Improve your Cloud Security posture with Microsoft Secure Score

Improve your Cloud Security posture with Microsoft Secure Score

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Microsoft Secure Score provides you with an prioritized list of the key controls you can enable to improve the security posture for your environment. The recommendations and best practices it suggests includes those from across Microsoft 365 Security and Azure Microsoft Cloud App Security  which is a Cloud Access Security Broker (CASB), a new generation of security solutions, that is essential to any modern security strategy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across cloud, on-premises and custom apps.

To ensure that customers enable key use cases to detect cloud-native attacks and protect against risky apps in their environment with Microsoft Cloud App Security, we will explore the top 5 most impactful Cloud App Security related Improvement Actions that Microsoft Secure Score has to offer. These will allow you to get the most out of your CASB investment and up-level the security for all your cloud apps, whether they’re Microsoft or 3rd party apps.

 

Get started with these top 5 Improvement Actions for Microsoft Cloud App Security

To maximize Microsoft Cloud App Security’s impact on your overall security posture, here are five of the top improvement actions you should start with:

  1. Use Cloud App Security to detect anomalous behavior
  2. Create a custom activity policy to discover suspicious usage patterns
  3. Discover Shadow IT and application usage
  4. Set automated notifications for new and trending cloud applications in your organization
  5. Review permissions & block risky OAuth applications connected to your environment

 

Use Cloud App Security to detect anomalous behavior

Designed with security professionals in mind, Microsoft Cloud App Security makes it easy to get started. It’s designed for a simple deployment, centralized management, and innovative automation capabilities. When you turn on the Cloud App Security console you can easily connect your apps and instantly leverage numerous built-in threat detection policies. They enable you detect insider threats, compromised accounts and brute force attempts. In addition, Microsoft Cloud App Security provides risk scores for all of the users in your organization, which enables the Security Operations team to prioritize their investigations.

 

1.png

 

Create a custom activity policy to discover suspicious usage patterns

Activity policies enable you to monitor suspicious user activities and be alerted on policy violations such as downloading a large number of files in a short period of time or sharing sensitive files with external users. Microsoft Cloud App Security also allows you to take manual remediation actions or setup automatic remediation to lighten the workload on your SecOps team.

 

Discover Shadow IT and application usage

In today’s modern enterprises, apps run the workplace. While we see an average of 129 IT-managed applications, our CASB discovery data shows that the total number of apps accessed by employees in large organizations exceeds 1,000. In Microsoft Cloud App Security, you have several options to activate the Discovery of Shadow IT, either by a single click enablement via Microsoft Defender Advanced Threat Protection, leveraging lots from your firewall, or using an existing Secure Web Gateway. Once discovered, Microsoft Cloud App Security assesses all apps against more than 90 risk and compliance factors and allows you to manage future access.

 

3.png

 

 

 

Set automated notifications for new and trending cloud applications in your organization

The initial Discovery and assessment of the apps in your organization can be time consuming depending on how many apps are in use. To ensure you can stay on top of the Shadow IT in your organization, it is recommended to implement continuous monitoring. Microsoft Cloud App Security allows you to setup policies to be alerted when new, risky or high-volume apps are discovered in your environment, so you can immediately evaluate and manage them according to the requirements of your organization.

 

 4.png

 

Review permissions & block risky OAuth applications connected to your environment

OAuth is a web-based industry standard protocol that enables users to grant web apps access to their accounts and data without sharing their credentials. The use of OAuth in enterprises is increasing as a result of the continued adoption of cloud-based solutions. While extremely convenient, OAuth introduces a new threat vector to the security of organizations and enables potential back doors into corporate environments when malicious apps are authorized.

Microsoft Cloud App Security enables you to identify all OAUth apps that have been authorized against your corporate apps such as Office 365, GSuite and Salesforce, evaluate their risk and ban them if necessary. You can find additional details in this blog post.

 

5.png

 

 

Wrapping It Up

So, there you have it – a quick tour of the top Microsoft Secure Score related Improvement Actions for in Microsoft Cloud App Security. Start using Microsoft Cloud App Security today to get better visibility into your cloud environment and take control of all your cloud apps. More information on Microsoft Cloud App Security and Microsoft Secure Score can be found at Microsoft Docs (Microsoft Cloud App Security and).

 

More info and feedback

  • Haven’t tried Microsoft Cloud App Security yet? Start a free trial today.
  • As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page.
  • For more resources and information on Microsoft Cloud App Security go to our website.

 

 

 

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Sensitivity labeling now built into Office apps for Windows to help protect sensitive information

Sensitivity labeling now built into Office apps for Windows to help protect sensitive information

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Microsoft Information Protection solutions help you better protect your sensitive information, wherever it lives or travels – across devices, apps, cloud services and on-premises. Our goal is to provide a consistent and comprehensive approach to discovering, classifying, labeling and protecting sensitive data.

 

Earlier this year we released built-in sensitivity labeling in Office apps for Mac, iOS and Android. These capabilities enable users to easily apply sensitivity labels to documents and emails – based on the policies defined by your organization. The built-in labeling experiences are integrated directly into Office apps – there’s no need for any special plugins or add-ons.

 

We’re expanding to additional Office apps, and now sensitivity labeling is available in Office apps for Windows. With this release, end-user driven sensitivity labeling is now available in:

  • New! Office for Windows: Word, PowerPoint, Excel & Outlook
  • Office for Mac: Word, PowerPoint, Excel & Outlook
  • Office mobile apps for iOS: Word, PowerPoint & Excel (Outlook coming soon)
  • Office mobile apps for Android: Word, PowerPoint & Excel (Outlook coming soon)

The labeling experience in Office apps for Windows is similar to the labeling experience on other platforms – making it easy and familiar for your end-users. Once you define and configure your sensitivity labels and policies, the same labels are published out and made available across the supported Office apps.

 

The screenshots below show examples of the end-user experience in Office apps for Windows. Users select the Sensitivity drop-down menu to view the available labels and select the appropriate label. The experience is similar across Word, PowerPoint, Excel and Outlook.

clipboard_image_1.pngApply sensitivity labels in Office apps for Windows – your label policy will apply the configured protection actions, such as encryption, rights restrictions or visual markings.

 

clipboard_image_2.pngApplying sensitivity labels in Outlook for Windows is a similar experience.

 

clipboard_image_3.pngAn email labeled “Highly Confidential” in Outlook for Windows get encrypted, and headers & footers are applied.

Getting started

Similar to publishing labels for use in other Office apps, you need to first configure your organization’s sensitivity labels in the Office 365 Security & Compliance Center or the Microsoft 365 Compliance center. If your organization has sensitivity labels configured in the Azure portal for Azure Information Protection, you will first need to migrate your labels to the Microsoft 365 Compliance center, and then the labels can be used by the supported Office apps. You can find more information on migration steps here.

 

You can also learn more about sensitivity labels in our documentation, and additional details on supported Office apps is including in this article. Sensitivity labeling in Office apps for Windows is rolling out now to customers who have Office 365 E3 or E5 (built-in sensitivity labeling is supported on the Office 365 Pro Plus version of Office), and the rollout is expected to be completed by the end of September or October, 2019.     

    

We’re excited to expand sensitivity labeling to Office for Windows, enabling more comprehensive protection of sensitive information across your environment. We plan to release sensitivity labeling in the Office apps for the Web and Outlook mobile soon. Please check the Microsoft 365 roadmap for the latest information.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Security Policy Advisor for Office 365 ProPlus is now Generally Available!

Security Policy Advisor for Office 365 ProPlus is now Generally Available!

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Hello everyone,

Today we are pleased to announce the general availability of Security Policy Advisor, a new service that can help enterprises improve the security of Office 365 ProPlus clients in their organization.

 

Security Policy Advisor has been in preview for the past few months and we wanted to first thank all our previewers who have evaluated this service and provided us with feedback that has helped us improve the service.

 

Security Policy Advisor enables IT admins who have deployed Office 365 ProPlus to manage the security of their Office applications with confidence by providing the following capabilities:

  • Tailored recommendations for specific security policies that can provide a high value in helping raise the overall security posture of an enterprise and protect against contemporary attacks.
  • Rich data insights about the security and productivity impact of applying a policy recommendation. These insights can help admins weigh the benefits and costs of applying a policy and make a data-informed decision.
  • One-click deployment of policies to end users through the recently released Office cloud policy service that enables admins to enforce Office policies for Office 365 ProPlus clients directly from the cloud. No on-premises infrastructure or MDM services are required.
  • Monitoring and reporting on policy impact, which allows an admin to have visibility into how a security policy is affecting users without having to wait to hear from them.

clipboard_image_0.png

 

 

This service is now generally available and supported for customers with Office 365 ProPlus.

 

Get started today by visiting and signing into the Office client management portal, turning on Security Policy Advisor, and creating Office cloud policy configurations.  For each policy configuration you create and assign to a group of users, Security Policy Advisor will generate recommendations with supporting data that you can review and deploy to users as a policy. Once you have applied a policy, you can continue to monitor its ongoing impact on users through the management portal.

For additional documentation on how to use this new policy service and its capabilities, see Security Policy Advisor for Office 365 ProPlus.

 

This service is just one of many new services which the Office team will be releasing over the next 12+ months.  These services, which shape the foundation of the Office serviceability SDK, are designed to work with 1st and 3rd party management solutions to help administrators simplify and streamline Office deployment and management.

 

As always, please provide feedback using the feedback button to help us improve the service. We look forward to hearing from you and continue improving this service.

 

Thank you! 

 

FAQ:

Note:  Please refer to our documentation for the most up to date information.

 

What are the prerequisites to start using Security Policy Advisor?

For prerequisites, see Requirements for using Security Policy Advisor.

 

How does this relate to a security baseline?

Security baselines are a great starting point for enterprises to configure their applications for security. A new draft of the security baseline for Office 365 ProPlus applications is available here.

 

A security baseline is generic best practice guidance that ultimately needs to be consumed and customized for your enterprise to balance your security and productivity goals. You can use Office cloud policy service to apply the user level policies recommended in the Office security baseline.  Security Policy Advisor complements a security baseline by providing custom recommendations for specific policies that are tailored to your enterprise, helping you to choose a security policy that has the least impact on productivity for your organization.

 

How are the recommendations, productivity and security impact insights generated?

Security Policy Advisor uses the following data to generate recommendations and associated data insights on productivity and security impact:

  1. To create the recommendations and productivity insights, Security Policy Advisor relies on required service data from Office 365 ProPlus . For more information, see Required service data for Office.
  2. If your organization has Office 365 Advanced Threat Protection Plan 2, then Security Policy Advisor can use data from this service to provide insights on recommended policies. These insights will be based on threats that have been detected and stopped by Advanced Threat Protection. For more details on Office 365 Advanced Threat Protection, see Office 365 threat investigation and response.

 For more details, see How Security Policy Advisor creates recommendations.

 

What happens when I turn off Security Policy Advisor?

When you turn off Security Policy Advisor, usage and threat data from your organization are no longer analyzed and no recommendations or insights will be generated.

Admins can control the data collected from their clients using the new privacy controls supported by Office apps. More details are available at Overview of privacy controls for Office 365 ProPlus.

 

What happens if I do not have Office 365 Threat Investigation and Response (via ATP Plan 2)?

If your organization has Office Threat Investigation and Response (via ATP Plan 2), Security Policy Advisor can use data from this service to provide you with information on threats detected and stopped by ATP that the recommended policy can help protect against. This can be great to quantify the actual risk to your organization when you consider applying a recommendation.

If your organization does not have ATP Plan 2, Security Policy Advisor will still show you information on the productivity impact that is helpful in assessing and monitoring impact to end users when applying recommendations.

 

Which admin roles can view recommendations and configure policies?

Only the Global Admin, Security Admin or Desktop Analytics Admin roles are allowed access to create or view policy configurations.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Office 365 ATP offers unparalleled protection from targeted and zero-day attacks over email and other collaboration vectors. Building over the massive threat intelligence signal available in the Microsoft Intelligent Security Graph and pairing it with sophisticated Machine Learning algorithms, Office 365 ATP offers security teams best-in-class prevention, detection and response capabilities to keep their organizations secure with stellar effectiveness and efficiency. And today we’re extremely excited to announce new Automation capabilities in Office 365 ATP that further amplify the efficiency of security teams as they investigate and respond to threats within their organization.

 

The broad intelligence of the Microsoft Security Graph that supports all of the Advanced Threat Protection products from Microsoft and the deep integration between them forms the backbone of Microsoft Threat Protection that offers security teams amazing capabilities to protect their organizations across their users, devices, email, applications, data and infrastructure. And the automation capabilities we’re announcing today further strengthen the overall automation story of Microsoft Threat Protection.

 

Security Dashboard.pngSecurity Dashboard showing summary of automated investigations

 

Challenges faced by SecOps today

 

To set some context, we continue to hear from customers that dealing with incident response quickly and effectively is a big challenge facing their SecOps teams. One key issue is the lack of available resources and expertise needed to analyze signals and respond to incidents in an efficient way. There are just too many alerts to investigate and signals to correlate. And SecOps teams are constantly struggling with budget and time.

 

A typical Security team member goes through the following cycle of investigation day in and day out.

 

A day in the life.png

 

Every single security alert goes through the above process and with the huge volume of alerts that need to be looked at, it can quickly become challenging for security teams to scale. Intelligent correlation of signals and automatic investigation of alerts can significantly reduce the manual effort and time for incident response.

 

Automation can significantly reduce the time, effort and resources needed for incident response

 

Last year, we shared how Office 365 ATP can help security teams become more effective and efficient in the threat investigation and response process. This research from Forrester also revealed huge cost savings when using our Office 365 Threat Intelligence service.

 

Composite Organization.png

 

The new automation capabilities in Office 365 ATP goes even further in being able to bring more effectiveness and efficiency into SecOps flows.

 

Introducing new security playbooks within Office 365 ATP

 

Security playbooks are the foundation of automated incident response. They are the back-end policies that admins can select to trigger automatic investigation. The playbooks are built off our experience with real-world security scenarios. Based on our visibility and experience into the threat landscape we’ve designed these playbooks which tackle the most frequent threats.

 

Security playbooks.pngSecurity playbooks are the foundation of AIR

 

We’re delighted to announce the public preview of two playbooks that help investigate key threats and alerts within Office 365 with recommended actions for containment and mitigation.

 

  • User reports a phishing email— This alert will trigger an automatic investigation using the User Reported Messages Playbook when users use the “Report Message” button to report a phishing email.
  • User clicks on a malicious link— This alert will trigger an automatic investigation using the Weaponized URL playbook when an Office 365 ATP Safe Links protected URL clicked by a user is determined to be malicious through detonation (change in verdict) or if the user overrides (clicks through) the Office 365 ATP Safe Links warning pages.

 

Over the new few weeks and months we’ll continue to add even more playbooks.

Alert automatically.pngAlert automatically triggers investigation when a user reports an email as phish

Investigation graph.pngInvestigation graph showing a summary of relevant emails and users with threats and recommended actions.

You can learn more about how the SecOps teams can use these playbooks in this article.

Watch below:

to see the playbooks in action.

 

Triggering an automated investigation from the Threat Explorer

 

In addition to these playbooks, we’re also adding the ability to manually trigger automated investigations from the Threat Explorer. The Threat Explorer has become an invaluable tool for many security teams to hunt for and investigate threats within the O365 productivity suite as security teams use it to search for bad actors or IOCs. With the new ability to trigger an automatic investigation from within the Threat Explorer, security teams can leverage the efficiency and effectiveness gains that come with automation as part their hunting/investigation flow. This allows them to gain visibility into any potential threat instantly with relevant recommendations.

 

Triggering automated.pngTriggering automated investigations from the Threat Explorer for All email view

 

We’re only getting started

 

Automation for incident response will become a much more important part of an enterprise-grade security solution.  It can help mitigate more threats in real-time, reduce the time for detection and recovery, and ultimately, improve the efficiency, accuracy, and overall security for any organization.  Just as important, it frees up time for the organization’s key security expertise to focus on more complicated problems – getting more out of their most trained experts.

 

The automation capabilities announced today paired with the automation within the Microsoft Defender Advanced Threat Protection offering form the backbone of the powerful integrated automated protection that comes as part of the  Microsoft Threat Protection stack to enable better

detection, more insightful investigations, and more rapid remediation across multiple vectors such as emails, users and devices.

 

This is just the beginning. We’ll be rolling out more playbooks to address the most common threat scenarios. We invite you to try these playbooks out and provide feedback.

 

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Office 365 ATP offers unparalleled protection from targeted and zero-day attacks over email and other collaboration vectors. Building over the massive threat intelligence signal available in the Microsoft Intelligent Security Graph and pairing it with sophisticated Machine Learning algorithms, Office 365 ATP offers security teams best-in-class prevention, detection and response capabilities to keep their organizations secure with stellar effectiveness and efficiency. And today we’re extremely excited to announce new Automation capabilities in Office 365 ATP that further amplify the efficiency of security teams as they investigate and respond to threats within their organization.

 

The broad intelligence of the Microsoft Security Graph that supports all of the Advanced Threat Protection products from Microsoft and the deep integration between them forms the backbone of Microsoft Threat Protection that offers security teams amazing capabilities to protect their organizations across their users, devices, email, applications, data and infrastructure. And the automation capabilities we’re announcing today further strengthen the overall automation story of Microsoft Threat Protection.

 

Security Dashboard.pngSecurity Dashboard showing summary of automated investigations

 

Challenges faced by SecOps today

 

To set some context, we continue to hear from customers that dealing with incident response quickly and effectively is a big challenge facing their SecOps teams. One key issue is the lack of available resources and expertise needed to analyze signals and respond to incidents in an efficient way. There are just too many alerts to investigate and signals to correlate. And SecOps teams are constantly struggling with budget and time.

 

A typical Security team member goes through the following cycle of investigation day in and day out.

 

A day in the life.png

 

Every single security alert goes through the above process and with the huge volume of alerts that need to be looked at, it can quickly become challenging for security teams to scale. Intelligent correlation of signals and automatic investigation of alerts can significantly reduce the manual effort and time for incident response.

 

Automation can significantly reduce the time, effort and resources needed for incident response

 

Last year, we shared how Office 365 ATP can help security teams become more effective and efficient in the threat investigation and response process. This research from Forrester also revealed huge cost savings when using our Office 365 Threat Intelligence service.

 

Composite Organization.png

 

The new automation capabilities in Office 365 ATP goes even further in being able to bring more effectiveness and efficiency into SecOps flows.

 

Introducing new security playbooks within Office 365 ATP

 

Security playbooks are the foundation of automated incident response. They are the back-end policies that admins can select to trigger automatic investigation. The playbooks are built off our experience with real-world security scenarios. Based on our visibility and experience into the threat landscape we’ve designed these playbooks which tackle the most frequent threats.

 

Security playbooks.pngSecurity playbooks are the foundation of AIR

 

We’re delighted to announce the public preview of two playbooks that help investigate key threats and alerts within Office 365 with recommended actions for containment and mitigation.

 

  • User reports a phishing email— This alert will trigger an automatic investigation using the User Reported Messages Playbook when users use the “Report Message” button to report a phishing email.
  • User clicks on a malicious link— This alert will trigger an automatic investigation using the Weaponized URL playbook when an Office 365 ATP Safe Links protected URL clicked by a user is determined to be malicious through detonation (change in verdict) or if the user overrides (clicks through) the Office 365 ATP Safe Links warning pages.

 

Over the new few weeks and months we’ll continue to add even more playbooks.

Alert automatically.pngAlert automatically triggers investigation when a user reports an email as phish

Investigation graph.pngInvestigation graph showing a summary of relevant emails and users with threats and recommended actions.

You can learn more about how the SecOps teams can use these playbooks in this article.

Watch below:

to see the playbooks in action.

 

Triggering an automated investigation from the Threat Explorer

 

In addition to these playbooks, we’re also adding the ability to manually trigger automated investigations from the Threat Explorer. The Threat Explorer has become an invaluable tool for many security teams to hunt for and investigate threats within the O365 productivity suite as security teams use it to search for bad actors or IOCs. With the new ability to trigger an automatic investigation from within the Threat Explorer, security teams can leverage the efficiency and effectiveness gains that come with automation as part their hunting/investigation flow. This allows them to gain visibility into any potential threat instantly with relevant recommendations.

 

Triggering automated.pngTriggering automated investigations from the Threat Explorer for All email view

 

We’re only getting started

 

Automation for incident response will become a much more important part of an enterprise-grade security solution.  It can help mitigate more threats in real-time, reduce the time for detection and recovery, and ultimately, improve the efficiency, accuracy, and overall security for any organization.  Just as important, it frees up time for the organization’s key security expertise to focus on more complicated problems – getting more out of their most trained experts.

 

The automation capabilities announced today paired with the automation within the Microsoft Defender Advanced Threat Protection offering form the backbone of the powerful integrated automated protection that comes as part of the  Microsoft Threat Protection stack to enable better

detection, more insightful investigations, and more rapid remediation across multiple vectors such as emails, users and devices.

 

This is just the beginning. We’ll be rolling out more playbooks to address the most common threat scenarios. We invite you to try these playbooks out and provide feedback.

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Office 365 ATP offers unparalleled protection from targeted and zero-day attacks over email and other collaboration vectors. Building over the massive threat intelligence signal available in the Microsoft Intelligent Security Graph and pairing it with sophisticated Machine Learning algorithms, Office 365 ATP offers security teams best-in-class prevention, detection and response capabilities to keep their organizations secure with stellar effectiveness and efficiency. And today we’re extremely excited to announce new Automation capabilities in Office 365 ATP that further amplify the efficiency of security teams as they investigate and respond to threats within their organization.

 

The broad intelligence of the Microsoft Security Graph that supports all of the Advanced Threat Protection products from Microsoft and the deep integration between them forms the backbone of Microsoft Threat Protection that offers security teams amazing capabilities to protect their organizations across their users, devices, email, applications, data and infrastructure. And the automation capabilities we’re announcing today further strengthen the overall automation story of Microsoft Threat Protection.

 

Security Dashboard.pngSecurity Dashboard showing summary of automated investigations

 

Challenges faced by SecOps today

 

To set some context, we continue to hear from customers that dealing with incident response quickly and effectively is a big challenge facing their SecOps teams. One key issue is the lack of available resources and expertise needed to analyze signals and respond to incidents in an efficient way. There are just too many alerts to investigate and signals to correlate. And SecOps teams are constantly struggling with budget and time.

 

A typical Security team member goes through the following cycle of investigation day in and day out.

 

A day in the life.png

 

Every single security alert goes through the above process and with the huge volume of alerts that need to be looked at, it can quickly become challenging for security teams to scale. Intelligent correlation of signals and automatic investigation of alerts can significantly reduce the manual effort and time for incident response.

 

Automation can significantly reduce the time, effort and resources needed for incident response

 

Last year, we shared how Office 365 ATP can help security teams become more effective and efficient in the threat investigation and response process. This research from Forrester also revealed huge cost savings when using our Office 365 Threat Intelligence service.

 

Composite Organization.png

 

The new automation capabilities in Office 365 ATP goes even further in being able to bring more effectiveness and efficiency into SecOps flows.

 

Introducing new security playbooks within Office 365 ATP

 

Security playbooks are the foundation of automated incident response. They are the back-end policies that admins can select to trigger automatic investigation. The playbooks are built off our experience with real-world security scenarios. Based on our visibility and experience into the threat landscape we’ve designed these playbooks which tackle the most frequent threats.

 

Security playbooks.pngSecurity playbooks are the foundation of AIR

 

We’re delighted to announce the public preview of two playbooks that help investigate key threats and alerts within Office 365 with recommended actions for containment and mitigation.

 

  • User reports a phishing email— This alert will trigger an automatic investigation using the User Reported Messages Playbook when users use the “Report Message” button to report a phishing email.
  • User clicks on a malicious link— This alert will trigger an automatic investigation using the Weaponized URL playbook when an Office 365 ATP Safe Links protected URL clicked by a user is determined to be malicious through detonation (change in verdict) or if the user overrides (clicks through) the Office 365 ATP Safe Links warning pages.

 

Over the new few weeks and months we’ll continue to add even more playbooks.

Alert automatically.pngAlert automatically triggers investigation when a user reports an email as phish

Investigation graph.pngInvestigation graph showing a summary of relevant emails and users with threats and recommended actions.

You can learn more about how the SecOps teams can use these playbooks in this article.

Watch below:

to see the playbooks in action.

 

Triggering an automated investigation from the Threat Explorer

 

In addition to these playbooks, we’re also adding the ability to manually trigger automated investigations from the Threat Explorer. The Threat Explorer has become an invaluable tool for many security teams to hunt for and investigate threats within the O365 productivity suite as security teams use it to search for bad actors or IOCs. With the new ability to trigger an automatic investigation from within the Threat Explorer, security teams can leverage the efficiency and effectiveness gains that come with automation as part their hunting/investigation flow. This allows them to gain visibility into any potential threat instantly with relevant recommendations.

 

Triggering automated.pngTriggering automated investigations from the Threat Explorer for All email view

 

We’re only getting started

 

Automation for incident response will become a much more important part of an enterprise-grade security solution.  It can help mitigate more threats in real-time, reduce the time for detection and recovery, and ultimately, improve the efficiency, accuracy, and overall security for any organization.  Just as important, it frees up time for the organization’s key security expertise to focus on more complicated problems – getting more out of their most trained experts.

 

The automation capabilities announced today paired with the automation within the Microsoft Defender Advanced Threat Protection offering form the backbone of the powerful integrated automated protection that comes as part of the  Microsoft Threat Protection stack to enable better

detection, more insightful investigations, and more rapid remediation across multiple vectors such as emails, users and devices.

 

This is just the beginning. We’ll be rolling out more playbooks to address the most common threat scenarios. We invite you to try these playbooks out and provide feedback.

 

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Office 365 ATP offers unparalleled protection from targeted and zero-day attacks over email and other collaboration vectors. Building over the massive threat intelligence signal available in the Microsoft Intelligent Security Graph and pairing it with sophisticated Machine Learning algorithms, Office 365 ATP offers security teams best-in-class prevention, detection and response capabilities to keep their organizations secure with stellar effectiveness and efficiency. And today we’re extremely excited to announce new Automation capabilities in Office 365 ATP that further amplify the efficiency of security teams as they investigate and respond to threats within their organization.

 

The broad intelligence of the Microsoft Security Graph that supports all of the Advanced Threat Protection products from Microsoft and the deep integration between them forms the backbone of Microsoft Threat Protection that offers security teams amazing capabilities to protect their organizations across their users, devices, email, applications, data and infrastructure. And the automation capabilities we’re announcing today further strengthen the overall automation story of Microsoft Threat Protection.

 

Security Dashboard.pngSecurity Dashboard showing summary of automated investigations

 

Challenges faced by SecOps today

 

To set some context, we continue to hear from customers that dealing with incident response quickly and effectively is a big challenge facing their SecOps teams. One key issue is the lack of available resources and expertise needed to analyze signals and respond to incidents in an efficient way. There are just too many alerts to investigate and signals to correlate. And SecOps teams are constantly struggling with budget and time.

 

A typical Security team member goes through the following cycle of investigation day in and day out.

 

A day in the life.png

 

Every single security alert goes through the above process and with the huge volume of alerts that need to be looked at, it can quickly become challenging for security teams to scale. Intelligent correlation of signals and automatic investigation of alerts can significantly reduce the manual effort and time for incident response.

 

Automation can significantly reduce the time, effort and resources needed for incident response

 

Last year, we shared how Office 365 ATP can help security teams become more effective and efficient in the threat investigation and response process. This research from Forrester also revealed huge cost savings when using our Office 365 Threat Intelligence service.

 

Composite Organization.png

 

The new automation capabilities in Office 365 ATP goes even further in being able to bring more effectiveness and efficiency into SecOps flows.

 

Introducing new security playbooks within Office 365 ATP

 

Security playbooks are the foundation of automated incident response. They are the back-end policies that admins can select to trigger automatic investigation. The playbooks are built off our experience with real-world security scenarios. Based on our visibility and experience into the threat landscape we’ve designed these playbooks which tackle the most frequent threats.

 

Security playbooks.pngSecurity playbooks are the foundation of AIR

 

We’re delighted to announce the public preview of two playbooks that help investigate key threats and alerts within Office 365 with recommended actions for containment and mitigation.

 

  • User reports a phishing email— This alert will trigger an automatic investigation using the User Reported Messages Playbook when users use the “Report Message” button to report a phishing email.
  • User clicks on a malicious link— This alert will trigger an automatic investigation using the Weaponized URL playbook when an Office 365 ATP Safe Links protected URL clicked by a user is determined to be malicious through detonation (change in verdict) or if the user overrides (clicks through) the Office 365 ATP Safe Links warning pages.

 

Over the new few weeks and months we’ll continue to add even more playbooks.

Alert automatically.pngAlert automatically triggers investigation when a user reports an email as phish

Investigation graph.pngInvestigation graph showing a summary of relevant emails and users with threats and recommended actions.

You can learn more about how the SecOps teams can use these playbooks in this article.

Watch below:

to see the playbooks in action.

 

Triggering an automated investigation from the Threat Explorer

 

In addition to these playbooks, we’re also adding the ability to manually trigger automated investigations from the Threat Explorer. The Threat Explorer has become an invaluable tool for many security teams to hunt for and investigate threats within the O365 productivity suite as security teams use it to search for bad actors or IOCs. With the new ability to trigger an automatic investigation from within the Threat Explorer, security teams can leverage the efficiency and effectiveness gains that come with automation as part their hunting/investigation flow. This allows them to gain visibility into any potential threat instantly with relevant recommendations.

 

Triggering automated.pngTriggering automated investigations from the Threat Explorer for All email view

 

We’re only getting started

 

Automation for incident response will become a much more important part of an enterprise-grade security solution.  It can help mitigate more threats in real-time, reduce the time for detection and recovery, and ultimately, improve the efficiency, accuracy, and overall security for any organization.  Just as important, it frees up time for the organization’s key security expertise to focus on more complicated problems – getting more out of their most trained experts.

 

The automation capabilities announced today paired with the automation within the Microsoft Defender Advanced Threat Protection offering form the backbone of the powerful integrated automated protection that comes as part of the  Microsoft Threat Protection stack to enable better

detection, more insightful investigations, and more rapid remediation across multiple vectors such as emails, users and devices.

 

This is just the beginning. We’ll be rolling out more playbooks to address the most common threat scenarios. We invite you to try these playbooks out and provide feedback.

 

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Bolster efficiency of security teams with new Automated Incident Response in Office 365 ATP

Office 365 ATP offers unparalleled protection from targeted and zero-day attacks over email and other collaboration vectors. Building over the massive threat intelligence signal available in the Microsoft Intelligent Security Graph and pairing it with sophisticated Machine Learning algorithms, Office 365 ATP offers security teams best-in-class prevention, detection and response capabilities to keep their organizations secure with stellar effectiveness and efficiency. And today we’re extremely excited to announce new Automation capabilities in Office 365 ATP that further amplify the efficiency of security teams as they investigate and respond to threats within their organization.

 

The broad intelligence of the Microsoft Security Graph that supports all of the Advanced Threat Protection products from Microsoft and the deep integration between them forms the backbone of Microsoft Threat Protection that offers security teams amazing capabilities to protect their organizations across their users, devices, email, applications, data and infrastructure. And the automation capabilities we’re announcing today further strengthen the overall automation story of Microsoft Threat Protection.

 

Security Dashboard.pngSecurity Dashboard showing summary of automated investigations

 

Challenges faced by SecOps today

 

To set some context, we continue to hear from customers that dealing with incident response quickly and effectively is a big challenge facing their SecOps teams. One key issue is the lack of available resources and expertise needed to analyze signals and respond to incidents in an efficient way. There are just too many alerts to investigate and signals to correlate. And SecOps teams are constantly struggling with budget and time.

 

A typical Security team member goes through the following cycle of investigation day in and day out.

 

A day in the life.png

 

Every single security alert goes through the above process and with the huge volume of alerts that need to be looked at, it can quickly become challenging for security teams to scale. Intelligent correlation of signals and automatic investigation of alerts can significantly reduce the manual effort and time for incident response.

 

Automation can significantly reduce the time, effort and resources needed for incident response

 

Last year, we shared how Office 365 ATP can help security teams become more effective and efficient in the threat investigation and response process. This research from Forrester also revealed huge cost savings when using our Office 365 Threat Intelligence service.

 

Composite Organization.png

 

The new automation capabilities in Office 365 ATP goes even further in being able to bring more effectiveness and efficiency into SecOps flows.

 

Introducing new security playbooks within Office 365 ATP

 

Security playbooks are the foundation of automated incident response. They are the back-end policies that admins can select to trigger automatic investigation. The playbooks are built off our experience with real-world security scenarios. Based on our visibility and experience into the threat landscape we’ve designed these playbooks which tackle the most frequent threats.

 

Security playbooks.pngSecurity playbooks are the foundation of AIR

 

We’re delighted to announce the public preview of two playbooks that help investigate key threats and alerts within Office 365 with recommended actions for containment and mitigation.

 

  • User reports a phishing email— This alert will trigger an automatic investigation using the User Reported Messages Playbook when users use the “Report Message” button to report a phishing email.
  • User clicks on a malicious link— This alert will trigger an automatic investigation using the Weaponized URL playbook when an Office 365 ATP Safe Links protected URL clicked by a user is determined to be malicious through detonation (change in verdict) or if the user overrides (clicks through) the Office 365 ATP Safe Links warning pages.

 

Over the new few weeks and months we’ll continue to add even more playbooks.

Alert automatically.pngAlert automatically triggers investigation when a user reports an email as phish

Investigation graph.pngInvestigation graph showing a summary of relevant emails and users with threats and recommended actions.

You can learn more about how the SecOps teams can use these playbooks in this article.

Watch below:

to see the playbooks in action.

 

Triggering an automated investigation from the Threat Explorer

 

In addition to these playbooks, we’re also adding the ability to manually trigger automated investigations from the Threat Explorer. The Threat Explorer has become an invaluable tool for many security teams to hunt for and investigate threats within the O365 productivity suite as security teams use it to search for bad actors or IOCs. With the new ability to trigger an automatic investigation from within the Threat Explorer, security teams can leverage the efficiency and effectiveness gains that come with automation as part their hunting/investigation flow. This allows them to gain visibility into any potential threat instantly with relevant recommendations.

 

Triggering automated.pngTriggering automated investigations from the Threat Explorer for All email view

 

We’re only getting started

 

Automation for incident response will become a much more important part of an enterprise-grade security solution.  It can help mitigate more threats in real-time, reduce the time for detection and recovery, and ultimately, improve the efficiency, accuracy, and overall security for any organization.  Just as important, it frees up time for the organization’s key security expertise to focus on more complicated problems – getting more out of their most trained experts.

 

The automation capabilities announced today paired with the automation within the Microsoft Defender Advanced Threat Protection offering form the backbone of the powerful integrated automated protection that comes as part of the  Microsoft Threat Protection stack to enable better

detection, more insightful investigations, and more rapid remediation across multiple vectors such as emails, users and devices.

 

This is just the beginning. We’ll be rolling out more playbooks to address the most common threat scenarios. We invite you to try these playbooks out and provide feedback.

 

Exchange Online Mailbox Auditing Enabled By Default

Exchange Mailbox Auditing has now been enabled by default and rolled out worldwide, with the rollout to Unified Audit Log in Security and Compliance Center still in progress. If you are an Office 365 Customer, you should be able to search and retrieve your audit data with Search-MailboxAuditLog.  

 

As part of this change, we are also introducing the DefaultAuditSet parameter which would help you get back to the default set of verbs. DefaultAuditSet can be used to set the different action sets (Owner, Admin, Delegate) back to the service default audit events on a per-mailbox basis. 

 

As an example, If you want to bring Owner action sets back to default for a mailbox which was on custom events for all action sets, you perform the following operations:  

 

Set-Mailbox [username] -DefaultAuditSet Owner 

 

Now if you verify this through Get-Mailbox, you will be able to see that AuditOwner is set to the default set of actions:  

 

Get-Mailbox [username] | fl AuditOwner, AuditAdmin, AuditDelegate 

Output: 

AuditOwner      : {Update, MoveToDeletedItems, SoftDelete, HardDelete, UpdateFolderPermissions, UpdateInboxRules, UpdateCalendarDelegation} 

AuditAdmin      : {Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, 

                                UpdateCalendarDelegation} 

AuditDelegate   : {Move} 

 

To remove a mailbox from the default audit set event, you can go ahead, and add custom actions to the mailbox. This would remove it from the default set of actions. However, this would also mean, that any future audit events added to the default set would not be available automatically by default, and would need to be added manually.  

 

Find more information:

Exchange Online Mailbox Auditing Enabled By Default

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Exchange Mailbox Auditing has now been enabled by default and rolled out worldwide, with the rollout to Unified Audit Log in Security and Compliance Center still in progress. If you are an Office 365 Customer, you should be able to search and retrieve your audit data with Search-MailboxAuditLog.  

 

As part of this change, we are also introducing the DefaultAuditSet parameter which would help you get back to the default set of verbs. DefaultAuditSet can be used to set the different action sets (Owner, Admin, Delegate) back to the service default audit events on a per-mailbox basis. 

 

As an example, If you want to bring Owner action sets back to default for a mailbox which was on custom events for all action sets, you perform the following operations:  

 

Set-Mailbox [username] -DefaultAuditSet Owner 

 

Now if you verify this through Get-Mailbox, you will be able to see that AuditOwner is set to the default set of actions:  

 

Get-Mailbox [username] | fl AuditOwner, AuditAdmin, AuditDelegate 

Output: 

AuditOwner      : {Update, MoveToDeletedItems, SoftDelete, HardDelete, UpdateFolderPermissions, UpdateInboxRules, UpdateCalendarDelegation} 

AuditAdmin      : {Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, 

                                UpdateCalendarDelegation} 

AuditDelegate   : {Move} 

 

To remove a mailbox from the default audit set event, you can go ahead, and add custom actions to the mailbox. This would remove it from the default set of actions. However, this would also mean, that any future audit events added to the default set would not be available automatically by default, and would need to be added manually.  

 

Find more information:

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Exchange Online Mailbox Auditing Enabled By Default

Exchange Mailbox Auditing has now been enabled by default and rolled out worldwide, with the rollout to Unified Audit Log in Security and Compliance Center still in progress. If you are an Office 365 Customer, you should be able to search and retrieve your audit data with Search-MailboxAuditLog.  

 

As part of this change, we are also introducing the DefaultAuditSet parameter which would help you get back to the default set of verbs. DefaultAuditSet can be used to set the different action sets (Owner, Admin, Delegate) back to the service default audit events on a per-mailbox basis. 

 

As an example, If you want to bring Owner action sets back to default for a mailbox which was on custom events for all action sets, you perform the following operations:  

 

Set-Mailbox [username] -DefaultAuditSet Owner 

 

Now if you verify this through Get-Mailbox, you will be able to see that AuditOwner is set to the default set of actions:  

 

Get-Mailbox [username] | fl AuditOwner, AuditAdmin, AuditDelegate 

Output: 

AuditOwner      : {Update, MoveToDeletedItems, SoftDelete, HardDelete, UpdateFolderPermissions, UpdateInboxRules, UpdateCalendarDelegation} 

AuditAdmin      : {Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, 

                                UpdateCalendarDelegation} 

AuditDelegate   : {Move} 

 

To remove a mailbox from the default audit set event, you can go ahead, and add custom actions to the mailbox. This would remove it from the default set of actions. However, this would also mean, that any future audit events added to the default set would not be available automatically by default, and would need to be added manually.  

 

Find more information:

Exchange Online Mailbox Auditing Enabled By Default

Exchange Mailbox Auditing has now been enabled by default and rolled out worldwide, with the rollout to Unified Audit Log in Security and Compliance Center still in progress. If you are an Office 365 Customer, you should be able to search and retrieve your audit data with Search-MailboxAuditLog.  

 

As part of this change, we are also introducing the DefaultAuditSet parameter which would help you get back to the default set of verbs. DefaultAuditSet can be used to set the different action sets (Owner, Admin, Delegate) back to the service default audit events on a per-mailbox basis. 

 

As an example, If you want to bring Owner action sets back to default for a mailbox which was on custom events for all action sets, you perform the following operations:  

 

Set-Mailbox [username] -DefaultAuditSet Owner 

 

Now if you verify this through Get-Mailbox, you will be able to see that AuditOwner is set to the default set of actions:  

 

Get-Mailbox [username] | fl AuditOwner, AuditAdmin, AuditDelegate 

Output: 

AuditOwner      : {Update, MoveToDeletedItems, SoftDelete, HardDelete, UpdateFolderPermissions, UpdateInboxRules, UpdateCalendarDelegation} 

AuditAdmin      : {Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, 

                                UpdateCalendarDelegation} 

AuditDelegate   : {Move} 

 

To remove a mailbox from the default audit set event, you can go ahead, and add custom actions to the mailbox. This would remove it from the default set of actions. However, this would also mean, that any future audit events added to the default set would not be available automatically by default, and would need to be added manually.  

 

Find more information:

Exchange Online Mailbox Auditing Enabled By Default

Exchange Mailbox Auditing has now been enabled by default and rolled out worldwide, with the rollout to Unified Audit Log in Security and Compliance Center still in progress. If you are an Office 365 Customer, you should be able to search and retrieve your audit data with Search-MailboxAuditLog.  

 

As part of this change, we are also introducing the DefaultAuditSet parameter which would help you get back to the default set of verbs. DefaultAuditSet can be used to set the different action sets (Owner, Admin, Delegate) back to the service default audit events on a per-mailbox basis. 

 

As an example, If you want to bring Owner action sets back to default for a mailbox which was on custom events for all action sets, you perform the following operations:  

 

Set-Mailbox [username] -DefaultAuditSet Owner 

 

Now if you verify this through Get-Mailbox, you will be able to see that AuditOwner is set to the default set of actions:  

 

Get-Mailbox [username] | fl AuditOwner, AuditAdmin, AuditDelegate 

Output: 

AuditOwner      : {Update, MoveToDeletedItems, SoftDelete, HardDelete, UpdateFolderPermissions, UpdateInboxRules, UpdateCalendarDelegation} 

AuditAdmin      : {Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, 

                                UpdateCalendarDelegation} 

AuditDelegate   : {Move} 

 

To remove a mailbox from the default audit set event, you can go ahead, and add custom actions to the mailbox. This would remove it from the default set of actions. However, this would also mean, that any future audit events added to the default set would not be available automatically by default, and would need to be added manually.  

 

Find more information:

Your specialized compliance workspace – Microsoft 365 compliance center

Your specialized compliance workspace – Microsoft 365 compliance center

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

With electronic data growing exponentially across the digital estate and the increased number of new privacy regulations emerging, consumers are more aware of their privacy rights now more than ever. Compliance and privacy professionals need more tools to help them safeguard sensitive information and reduce compliance risks. To empower organizations to more effectively and efficiently take control of their data privacy, we introduced the new Microsoft 365 compliance center in January and are excited to announce its general availability today!

 

The new Microsoft 365 compliance center enables you to assess compliance risks and posture, protect and govern your data, and respond to data discovery requests in a timely manner. Here, we highlight several key compliance capabilities in the three scenarios below.

 

Simplify assessment of compliance risks and posture with actionable insights

On the Microsoft 365 compliance center homepage, you can easily find actionable insights in the Assess, Protect, and Respond sections with signals across the Microsoft 365 feature set. The homepage is the go-to dashboard for compliance and privacy teams to examine their organization’s data compliance posture.

 

To help with your regulatory compliance, we’ve brought in score insights from Compliance Manager, a cloud-based tool that helps you perform on-going risk assessments, and provides step-by-step guidance on implementing compliance controls. It also tracks and records your compliance activities to help you prepare for internal and external audits. On the Compliance Manager card, you can find a quick summary of your current compliance posture for regulations and standards including: GDPR, ISO 27001, and NIST 800-53. From here, you can visit Compliance Manager to improve your Microsoft Compliance Score.

 

M365 Compliance Center homepage.png

 

In addition to the score, you can also find insights from Microsoft Cloud App Security (MCAS) including: third-party application usage, application compliance statuses, both the users and files shared most from cloud applications, and shadow IT applications as well. Additionally, with signals from Data Loss Prevention, you can quickly examine your DLP policy matches and create new policies to protect your sensitive data.

 

Integrated protection and governance of sensitive data across devices, apps, and cloud services

To help you better protect your digital estate across devices, apps, and cloud services, we aggregated the signals for risky compliance activities in your organization’s environment, and helped you highlight the high severity ones with details so that you take the appropriate actions to remediate risks.

 

M365 Compliance Center - alerts(2).png

 

Within the new compliance center, you can also classify your most important data with sensitivity and retention labels, and configure protection and governance policies with a unified experience. Additionally, the Label analytics functionality in public preview gives you label insights across your Office 365 and non-Office 365 workloads, helping you analyze and validate your label usage.

 

M365 Compliance Center - label analytics.png

 

Under the solutions area, you can easily access compliance features that help you better govern your data. The disposition review under Data governance helps you review the content when it reaches the end of its retention period, for you to make a final decision about keeping or deleting the data. Additionally, Supervision helps organization meet communication-monitoring requirements to address internal policies or regulatory compliance. You can establish policies with intelligent conditions and identify Teams or users and the related channels or chat messages to be included in the supervision policy. Supervisors can then review content with the new built-in review experience to tag, escalate, and bulk resolve.

 

Supervision in cc screenshots.jpg

 

Intelligently respond to data discovery requests by leveraging AI to find the most relevant data

The cost of compliance has continuously increased in the past few years due to new regulations like GDPR, and the growing amount of electronic data. Organizations need assistance to discover the most relevant data to respond to regulatory requests like the Data Subject Access Requests (DSARs).

In the new Microsoft 365 compliance center, you can access the Data Subject Requests tool to create DSR cases and identify your employees’ personal data with built-in content search capabilities. With Advanced eDiscovery, you can reduce the cost and risk of common eDiscovery processes with custodian management, hold notifications, working sets and review and redact functionality built into Microsoft 365 directly.

 

M365 Compliance Center - DSR.png

 

In addition to data discovery, Microsoft 365 compliance center also provides you with access to data investigations solution in preview, which helps organizations to search for leaked or unprotected sensitive data and take actions like deleting emails or documents to remediate risks.

 

We will keep adding more compliance solutions like audit log search, content search, retention policies, archiving and more in the Microsoft 365 compliance center soon to reach parity with the solutions we provide in Office 365 Security & Compliance Center. Please don’t hesitate to give us feedback from the feedback button in the new center.

 

Get started today

To get the new Microsoft 365 security center and Microsoft 365 compliance center, your organization must have a subscription to Microsoft 365 E3 or E5, or a Volume Licensing equivalent (which consists of Office 365 Enterprise E3 or E5, Enterprise Mobility + Security E3 or E5, and Windows 10 Enterprise E3/E5). We plan to expand access to additional subscriptions and license types later in the year. Users must be assigned the Global Administrator, Compliance Administrator, or Compliance Data Administrator role in Azure Active Directory to access the new Microsoft 365 compliance center.

 

You can start using the Microsoft 365 compliance center today by visiting compliance.microsoft.com or through the Microsoft 365 admin center. Learn more about the new experience in our technical supporting document.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Your specialized compliance workspace – Microsoft 365 compliance center

Your specialized compliance workspace – Microsoft 365 compliance center

With electronic data growing exponentially across the digital estate and the increased number of new privacy regulations emerging, consumers are more aware of their privacy rights now more than ever. Compliance and privacy professionals need more tools to help them safeguard sensitive information and reduce compliance risks. To empower organizations to more effectively and efficiently take control of their data privacy, we introduced the new Microsoft 365 compliance center in January and are excited to announce its general availability today!

 

The new Microsoft 365 compliance center enables you to assess compliance risks and posture, protect and govern your data, and respond to data discovery requests in a timely manner. Here, we highlight several key compliance capabilities in the three scenarios below.

 

Simplify assessment of compliance risks and posture with actionable insights

On the Microsoft 365 compliance center homepage, you can easily find actionable insights in the Assess, Protect, and Respond sections with signals across the Microsoft 365 feature set. The homepage is the go-to dashboard for compliance and privacy teams to examine their organization’s data compliance posture.

 

To help with your regulatory compliance, we’ve brought in score insights from Compliance Manager, a cloud-based tool that helps you perform on-going risk assessments, and provides step-by-step guidance on implementing compliance controls. It also tracks and records your compliance activities to help you prepare for internal and external audits. On the Compliance Manager card, you can find a quick summary of your current compliance posture for regulations and standards including: GDPR, ISO 27001, and NIST 800-53. From here, you can visit Compliance Manager to improve your Microsoft Compliance Score.

 

M365 Compliance Center homepage.png

 

In addition to the score, you can also find insights from Microsoft Cloud App Security (MCAS) including: third-party application usage, application compliance statuses, both the users and files shared most from cloud applications, and shadow IT applications as well. Additionally, with signals from Data Loss Prevention, you can quickly examine your DLP policy matches and create new policies to protect your sensitive data.

 

Integrated protection and governance of sensitive data across devices, apps, and cloud services

To help you better protect your digital estate across devices, apps, and cloud services, we aggregated the signals for risky compliance activities in your organization’s environment, and helped you highlight the high severity ones with details so that you take the appropriate actions to remediate risks.

 

M365 Compliance Center - alerts(2).png

 

Within the new compliance center, you can also classify your most important data with sensitivity and retention labels, and configure protection and governance policies with a unified experience. Additionally, the Label analytics functionality in public preview gives you label insights across your Office 365 and non-Office 365 workloads, helping you analyze and validate your label usage.

 

M365 Compliance Center - label analytics.png

 

Under the solutions area, you can easily access compliance features that help you better govern your data. The disposition review under Data governance helps you review the content when it reaches the end of its retention period, for you to make a final decision about keeping or deleting the data. Additionally, Supervision helps organization meet communication-monitoring requirements to address internal policies or regulatory compliance. You can establish policies with intelligent conditions and identify Teams or users and the related channels or chat messages to be included in the supervision policy. Supervisors can then review content with the new built-in review experience to tag, escalate, and bulk resolve.

 

Supervision in cc screenshots.jpg

 

Intelligently respond to data discovery requests by leveraging AI to find the most relevant data

The cost of compliance has continuously increased in the past few years due to new regulations like GDPR, and the growing amount of electronic data. Organizations need assistance to discover the most relevant data to respond to regulatory requests like the Data Subject Access Requests (DSARs).

In the new Microsoft 365 compliance center, you can access the Data Subject Requests tool to create DSR cases and identify your employees’ personal data with built-in content search capabilities. With Advanced eDiscovery, you can reduce the cost and risk of common eDiscovery processes with custodian management, hold notifications, working sets and review and redact functionality built into Microsoft 365 directly.

 

M365 Compliance Center - DSR.png

 

In addition to data discovery, Microsoft 365 compliance center also provides you with access to data investigations solution in preview, which helps organizations to search for leaked or unprotected sensitive data and take actions like deleting emails or documents to remediate risks.

 

We will keep adding more compliance solutions like audit log search, content search, retention policies, archiving and more in the Microsoft 365 compliance center soon to reach parity with the solutions we provide in Office 365 Security & Compliance Center. Please don’t hesitate to give us feedback from the feedback button in the new center.

 

Get started today

To get the new Microsoft 365 security center and Microsoft 365 compliance center, your organization must have a subscription to Microsoft 365 E3 or E5, or a Volume Licensing equivalent (which consists of Office 365 Enterprise E3 or E5, Enterprise Mobility + Security E3 or E5, and Windows 10 Enterprise E3/E5). We plan to expand access to additional subscriptions and license types later in the year. Users must be assigned the Global Administrator, Compliance Administrator, or Compliance Data Administrator role in Azure Active Directory to access the new Microsoft 365 compliance center.

 

You can start using the Microsoft 365 compliance center today by visiting compliance.microsoft.com or through the Microsoft 365 admin center. Learn more about the new experience in our technical supporting document.