desai, Program Manager 2, Microsoft 365 Security and Compliance Engineering 

 

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Leveraging AI and automation to quickly identify and investigate insider risks

Leveraging AI and automation to quickly identify and investigate insider risks

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

I spent several years in the Microsoft internal digital security and risk organization helping to develop various programs to identify insider risks, threats and code of conduct policy violations in collaboration with our human resources (HR) and legal teams. The ability to identify these risks and policy violations and then take action to minimize the negative impact is a priority for organizations worldwide.
 
Modern workplaces offer innovative technology that employees love, empowering them to communicate, collaborate, and produce with agility. Trusting your employees is the key to creating a dynamic, inclusive workplace and increasing productivity. But, with trust also comes risk. In fact, a survey by Crowd Research Partners indicated that 90% of organizations feel vulnerable to insider risks and 53% confirmed insider risks against their organization in the previous 12 months.
We know from our own experience that it’s hard to maintain trust without the right visibility, processes and control. However, the effort required to identify these risks and violations is not trivial. Think about the number of people accessing resources and communicating with each other, as well as the natural cycle of people entering and leaving the company. How do you quickly determine what is an intentional risk vs. an unintentional one at scale? And how do you achieve this level of visibility, while aligning to the cultural, legal and privacy requirements in which you operate? For example, truly malicious insiders do things such as intentionally stealing your intellectual property, turning off security controls or harassing others at work. But there are many more situations in which an insider might not even know they are causing a risk to the organization or violating your policies, like when they’re excited about something new they’re working on and send files or photos to tell others about it.
 
Ultimately, it’s important to see the activities and communications that occurred in the context of intent, in order to take the right course of action. The only way to do this efficiently and at scale is by leveraging intelligence and machine learning, as human driven processes can’t keep up and aren’t always that accurate. Furthermore, a holistic solution to this problem requires effective collaboration across security, HR and legal, as well as a balanced approach across privacy and risk management.
 
Today I am excited to announce two new Microsoft 365 solutions, Insider Risk Management and Communication Compliance.  These solutions can help you and your organization to leverage intelligence to identify and remediate insider risks and code of conduct policy violations, while meeting regulatory requirements. 

 

Insider Risk Management
Insider Risk Management leverages the Microsoft Graph, security services and connectors to human resources (HR) systems like SAP, to obtain real-time native signals such as file activity, communications sentiment, abnormal user behaviors and resignation date.

 

irm1.png

 

A set of configurable playbooks tailored specifically for risks – such as digital IP theft, confidentiality breach, and HR violations – use machine learning and intelligence to correlate these signals to identify hidden patterns and risks that traditional or manual methods might miss. Using intelligence allows the solution to focus on actual suspicious activities, so you don’t get overloaded with alerts. Furthermore, display names for risky users can be pseudonymized by default to maintain privacy and prevent bias.
 
A comprehensive 360° view provides a curated and easy-to-understand visual summary of individual risks within your organization. This view includes an historical timeline of relevant in-scope activities and trends associated with each identified user. For example, you could see if a user submitted their resignation, downloaded some files and copied some of them to a USB device. The system also evaluates whether any of those files had classification labels on them and whether they contained sensitive information. With the right permission, the files accessed from Microsoft cloud resources like SharePoint Online can also be made available for the investigator to view, which further helps with the risk determination. Having all this information at your fingertips allows you to quickly decide whether this risk is one that warrants further investigation, saving you considerable time.

 

irm2.png

 

Finally, end-to-end integrated workflows ensure that the right people across security, HR, legal and compliance are involved to quickly investigate and take action once a risk has been identified. For example, if the risk was determined to be unintentional, you could send an email saying this is a violation of company policy with a link to training or the policy handbook. If the risk was determined to be malicious, you could open an investigation that would collate and preserve all the evidence collected, including the documents, and create a case for legal and HR to take appropriate actions.
 
Insider Risk Management is available as part of the Microsoft 365 E5 suite and is currently in limited private preview. You can sign up for an opportunity to participate here.

 

Communication Compliance
Communication Compliance is a brand-new solution that helps all organizations address code-of-conduct policy violations in company communications, while also helping organizations in regulated industries meet specific supervisory compliance requirements. Communication Compliance supports a number of company communications channels, including Exchange email, Teams, Skype for Business Online, Twitter, Facebook and Bloomberg instant messages.

 

Organizations need the ability to improve investigating potential violations and facilitate taking adequate remediation action based on local regulations. To provide granularity in identifying specific words and phrases, we have three out-of-box machine learning models to identify physical violence, harassment, and profanities. You can also build-your-own trainable classifiers that understand meaning and context that are unique to your organization’s need such as insider trading or unethical practice, freeing you from a sea of false positives.   

 

Once a violation has been flagged and the designated supervisor is alerted, it is important that the review process enables them to efficiently act on violations. Communication Compliance includes features such as historical user context on past violations, conversation threading and keyword highlighting, which together allow the supervisor to quickly triage the violation and take the appropriate remediation actions.

 

cc1.png

 

The interactive dashboard provides an effective way to manage the growing volume of communications risks to ensure violations aren’t missed.  Proactive intelligent alerts on policy violations requiring immediate attention allows the supervisor to prioritize and focus on the most critical violations first. In addition, violations, actions and trends by policy provide a quick view on the effectiveness of your program.

 

cc2.png

 

The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for regulated organizations to have solutions in place to detect violations in communications. For example, safeguarding against potential money-laundering, insider trading, collusion, or bribery activities between broker-dealers is a critical priority. For organizations in regulated industries, Communication Compliances provides a full audit of review activities and tracking of policy implementation to help you meet the regulatory requirements you may be subject to.

 

Communication Compliance is available today as part of the Microsoft 365 E5 suite, and you can sign up for a trial or navigate to the Microsoft 365 Compliance Center to get started today. 

 

We encourage customers who are currently using Supervision in Office 365 to use the new Communication Compliance solution to address your regulatory requirements with a much richer set of intelligent capabilities.

 

Thank you,

Talhah Mir, Principal Program Manager, Microsoft 365 Security and Compliance Engineering

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Integrated and intelligent data governance with Microsoft 365

Integrated and intelligent data governance with Microsoft 365

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Organizations are rapidly embracing digital transformation, and as a result the amount of data generated is growing exponentially across environments and endpoints. As data continues to grow, organizations are challenged with the lack of information protection and governance solutions across on-premises, cloud and hybrid environments. According to Gartner, approximately 80% of the data in organizations is unstructured, not classified, protected, or governed, with little visibility into what is happening with their sensitive and business critical data. As a result, organizations are forced to use traditional and fragmented information protection and governance solutions that work in silos and are not designed to be scalable. This makes it challenging to not only protect and govern data efficiently, but also to navigate through the ever changing compliance requirements.

 

The Information Governance capabilities from Microsoft 365 help you in this journey by providing a unified solution that integrates data from heterogeneous environments, intelligently classifies data with machine learning capabilities, provides remediation and enables records management to meet regulations. This helps users and organizations to intelligently govern data across their environment to reduce risk, thereby easing the path towards meeting compliance needs.

 

clipboard_image_0.png

 

Automation at scale

Not all information is created equal and every organization on the planet has data that is unique to them, whether these are contracts, invoices, or customer records. Organizations need to review, classify and assign policies in a way that is automated and scalable. Today, we are excited to announce the public preview of trainable classifiers that will harness the power of machine learning capabilities to help you detect and classify data in your organization. We have ‘built-in’ classifiers to detect resumes, offensive language, or source code. You can also create your own classifiers by providing sample data to look for information that is unique to your organization, such as customer records, HR data, contracts, etc.

 

clipboard_image_0.png

 

At preview, these trainable classifiers can be used with retention labels to help you automatically apply the associated retention or deletion policy. Let us know what you would like to see next in this exciting space through UserVoice.

 

clipboard_image_1.png

 

Integrated with data within and beyond Microsoft 365

Having your information where it can be easily discovered, retained and purged is critical to meeting your compliance needs and reducing risk. Microsoft 365 compliance center provides you streamlined capabilities that allows you to set policies across services.  

 

clipboard_image_2.png

 

Today, you already have available options for bringing your data into Microsoft 365 through both our PST email import and the SharePoint migration tool. This year, we have further broadened the data ingestion capabilities by introducing native connectors to third-party systems. These set of connectors allow you to import relevant information from corporate accounts on social media, instant messaging, and document collaboration platforms into the Microsoft cloud to meet numerous compliance requirements.

 

clipboard_image_3.png

 

Today, we are announcing the public preview of the native connectors gallery within the Microsoft 365 compliance center to discover and manage data from Instant Bloomberg, LinkedIn, Twitter and Facebook. These data connectors benefit Microsoft Information Governance, and a broad set of other solutions from Information Protection to eDiscovery, and we will continue to enhance their scope to include more categories of data outside of Microsoft 365.

 

Meet legal and regulatory requirements with Records Management

For business critical or sensitive data, your organization requires specific workflows to manage regulatory and legal record-keeping compliance. Records Management in Microsoft 365 gives you the ability to manage your complex records retention and disposition workflow efficiently.

 

clipboard_image_4.png

 

The Records Management solution is currently in public preview. This solution lets you easily onboard and manage complex retention schedules, declare items as immutable records, automate retention based on events. Today, we are excited to announce the public preview of trainable classifiers integrated into Records Management to help categorize your records.

 

Today, we are also rolling out new records versioning capabilities for SharePoint Online which enables continuous record declaration on selected versions of a single document. This capability unlocks collaboration on records while maintaining the necessary immutability required by policies and regulations.

 

clipboard_image_5.png

 

The new capabilities in Information Governance and Records Management enhance the already rich set of features available in Microsoft 365, including auto-expanding email archive, retention policies, retention labels, disposition review and more. 

 

Information Governance and Records Management solutions are part of the broader set of capabilities in Microsoft Information Protection and Governance. Get access to the new features with the Microsoft 365 E5 trial here https://aka.ms/M365E5ComplianceTrial or navigate to the Microsoft 365 Compliance Center to get started.

 

 

 

 

 

 

 

 

 

 

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Introducing remote deployment guidance for Microsoft Defender ATP and Office 365 ATP

Introducing remote deployment guidance for Microsoft Defender ATP and Office 365 ATP

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Microsoft Defender ATP and Office 365 ATP are two critical components of the suite of Microsoft security products that work seamlessly together to provide protection across the entire attack kill chain, using built-in intelligence from the Microsoft Intelligent Security Graph to protect identities, email, applications, endpoints, and data from evolving threats.

 

clipboard_image_0.png

 

At Microsoft, we are fully committed to helping customers realize the value of our Microsoft 365 security solutions by deploying them more quickly to address their business needs. FastTrack is responsible for making this commitment a reality by advising and supporting customers during the deployment of their technologies. We are now expanding the support we already provide for securing identities to email and endpoints with remote deployment guidance for customers that want to leverage advanced tools to secure their email and endpoints. Together, identity, email and endpoints represent the three most common entry points for attackers.

 

Microsoft FastTrack enables customers to deploy Microsoft 365 security solutions at no additional cost for eligible subscriptions in North America. FastTrack has an engagement model built on learnings and expertise gained through engineering work with more than 60,000 customers since 2014. We use and share these best practices as part of a deployment process that enables customers to onboard to new services quickly and reliably.

 

The FastTrack team provides remote guidance, engaging directly with customers or partners. This is an ongoing benefit throughout the life of the subscription, delivered by Microsoft and approved partners.

 

This service is initially available in English only. Worldwide availability and additional language support is scheduled for early 2020.

 

To request assistance, visit www.microsoft.com/FastTrack.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Introducing new videos on security and risk fundamentals of the Microsoft cloud environment

Introducing new videos on security and risk fundamentals of the Microsoft cloud environment

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

We are excited to announce some great new videos to help you familiarize yourself with the Microsoft Cloud security, privacy and risk practices!

If you are performing risk and security assessments you could benefit from these videos to learn how Microsoft is managing risks appropriately to ensure your customer data is secure and protected.

A Cloud Adoption Risk Assessment requires a thorough understanding of your Cloud Service Provider (CSP)’s security, privacy, and risk practices. These videos are designed to help you understand how Microsoft deploys a “defense in depth” strategy to secure hardware, software, and processes to safeguard customer data. 

Every business has different needs along their journey to the cloud and these videos are a great way to easily get information regarding the fundamentals of our cloud environment.

We have six videos in all, and they can be found on Microsoft Office 365 YouTube Channel:

 

Audit Videos.pngA screenshot of YouTube Playlist

•           Microsoft Online Services Incident Management This video will walk you through how Online Services investigates, manages, and responds to security concerns so that customers’ data is secure and protected.

•           Microsoft Online Services Continuity Management – This video will walk you through how Online Services anticipates, plans for, and addresses failures at the hardware, network, and datacenter levels.

•           Office 365 Security Development and Operation – This video will walk you through how Online Services combines holistic and practical approaches to reduce the number and severity of vulnerabilities and the Security Development Lifecycle–or SDL.

•           Office 365 Access Controls – This video will walk you through how Online Services operates under the principle of Zero Standing Access, meaning our personnel, by default, never have standing access to customer data; learn the ins-and-outs of access, including the varying types of customer accounts and the limits to access.

•           Office 365 Vulnerability Management – This video will walk you through how Online Services employs vast resources to stop attackers from compromising the integrity, availability, or confidentiality of services.

•           Office 365 Audit Logging and Monitoring – This video will walk you through how Online Services provides many capabilities to evaluate and strengthen the security posture of customer-managed environments; learn about services and features such as security auditing, logging, and reporting.

 

More resources can be found on Service Trust Portal.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Announcing ServiceNow, Microsoft Teams and Planner integration with Microsoft Secure Score

Announcing ServiceNow, Microsoft Teams and Planner integration with Microsoft Secure Score

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

It seems like just yesterday it was July and we were at Microsoft Inspire talking to partners about Microsoft Secure Score. Like years past they had a ton of ideas to share but one request was nearly universal between them. That request was the ability for security administrators to more easily assign secure score related Improvement Actions to co-workers for investigation, implementation, and remediation.

 

This is a scenario that partners and customers alike have asked about for some time, and so we’re excited to announce the general availability of Microsoft Secure Score integration with ServiceNow, Microsoft Teams and Microsoft Planner. With it, security administrators can create ticket, tasks, and send messages directly from the Microsoft Secure Score experience.

 

Introducing the new Share experience

With Microsoft Secure Score it’s all improving your security posture by implementing recommendations and best practices that we call Improvement Actions (e.g.: Do not allow the use of email forwarding rules to external domains). The more Improvement Actions an organization implements the better their score and the more resistant they’ll be to attacks.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 01 - Secure Score.PNG

 

In the previous version of the Microsoft Secure Score experience, as administrators identified interesting Improvement Actions they would need to switch to another application if they wanted to create a ticket and assign it for follow-up. Now with ServiceNow, Microsoft Planner and Microsoft Teams integration into Microsoft Secure Score this experience has been streamlined and automated.

 

“From the very beginning, ServiceNow’s Now Platform was built to help digitize workflows and make work, work better for people,” said Matt Schvimmer, Vice President and General Manager of IT Service Management (ITSM) at ServiceNow. “The integration of ServiceNow’s ITSM capabilities with Microsoft Secure Score helps customers address one of the biggest challenges they face, which is maintaining and maximizing their security posture.”

 

To take advantage of the new functionality you will use the new Share button which has been added to the upper right hand side of the Improvement Action’s details page.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 02 - Secure Score - Share Button.png

 

When the administrator selects the Share button, they will be given several options which include Copy Link, Email, Microsoft Team, Microsoft Planner and Service Now.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 03 - Share Button Clicked.PNG

 

The Service Now option is the first example of the Microsoft 365 security center integrating with a 3rd party product and it makes creating tickets in ServiceNow super easy. Most of the fields will automatically be completed for you and you can edit fields, like priority and due date, before submitting the ticket.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 04 - ServiceNow Selected.PNG

 

Of course, once a Microsoft Secure Score related Service Now ticket has been created security administrators will want to be able to track their status directly from Microsoft 365 security center. To address this, need we’ve added a Card that will enable you view a Microsoft Secure Score scoped listed of ServiceNow tickets.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 05 - ServiceNow Card.PNG

 

Creating tasks in Microsoft Planner and sending messages to a team in Microsoft Teams is just as easy. To create a task in Microsoft Planner just select the Microsoft Planner option from the Share menu, update any fields as necessary, and then select the Create Planner Task button to create it.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 06 - Planner Clicked.png

 

To post a message to a Team in Microsoft Team’s use the same type of process after selecting the Microsoft Team option from the Share menu.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 07 - Teams Clicked.png

 

In addition to the options just mentioned we also added a Copy Link option that administrators can use to copy a link to an Improvement Action’s details page directly into the clipboard. From here it can be pasted in documents and other resources.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 08 - Copy Link.PNG

 

Finally, there is the Email option which enables administrators to automate the process of adding a link to a specific Improvement Action to a draft email.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 09 - Email Clicked.PNG

 

How to Integrate Microsoft Planner and Microsoft Teams with Microsoft Secure Score

One of the beauties of using cloud-based Microsoft products is a lot of auto-magic can happen in the background to get them integrated talking to each other. In the case of Microsoft Planner and Microsoft Teams there is nothing for you to setup.

 

How to Integrate ServiceNow with Microsoft Secure Score

For ServiceNow there is a series of steps that must be completed before Microsoft 365 Security Center and ServiceNow can communicate with one another.

 

The first thing you need to do is install the Security and Compliance Connector for Microsoft 365 from the ServiceNow Store. You can find it by searching for “365”. From here choose the Install button to enable the connector within your ServiceNow instance.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 09.1 - Search for Connector.png

 

Once installed, the connector must be configured so that it can communicate with Microsoft 365 services. To locate the configuration experience for the connector type “365” in ServiceNow’s Filter navigator which can be found on the left-hand side of its navigation experience. From here select Microsoft 365 Connector and then the Installation Checklist option in the navigation.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 11 - Install List Menu.JPG

 

Once the Installation Checklist option has been selected you will be asked to complete a series of steps. The first step is to Create an OAuth Endpoint. To complete this step, you will need to copy the redirect URL’s from the ServiceNow user experience into your clipboard. See the image below for an example of the text you’ll need to copy into your clipboard. Next select the Create OAuth Endpoint button.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 12 - OAuth.JPG

 

Next you will complete the OAuth Endpoint form to define the connection information to your Microsoft 365 services. The Name, Client ID, Client Secret fields will automatically be completed for you. To simplify things for the future change the Name field to “Microsoft 365 Connector”. Next paste in the redirect URLs you copied into the clipboard in the previous step into the Redirect URL field.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 13 - OAuth.JPG

 

Next choose the Submit button complete the OAuth Endpoint form and Step 1 of the process. Once it’s been successfully submitted the Microsoft 365 Installation checklist will indicate its complete as shown in the image below.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 14 - OAuth and User card.JPG

 

For Step 2 you will create a user account in Service Now called an ‘Integration user’. This is the account that Microsoft 365 Security center will use to connect to your ServiceNow instance. Please note this account is created with the minimum set of privileges necessary for Microsoft 365 security center to create and manage the tickets it adds to ServiceNow. Input a username and appropriate password in the Username and Password fields. This will be used shortly in one of the subsequent steps.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 15 - User integration card.JPG

 

Next choose the Create user button complete Step 2. Once the account has been successfully created the Microsoft 365 Installation checklist will indicate so as shown in the image below.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 16 - User integration card.JPG

 

For Step 3 you will need to authorized Microsoft 365 Security center to connect to ServiceNow using the Microsoft 365 Security and Compliance Connector.

 

To do this type “OAuth” in Service Now’s filter navigator on the left-hand navigation. Next click the Application Registry option from menu. From here select the name of OAuth Endpoint that you created in Step 1 to open its details page. Unless you failed to change its name as instructed in one of the previous steps the name should be “Microsoft 365 Connector”.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 17 - OAuth table.JPG

 

From the details page take note of the Client-ID and Client-Secret text as you will need this information in subsequent steps to configure Microsoft 365 security center to communitate with ServiceNow.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 18 - Oauth screen.JPG

 

Next log out of ServiceNow and log back in with the Integration User account created during Step 2 to ensure its accessible.   

 

Now that the ServiceNow side of things is configured and it’s time to set things up things on the Microsoft 365 security center side of the house. Logon to the Microsoft 365 security center and scroll down the page until you see the ServiceNow card. Next select the Connect to ServiceNow button.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 18.1 - Do You Use.png

 

Once on the Provisioning ServiceNow page you will find that you have already completed Steps 1-3 so you can skip down to Step 4. All you need to do at this point is input the values for Client ID and Client Secret that we asked you to take note of during Step 3. From here enter the URL for your ServiceNow tenant into the Instance Name field. Next select Authorize to allow Microsoft 365 Security center to connect to your ServiceNow instance.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 18.2 - Provision SvcNow.png

 

Once authorization is complete you will be prompted to login to ServiceNow. Please user your integrated user login and password here.

 

# 19 Login screen.PNG

 

Once completed you be brought to a ServiceNow screen where you will click Allow.

 

2019 - Microsoft 365 Security Center - Collaboration - Blog - Vibranium - Image 20 - Allow Screen.png

 

Once Allow has been selected you will be brought to a Permissions requested page to accept permissions.

 

#21 Accept image.png

 

Once you Accept, the permissions request you will be brought back to the Provisioning ServiceNow page where you will have the option of mapping Microsoft 365 Security center ticket states to those from ServiceNow. For instance, for the Select which states represent completed change requests

option select the options that makes the most sense for your organziation. Do the same for the Select which states represent completed incidents option.

 

#25 - Connect to SvcNow.png

 

Once done select the Save button and you’ll be ready to start creating Microsoft Secure Score related tickets directly in ServiceNow.

 

Wrapping it up

So, there you have it – a quick introduction of our new Microsoft Secure Score integration with ServiceNow, Microsoft Planner and Microsoft Teams along with the step by step instructions you’ll need to get everything operational within your environment.

 

We encourage you to start taking advantage of this new functionality at the earliest opportunity and we look forward hearing your feedback. More information on Microsoft Secure Score and ServiceNow integration can be found at Microsoft Docs and Managing tickets through ServiceNow respectively.

 

 

 

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Improve your Cloud Security posture with Microsoft Secure Score

Improve your Cloud Security posture with Microsoft Secure Score

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Microsoft Secure Score provides you with an prioritized list of the key controls you can enable to improve the security posture for your environment. The recommendations and best practices it suggests includes those from across Microsoft 365 Security and Azure Microsoft Cloud App Security  which is a Cloud Access Security Broker (CASB), a new generation of security solutions, that is essential to any modern security strategy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across cloud, on-premises and custom apps.

To ensure that customers enable key use cases to detect cloud-native attacks and protect against risky apps in their environment with Microsoft Cloud App Security, we will explore the top 5 most impactful Cloud App Security related Improvement Actions that Microsoft Secure Score has to offer. These will allow you to get the most out of your CASB investment and up-level the security for all your cloud apps, whether they’re Microsoft or 3rd party apps.

 

Get started with these top 5 Improvement Actions for Microsoft Cloud App Security

To maximize Microsoft Cloud App Security’s impact on your overall security posture, here are five of the top improvement actions you should start with:

  1. Use Cloud App Security to detect anomalous behavior
  2. Create a custom activity policy to discover suspicious usage patterns
  3. Discover Shadow IT and application usage
  4. Set automated notifications for new and trending cloud applications in your organization
  5. Review permissions & block risky OAuth applications connected to your environment

 

Use Cloud App Security to detect anomalous behavior

Designed with security professionals in mind, Microsoft Cloud App Security makes it easy to get started. It’s designed for a simple deployment, centralized management, and innovative automation capabilities. When you turn on the Cloud App Security console you can easily connect your apps and instantly leverage numerous built-in threat detection policies. They enable you detect insider threats, compromised accounts and brute force attempts. In addition, Microsoft Cloud App Security provides risk scores for all of the users in your organization, which enables the Security Operations team to prioritize their investigations.

 

1.png

 

Create a custom activity policy to discover suspicious usage patterns

Activity policies enable you to monitor suspicious user activities and be alerted on policy violations such as downloading a large number of files in a short period of time or sharing sensitive files with external users. Microsoft Cloud App Security also allows you to take manual remediation actions or setup automatic remediation to lighten the workload on your SecOps team.

 

Discover Shadow IT and application usage

In today’s modern enterprises, apps run the workplace. While we see an average of 129 IT-managed applications, our CASB discovery data shows that the total number of apps accessed by employees in large organizations exceeds 1,000. In Microsoft Cloud App Security, you have several options to activate the Discovery of Shadow IT, either by a single click enablement via Microsoft Defender Advanced Threat Protection, leveraging lots from your firewall, or using an existing Secure Web Gateway. Once discovered, Microsoft Cloud App Security assesses all apps against more than 90 risk and compliance factors and allows you to manage future access.

 

3.png

 

 

 

Set automated notifications for new and trending cloud applications in your organization

The initial Discovery and assessment of the apps in your organization can be time consuming depending on how many apps are in use. To ensure you can stay on top of the Shadow IT in your organization, it is recommended to implement continuous monitoring. Microsoft Cloud App Security allows you to setup policies to be alerted when new, risky or high-volume apps are discovered in your environment, so you can immediately evaluate and manage them according to the requirements of your organization.

 

 4.png

 

Review permissions & block risky OAuth applications connected to your environment

OAuth is a web-based industry standard protocol that enables users to grant web apps access to their accounts and data without sharing their credentials. The use of OAuth in enterprises is increasing as a result of the continued adoption of cloud-based solutions. While extremely convenient, OAuth introduces a new threat vector to the security of organizations and enables potential back doors into corporate environments when malicious apps are authorized.

Microsoft Cloud App Security enables you to identify all OAUth apps that have been authorized against your corporate apps such as Office 365, GSuite and Salesforce, evaluate their risk and ban them if necessary. You can find additional details in this blog post.

 

5.png

 

 

Wrapping It Up

So, there you have it – a quick tour of the top Microsoft Secure Score related Improvement Actions for in Microsoft Cloud App Security. Start using Microsoft Cloud App Security today to get better visibility into your cloud environment and take control of all your cloud apps. More information on Microsoft Cloud App Security and Microsoft Secure Score can be found at Microsoft Docs (Microsoft Cloud App Security and).

 

More info and feedback

  • Haven’t tried Microsoft Cloud App Security yet? Start a free trial today.
  • As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page.
  • For more resources and information on Microsoft Cloud App Security go to our website.

 

 

 

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Sensitivity labeling now built into Office apps for Windows to help protect sensitive information

Sensitivity labeling now built into Office apps for Windows to help protect sensitive information

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Microsoft Information Protection solutions help you better protect your sensitive information, wherever it lives or travels – across devices, apps, cloud services and on-premises. Our goal is to provide a consistent and comprehensive approach to discovering, classifying, labeling and protecting sensitive data.

 

Earlier this year we released built-in sensitivity labeling in Office apps for Mac, iOS and Android. These capabilities enable users to easily apply sensitivity labels to documents and emails – based on the policies defined by your organization. The built-in labeling experiences are integrated directly into Office apps – there’s no need for any special plugins or add-ons.

 

We’re expanding to additional Office apps, and now sensitivity labeling is available in Office apps for Windows. With this release, end-user driven sensitivity labeling is now available in:

  • New! Office for Windows: Word, PowerPoint, Excel & Outlook
  • Office for Mac: Word, PowerPoint, Excel & Outlook
  • Office mobile apps for iOS: Word, PowerPoint & Excel (Outlook coming soon)
  • Office mobile apps for Android: Word, PowerPoint & Excel (Outlook coming soon)

The labeling experience in Office apps for Windows is similar to the labeling experience on other platforms – making it easy and familiar for your end-users. Once you define and configure your sensitivity labels and policies, the same labels are published out and made available across the supported Office apps.

 

The screenshots below show examples of the end-user experience in Office apps for Windows. Users select the Sensitivity drop-down menu to view the available labels and select the appropriate label. The experience is similar across Word, PowerPoint, Excel and Outlook.

clipboard_image_1.pngApply sensitivity labels in Office apps for Windows – your label policy will apply the configured protection actions, such as encryption, rights restrictions or visual markings.

 

clipboard_image_2.pngApplying sensitivity labels in Outlook for Windows is a similar experience.

 

clipboard_image_3.pngAn email labeled “Highly Confidential” in Outlook for Windows get encrypted, and headers & footers are applied.

Getting started

Similar to publishing labels for use in other Office apps, you need to first configure your organization’s sensitivity labels in the Office 365 Security & Compliance Center or the Microsoft 365 Compliance center. If your organization has sensitivity labels configured in the Azure portal for Azure Information Protection, you will first need to migrate your labels to the Microsoft 365 Compliance center, and then the labels can be used by the supported Office apps. You can find more information on migration steps here.

 

You can also learn more about sensitivity labels in our documentation, and additional details on supported Office apps is including in this article. Sensitivity labeling in Office apps for Windows is rolling out now to customers who have Office 365 E3 or E5 (built-in sensitivity labeling is supported on the Office 365 Pro Plus version of Office), and the rollout is expected to be completed by the end of September or October, 2019.     

    

We’re excited to expand sensitivity labeling to Office for Windows, enabling more comprehensive protection of sensitive information across your environment. We plan to release sensitivity labeling in the Office apps for the Web and Outlook mobile soon. Please check the Microsoft 365 roadmap for the latest information.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Security Policy Advisor for Office 365 ProPlus is now Generally Available!

Security Policy Advisor for Office 365 ProPlus is now Generally Available!

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Hello everyone,

Today we are pleased to announce the general availability of Security Policy Advisor, a new service that can help enterprises improve the security of Office 365 ProPlus clients in their organization.

 

Security Policy Advisor has been in preview for the past few months and we wanted to first thank all our previewers who have evaluated this service and provided us with feedback that has helped us improve the service.

 

Security Policy Advisor enables IT admins who have deployed Office 365 ProPlus to manage the security of their Office applications with confidence by providing the following capabilities:

  • Tailored recommendations for specific security policies that can provide a high value in helping raise the overall security posture of an enterprise and protect against contemporary attacks.
  • Rich data insights about the security and productivity impact of applying a policy recommendation. These insights can help admins weigh the benefits and costs of applying a policy and make a data-informed decision.
  • One-click deployment of policies to end users through the recently released Office cloud policy service that enables admins to enforce Office policies for Office 365 ProPlus clients directly from the cloud. No on-premises infrastructure or MDM services are required.
  • Monitoring and reporting on policy impact, which allows an admin to have visibility into how a security policy is affecting users without having to wait to hear from them.

clipboard_image_0.png

 

 

This service is now generally available and supported for customers with Office 365 ProPlus.

 

Get started today by visiting and signing into the Office client management portal, turning on Security Policy Advisor, and creating Office cloud policy configurations.  For each policy configuration you create and assign to a group of users, Security Policy Advisor will generate recommendations with supporting data that you can review and deploy to users as a policy. Once you have applied a policy, you can continue to monitor its ongoing impact on users through the management portal.

For additional documentation on how to use this new policy service and its capabilities, see Security Policy Advisor for Office 365 ProPlus.

 

This service is just one of many new services which the Office team will be releasing over the next 12+ months.  These services, which shape the foundation of the Office serviceability SDK, are designed to work with 1st and 3rd party management solutions to help administrators simplify and streamline Office deployment and management.

 

As always, please provide feedback using the feedback button to help us improve the service. We look forward to hearing from you and continue improving this service.

 

Thank you! 

 

FAQ:

Note:  Please refer to our documentation for the most up to date information.

 

What are the prerequisites to start using Security Policy Advisor?

For prerequisites, see Requirements for using Security Policy Advisor.

 

How does this relate to a security baseline?

Security baselines are a great starting point for enterprises to configure their applications for security. A new draft of the security baseline for Office 365 ProPlus applications is available here.

 

A security baseline is generic best practice guidance that ultimately needs to be consumed and customized for your enterprise to balance your security and productivity goals. You can use Office cloud policy service to apply the user level policies recommended in the Office security baseline.  Security Policy Advisor complements a security baseline by providing custom recommendations for specific policies that are tailored to your enterprise, helping you to choose a security policy that has the least impact on productivity for your organization.

 

How are the recommendations, productivity and security impact insights generated?

Security Policy Advisor uses the following data to generate recommendations and associated data insights on productivity and security impact:

  1. To create the recommendations and productivity insights, Security Policy Advisor relies on required service data from Office 365 ProPlus . For more information, see Required service data for Office.
  2. If your organization has Office 365 Advanced Threat Protection Plan 2, then Security Policy Advisor can use data from this service to provide insights on recommended policies. These insights will be based on threats that have been detected and stopped by Advanced Threat Protection. For more details on Office 365 Advanced Threat Protection, see Office 365 threat investigation and response.

 For more details, see How Security Policy Advisor creates recommendations.

 

What happens when I turn off Security Policy Advisor?

When you turn off Security Policy Advisor, usage and threat data from your organization are no longer analyzed and no recommendations or insights will be generated.

Admins can control the data collected from their clients using the new privacy controls supported by Office apps. More details are available at Overview of privacy controls for Office 365 ProPlus.

 

What happens if I do not have Office 365 Threat Investigation and Response (via ATP Plan 2)?

If your organization has Office Threat Investigation and Response (via ATP Plan 2), Security Policy Advisor can use data from this service to provide you with information on threats detected and stopped by ATP that the recommended policy can help protect against. This can be great to quantify the actual risk to your organization when you consider applying a recommendation.

If your organization does not have ATP Plan 2, Security Policy Advisor will still show you information on the productivity impact that is helpful in assessing and monitoring impact to end users when applying recommendations.

 

Which admin roles can view recommendations and configure policies?

Only the Global Admin, Security Admin or Desktop Analytics Admin roles are allowed access to create or view policy configurations.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Office 365 ATP offers unparalleled protection from targeted and zero-day attacks over email and other collaboration vectors. Building over the massive threat intelligence signal available in the Microsoft Intelligent Security Graph and pairing it with sophisticated Machine Learning algorithms, Office 365 ATP offers security teams best-in-class prevention, detection and response capabilities to keep their organizations secure with stellar effectiveness and efficiency. And today we’re extremely excited to announce new Automation capabilities in Office 365 ATP that further amplify the efficiency of security teams as they investigate and respond to threats within their organization.

 

The broad intelligence of the Microsoft Security Graph that supports all of the Advanced Threat Protection products from Microsoft and the deep integration between them forms the backbone of Microsoft Threat Protection that offers security teams amazing capabilities to protect their organizations across their users, devices, email, applications, data and infrastructure. And the automation capabilities we’re announcing today further strengthen the overall automation story of Microsoft Threat Protection.

 

Security Dashboard.pngSecurity Dashboard showing summary of automated investigations

 

Challenges faced by SecOps today

 

To set some context, we continue to hear from customers that dealing with incident response quickly and effectively is a big challenge facing their SecOps teams. One key issue is the lack of available resources and expertise needed to analyze signals and respond to incidents in an efficient way. There are just too many alerts to investigate and signals to correlate. And SecOps teams are constantly struggling with budget and time.

 

A typical Security team member goes through the following cycle of investigation day in and day out.

 

A day in the life.png

 

Every single security alert goes through the above process and with the huge volume of alerts that need to be looked at, it can quickly become challenging for security teams to scale. Intelligent correlation of signals and automatic investigation of alerts can significantly reduce the manual effort and time for incident response.

 

Automation can significantly reduce the time, effort and resources needed for incident response

 

Last year, we shared how Office 365 ATP can help security teams become more effective and efficient in the threat investigation and response process. This research from Forrester also revealed huge cost savings when using our Office 365 Threat Intelligence service.

 

Composite Organization.png

 

The new automation capabilities in Office 365 ATP goes even further in being able to bring more effectiveness and efficiency into SecOps flows.

 

Introducing new security playbooks within Office 365 ATP

 

Security playbooks are the foundation of automated incident response. They are the back-end policies that admins can select to trigger automatic investigation. The playbooks are built off our experience with real-world security scenarios. Based on our visibility and experience into the threat landscape we’ve designed these playbooks which tackle the most frequent threats.

 

Security playbooks.pngSecurity playbooks are the foundation of AIR

 

We’re delighted to announce the public preview of two playbooks that help investigate key threats and alerts within Office 365 with recommended actions for containment and mitigation.

 

  • User reports a phishing email— This alert will trigger an automatic investigation using the User Reported Messages Playbook when users use the “Report Message” button to report a phishing email.
  • User clicks on a malicious link— This alert will trigger an automatic investigation using the Weaponized URL playbook when an Office 365 ATP Safe Links protected URL clicked by a user is determined to be malicious through detonation (change in verdict) or if the user overrides (clicks through) the Office 365 ATP Safe Links warning pages.

 

Over the new few weeks and months we’ll continue to add even more playbooks.

Alert automatically.pngAlert automatically triggers investigation when a user reports an email as phish

Investigation graph.pngInvestigation graph showing a summary of relevant emails and users with threats and recommended actions.

You can learn more about how the SecOps teams can use these playbooks in this article.

Watch below:

to see the playbooks in action.

 

Triggering an automated investigation from the Threat Explorer

 

In addition to these playbooks, we’re also adding the ability to manually trigger automated investigations from the Threat Explorer. The Threat Explorer has become an invaluable tool for many security teams to hunt for and investigate threats within the O365 productivity suite as security teams use it to search for bad actors or IOCs. With the new ability to trigger an automatic investigation from within the Threat Explorer, security teams can leverage the efficiency and effectiveness gains that come with automation as part their hunting/investigation flow. This allows them to gain visibility into any potential threat instantly with relevant recommendations.

 

Triggering automated.pngTriggering automated investigations from the Threat Explorer for All email view

 

We’re only getting started

 

Automation for incident response will become a much more important part of an enterprise-grade security solution.  It can help mitigate more threats in real-time, reduce the time for detection and recovery, and ultimately, improve the efficiency, accuracy, and overall security for any organization.  Just as important, it frees up time for the organization’s key security expertise to focus on more complicated problems – getting more out of their most trained experts.

 

The automation capabilities announced today paired with the automation within the Microsoft Defender Advanced Threat Protection offering form the backbone of the powerful integrated automated protection that comes as part of the  Microsoft Threat Protection stack to enable better

detection, more insightful investigations, and more rapid remediation across multiple vectors such as emails, users and devices.

 

This is just the beginning. We’ll be rolling out more playbooks to address the most common threat scenarios. We invite you to try these playbooks out and provide feedback.

 

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Office 365 ATP offers unparalleled protection from targeted and zero-day attacks over email and other collaboration vectors. Building over the massive threat intelligence signal available in the Microsoft Intelligent Security Graph and pairing it with sophisticated Machine Learning algorithms, Office 365 ATP offers security teams best-in-class prevention, detection and response capabilities to keep their organizations secure with stellar effectiveness and efficiency. And today we’re extremely excited to announce new Automation capabilities in Office 365 ATP that further amplify the efficiency of security teams as they investigate and respond to threats within their organization.

 

The broad intelligence of the Microsoft Security Graph that supports all of the Advanced Threat Protection products from Microsoft and the deep integration between them forms the backbone of Microsoft Threat Protection that offers security teams amazing capabilities to protect their organizations across their users, devices, email, applications, data and infrastructure. And the automation capabilities we’re announcing today further strengthen the overall automation story of Microsoft Threat Protection.

 

Security Dashboard.pngSecurity Dashboard showing summary of automated investigations

 

Challenges faced by SecOps today

 

To set some context, we continue to hear from customers that dealing with incident response quickly and effectively is a big challenge facing their SecOps teams. One key issue is the lack of available resources and expertise needed to analyze signals and respond to incidents in an efficient way. There are just too many alerts to investigate and signals to correlate. And SecOps teams are constantly struggling with budget and time.

 

A typical Security team member goes through the following cycle of investigation day in and day out.

 

A day in the life.png

 

Every single security alert goes through the above process and with the huge volume of alerts that need to be looked at, it can quickly become challenging for security teams to scale. Intelligent correlation of signals and automatic investigation of alerts can significantly reduce the manual effort and time for incident response.

 

Automation can significantly reduce the time, effort and resources needed for incident response

 

Last year, we shared how Office 365 ATP can help security teams become more effective and efficient in the threat investigation and response process. This research from Forrester also revealed huge cost savings when using our Office 365 Threat Intelligence service.

 

Composite Organization.png

 

The new automation capabilities in Office 365 ATP goes even further in being able to bring more effectiveness and efficiency into SecOps flows.

 

Introducing new security playbooks within Office 365 ATP

 

Security playbooks are the foundation of automated incident response. They are the back-end policies that admins can select to trigger automatic investigation. The playbooks are built off our experience with real-world security scenarios. Based on our visibility and experience into the threat landscape we’ve designed these playbooks which tackle the most frequent threats.

 

Security playbooks.pngSecurity playbooks are the foundation of AIR

 

We’re delighted to announce the public preview of two playbooks that help investigate key threats and alerts within Office 365 with recommended actions for containment and mitigation.

 

  • User reports a phishing email— This alert will trigger an automatic investigation using the User Reported Messages Playbook when users use the “Report Message” button to report a phishing email.
  • User clicks on a malicious link— This alert will trigger an automatic investigation using the Weaponized URL playbook when an Office 365 ATP Safe Links protected URL clicked by a user is determined to be malicious through detonation (change in verdict) or if the user overrides (clicks through) the Office 365 ATP Safe Links warning pages.

 

Over the new few weeks and months we’ll continue to add even more playbooks.

Alert automatically.pngAlert automatically triggers investigation when a user reports an email as phish

Investigation graph.pngInvestigation graph showing a summary of relevant emails and users with threats and recommended actions.

You can learn more about how the SecOps teams can use these playbooks in this article.

Watch below:

to see the playbooks in action.

 

Triggering an automated investigation from the Threat Explorer

 

In addition to these playbooks, we’re also adding the ability to manually trigger automated investigations from the Threat Explorer. The Threat Explorer has become an invaluable tool for many security teams to hunt for and investigate threats within the O365 productivity suite as security teams use it to search for bad actors or IOCs. With the new ability to trigger an automatic investigation from within the Threat Explorer, security teams can leverage the efficiency and effectiveness gains that come with automation as part their hunting/investigation flow. This allows them to gain visibility into any potential threat instantly with relevant recommendations.

 

Triggering automated.pngTriggering automated investigations from the Threat Explorer for All email view

 

We’re only getting started

 

Automation for incident response will become a much more important part of an enterprise-grade security solution.  It can help mitigate more threats in real-time, reduce the time for detection and recovery, and ultimately, improve the efficiency, accuracy, and overall security for any organization.  Just as important, it frees up time for the organization’s key security expertise to focus on more complicated problems – getting more out of their most trained experts.

 

The automation capabilities announced today paired with the automation within the Microsoft Defender Advanced Threat Protection offering form the backbone of the powerful integrated automated protection that comes as part of the  Microsoft Threat Protection stack to enable better

detection, more insightful investigations, and more rapid remediation across multiple vectors such as emails, users and devices.

 

This is just the beginning. We’ll be rolling out more playbooks to address the most common threat scenarios. We invite you to try these playbooks out and provide feedback.

 

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Office 365 ATP offers unparalleled protection from targeted and zero-day attacks over email and other collaboration vectors. Building over the massive threat intelligence signal available in the Microsoft Intelligent Security Graph and pairing it with sophisticated Machine Learning algorithms, Office 365 ATP offers security teams best-in-class prevention, detection and response capabilities to keep their organizations secure with stellar effectiveness and efficiency. And today we’re extremely excited to announce new Automation capabilities in Office 365 ATP that further amplify the efficiency of security teams as they investigate and respond to threats within their organization.

 

The broad intelligence of the Microsoft Security Graph that supports all of the Advanced Threat Protection products from Microsoft and the deep integration between them forms the backbone of Microsoft Threat Protection that offers security teams amazing capabilities to protect their organizations across their users, devices, email, applications, data and infrastructure. And the automation capabilities we’re announcing today further strengthen the overall automation story of Microsoft Threat Protection.

 

Security Dashboard.pngSecurity Dashboard showing summary of automated investigations

 

Challenges faced by SecOps today

 

To set some context, we continue to hear from customers that dealing with incident response quickly and effectively is a big challenge facing their SecOps teams. One key issue is the lack of available resources and expertise needed to analyze signals and respond to incidents in an efficient way. There are just too many alerts to investigate and signals to correlate. And SecOps teams are constantly struggling with budget and time.

 

A typical Security team member goes through the following cycle of investigation day in and day out.

 

A day in the life.png

 

Every single security alert goes through the above process and with the huge volume of alerts that need to be looked at, it can quickly become challenging for security teams to scale. Intelligent correlation of signals and automatic investigation of alerts can significantly reduce the manual effort and time for incident response.

 

Automation can significantly reduce the time, effort and resources needed for incident response

 

Last year, we shared how Office 365 ATP can help security teams become more effective and efficient in the threat investigation and response process. This research from Forrester also revealed huge cost savings when using our Office 365 Threat Intelligence service.

 

Composite Organization.png

 

The new automation capabilities in Office 365 ATP goes even further in being able to bring more effectiveness and efficiency into SecOps flows.

 

Introducing new security playbooks within Office 365 ATP

 

Security playbooks are the foundation of automated incident response. They are the back-end policies that admins can select to trigger automatic investigation. The playbooks are built off our experience with real-world security scenarios. Based on our visibility and experience into the threat landscape we’ve designed these playbooks which tackle the most frequent threats.

 

Security playbooks.pngSecurity playbooks are the foundation of AIR

 

We’re delighted to announce the public preview of two playbooks that help investigate key threats and alerts within Office 365 with recommended actions for containment and mitigation.

 

  • User reports a phishing email— This alert will trigger an automatic investigation using the User Reported Messages Playbook when users use the “Report Message” button to report a phishing email.
  • User clicks on a malicious link— This alert will trigger an automatic investigation using the Weaponized URL playbook when an Office 365 ATP Safe Links protected URL clicked by a user is determined to be malicious through detonation (change in verdict) or if the user overrides (clicks through) the Office 365 ATP Safe Links warning pages.

 

Over the new few weeks and months we’ll continue to add even more playbooks.

Alert automatically.pngAlert automatically triggers investigation when a user reports an email as phish

Investigation graph.pngInvestigation graph showing a summary of relevant emails and users with threats and recommended actions.

You can learn more about how the SecOps teams can use these playbooks in this article.

Watch below:

to see the playbooks in action.

 

Triggering an automated investigation from the Threat Explorer

 

In addition to these playbooks, we’re also adding the ability to manually trigger automated investigations from the Threat Explorer. The Threat Explorer has become an invaluable tool for many security teams to hunt for and investigate threats within the O365 productivity suite as security teams use it to search for bad actors or IOCs. With the new ability to trigger an automatic investigation from within the Threat Explorer, security teams can leverage the efficiency and effectiveness gains that come with automation as part their hunting/investigation flow. This allows them to gain visibility into any potential threat instantly with relevant recommendations.

 

Triggering automated.pngTriggering automated investigations from the Threat Explorer for All email view

 

We’re only getting started

 

Automation for incident response will become a much more important part of an enterprise-grade security solution.  It can help mitigate more threats in real-time, reduce the time for detection and recovery, and ultimately, improve the efficiency, accuracy, and overall security for any organization.  Just as important, it frees up time for the organization’s key security expertise to focus on more complicated problems – getting more out of their most trained experts.

 

The automation capabilities announced today paired with the automation within the Microsoft Defender Advanced Threat Protection offering form the backbone of the powerful integrated automated protection that comes as part of the  Microsoft Threat Protection stack to enable better

detection, more insightful investigations, and more rapid remediation across multiple vectors such as emails, users and devices.

 

This is just the beginning. We’ll be rolling out more playbooks to address the most common threat scenarios. We invite you to try these playbooks out and provide feedback.

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity