Improve your Cloud Security posture with Microsoft Secure Score

Improve your Cloud Security posture with Microsoft Secure Score

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Microsoft Secure Score provides you with an prioritized list of the key controls you can enable to improve the security posture for your environment. The recommendations and best practices it suggests includes those from across Microsoft 365 Security and Azure Microsoft Cloud App Security  which is a Cloud Access Security Broker (CASB), a new generation of security solutions, that is essential to any modern security strategy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across cloud, on-premises and custom apps.

To ensure that customers enable key use cases to detect cloud-native attacks and protect against risky apps in their environment with Microsoft Cloud App Security, we will explore the top 5 most impactful Cloud App Security related Improvement Actions that Microsoft Secure Score has to offer. These will allow you to get the most out of your CASB investment and up-level the security for all your cloud apps, whether they’re Microsoft or 3rd party apps.

 

Get started with these top 5 Improvement Actions for Microsoft Cloud App Security

To maximize Microsoft Cloud App Security’s impact on your overall security posture, here are five of the top improvement actions you should start with:

  1. Use Cloud App Security to detect anomalous behavior
  2. Create a custom activity policy to discover suspicious usage patterns
  3. Discover Shadow IT and application usage
  4. Set automated notifications for new and trending cloud applications in your organization
  5. Review permissions & block risky OAuth applications connected to your environment

 

Use Cloud App Security to detect anomalous behavior

Designed with security professionals in mind, Microsoft Cloud App Security makes it easy to get started. It’s designed for a simple deployment, centralized management, and innovative automation capabilities. When you turn on the Cloud App Security console you can easily connect your apps and instantly leverage numerous built-in threat detection policies. They enable you detect insider threats, compromised accounts and brute force attempts. In addition, Microsoft Cloud App Security provides risk scores for all of the users in your organization, which enables the Security Operations team to prioritize their investigations.

 

1.png

 

Create a custom activity policy to discover suspicious usage patterns

Activity policies enable you to monitor suspicious user activities and be alerted on policy violations such as downloading a large number of files in a short period of time or sharing sensitive files with external users. Microsoft Cloud App Security also allows you to take manual remediation actions or setup automatic remediation to lighten the workload on your SecOps team.

 

Discover Shadow IT and application usage

In today’s modern enterprises, apps run the workplace. While we see an average of 129 IT-managed applications, our CASB discovery data shows that the total number of apps accessed by employees in large organizations exceeds 1,000. In Microsoft Cloud App Security, you have several options to activate the Discovery of Shadow IT, either by a single click enablement via Microsoft Defender Advanced Threat Protection, leveraging lots from your firewall, or using an existing Secure Web Gateway. Once discovered, Microsoft Cloud App Security assesses all apps against more than 90 risk and compliance factors and allows you to manage future access.

 

3.png

 

 

 

Set automated notifications for new and trending cloud applications in your organization

The initial Discovery and assessment of the apps in your organization can be time consuming depending on how many apps are in use. To ensure you can stay on top of the Shadow IT in your organization, it is recommended to implement continuous monitoring. Microsoft Cloud App Security allows you to setup policies to be alerted when new, risky or high-volume apps are discovered in your environment, so you can immediately evaluate and manage them according to the requirements of your organization.

 

 4.png

 

Review permissions & block risky OAuth applications connected to your environment

OAuth is a web-based industry standard protocol that enables users to grant web apps access to their accounts and data without sharing their credentials. The use of OAuth in enterprises is increasing as a result of the continued adoption of cloud-based solutions. While extremely convenient, OAuth introduces a new threat vector to the security of organizations and enables potential back doors into corporate environments when malicious apps are authorized.

Microsoft Cloud App Security enables you to identify all OAUth apps that have been authorized against your corporate apps such as Office 365, GSuite and Salesforce, evaluate their risk and ban them if necessary. You can find additional details in this blog post.

 

5.png

 

 

Wrapping It Up

So, there you have it – a quick tour of the top Microsoft Secure Score related Improvement Actions for in Microsoft Cloud App Security. Start using Microsoft Cloud App Security today to get better visibility into your cloud environment and take control of all your cloud apps. More information on Microsoft Cloud App Security and Microsoft Secure Score can be found at Microsoft Docs (Microsoft Cloud App Security and).

 

More info and feedback

  • Haven’t tried Microsoft Cloud App Security yet? Start a free trial today.
  • As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page.
  • For more resources and information on Microsoft Cloud App Security go to our website.

 

 

 

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Sensitivity labeling now built into Office apps for Windows to help protect sensitive information

Sensitivity labeling now built into Office apps for Windows to help protect sensitive information

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Microsoft Information Protection solutions help you better protect your sensitive information, wherever it lives or travels – across devices, apps, cloud services and on-premises. Our goal is to provide a consistent and comprehensive approach to discovering, classifying, labeling and protecting sensitive data.

 

Earlier this year we released built-in sensitivity labeling in Office apps for Mac, iOS and Android. These capabilities enable users to easily apply sensitivity labels to documents and emails – based on the policies defined by your organization. The built-in labeling experiences are integrated directly into Office apps – there’s no need for any special plugins or add-ons.

 

We’re expanding to additional Office apps, and now sensitivity labeling is available in Office apps for Windows. With this release, end-user driven sensitivity labeling is now available in:

  • New! Office for Windows: Word, PowerPoint, Excel & Outlook
  • Office for Mac: Word, PowerPoint, Excel & Outlook
  • Office mobile apps for iOS: Word, PowerPoint & Excel (Outlook coming soon)
  • Office mobile apps for Android: Word, PowerPoint & Excel (Outlook coming soon)

The labeling experience in Office apps for Windows is similar to the labeling experience on other platforms – making it easy and familiar for your end-users. Once you define and configure your sensitivity labels and policies, the same labels are published out and made available across the supported Office apps.

 

The screenshots below show examples of the end-user experience in Office apps for Windows. Users select the Sensitivity drop-down menu to view the available labels and select the appropriate label. The experience is similar across Word, PowerPoint, Excel and Outlook.

clipboard_image_1.pngApply sensitivity labels in Office apps for Windows – your label policy will apply the configured protection actions, such as encryption, rights restrictions or visual markings.

 

clipboard_image_2.pngApplying sensitivity labels in Outlook for Windows is a similar experience.

 

clipboard_image_3.pngAn email labeled “Highly Confidential” in Outlook for Windows get encrypted, and headers & footers are applied.

Getting started

Similar to publishing labels for use in other Office apps, you need to first configure your organization’s sensitivity labels in the Office 365 Security & Compliance Center or the Microsoft 365 Compliance center. If your organization has sensitivity labels configured in the Azure portal for Azure Information Protection, you will first need to migrate your labels to the Microsoft 365 Compliance center, and then the labels can be used by the supported Office apps. You can find more information on migration steps here.

 

You can also learn more about sensitivity labels in our documentation, and additional details on supported Office apps is including in this article. Sensitivity labeling in Office apps for Windows is rolling out now to customers who have Office 365 E3 or E5 (built-in sensitivity labeling is supported on the Office 365 Pro Plus version of Office), and the rollout is expected to be completed by the end of September or October, 2019.     

    

We’re excited to expand sensitivity labeling to Office for Windows, enabling more comprehensive protection of sensitive information across your environment. We plan to release sensitivity labeling in the Office apps for the Web and Outlook mobile soon. Please check the Microsoft 365 roadmap for the latest information.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Security Policy Advisor for Office 365 ProPlus is now Generally Available!

Security Policy Advisor for Office 365 ProPlus is now Generally Available!

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Hello everyone,

Today we are pleased to announce the general availability of Security Policy Advisor, a new service that can help enterprises improve the security of Office 365 ProPlus clients in their organization.

 

Security Policy Advisor has been in preview for the past few months and we wanted to first thank all our previewers who have evaluated this service and provided us with feedback that has helped us improve the service.

 

Security Policy Advisor enables IT admins who have deployed Office 365 ProPlus to manage the security of their Office applications with confidence by providing the following capabilities:

  • Tailored recommendations for specific security policies that can provide a high value in helping raise the overall security posture of an enterprise and protect against contemporary attacks.
  • Rich data insights about the security and productivity impact of applying a policy recommendation. These insights can help admins weigh the benefits and costs of applying a policy and make a data-informed decision.
  • One-click deployment of policies to end users through the recently released Office cloud policy service that enables admins to enforce Office policies for Office 365 ProPlus clients directly from the cloud. No on-premises infrastructure or MDM services are required.
  • Monitoring and reporting on policy impact, which allows an admin to have visibility into how a security policy is affecting users without having to wait to hear from them.

clipboard_image_0.png

 

 

This service is now generally available and supported for customers with Office 365 ProPlus.

 

Get started today by visiting and signing into the Office client management portal, turning on Security Policy Advisor, and creating Office cloud policy configurations.  For each policy configuration you create and assign to a group of users, Security Policy Advisor will generate recommendations with supporting data that you can review and deploy to users as a policy. Once you have applied a policy, you can continue to monitor its ongoing impact on users through the management portal.

For additional documentation on how to use this new policy service and its capabilities, see Security Policy Advisor for Office 365 ProPlus.

 

This service is just one of many new services which the Office team will be releasing over the next 12+ months.  These services, which shape the foundation of the Office serviceability SDK, are designed to work with 1st and 3rd party management solutions to help administrators simplify and streamline Office deployment and management.

 

As always, please provide feedback using the feedback button to help us improve the service. We look forward to hearing from you and continue improving this service.

 

Thank you! 

 

FAQ:

Note:  Please refer to our documentation for the most up to date information.

 

What are the prerequisites to start using Security Policy Advisor?

For prerequisites, see Requirements for using Security Policy Advisor.

 

How does this relate to a security baseline?

Security baselines are a great starting point for enterprises to configure their applications for security. A new draft of the security baseline for Office 365 ProPlus applications is available here.

 

A security baseline is generic best practice guidance that ultimately needs to be consumed and customized for your enterprise to balance your security and productivity goals. You can use Office cloud policy service to apply the user level policies recommended in the Office security baseline.  Security Policy Advisor complements a security baseline by providing custom recommendations for specific policies that are tailored to your enterprise, helping you to choose a security policy that has the least impact on productivity for your organization.

 

How are the recommendations, productivity and security impact insights generated?

Security Policy Advisor uses the following data to generate recommendations and associated data insights on productivity and security impact:

  1. To create the recommendations and productivity insights, Security Policy Advisor relies on required service data from Office 365 ProPlus . For more information, see Required service data for Office.
  2. If your organization has Office 365 Advanced Threat Protection Plan 2, then Security Policy Advisor can use data from this service to provide insights on recommended policies. These insights will be based on threats that have been detected and stopped by Advanced Threat Protection. For more details on Office 365 Advanced Threat Protection, see Office 365 threat investigation and response.

 For more details, see How Security Policy Advisor creates recommendations.

 

What happens when I turn off Security Policy Advisor?

When you turn off Security Policy Advisor, usage and threat data from your organization are no longer analyzed and no recommendations or insights will be generated.

Admins can control the data collected from their clients using the new privacy controls supported by Office apps. More details are available at Overview of privacy controls for Office 365 ProPlus.

 

What happens if I do not have Office 365 Threat Investigation and Response (via ATP Plan 2)?

If your organization has Office Threat Investigation and Response (via ATP Plan 2), Security Policy Advisor can use data from this service to provide you with information on threats detected and stopped by ATP that the recommended policy can help protect against. This can be great to quantify the actual risk to your organization when you consider applying a recommendation.

If your organization does not have ATP Plan 2, Security Policy Advisor will still show you information on the productivity impact that is helpful in assessing and monitoring impact to end users when applying recommendations.

 

Which admin roles can view recommendations and configure policies?

Only the Global Admin, Security Admin or Desktop Analytics Admin roles are allowed access to create or view policy configurations.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Register now for the Compliance pre-day at Microsoft Ignite on 11/3/2019

Register now for the Compliance pre-day at Microsoft Ignite on 11/3/2019

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Ignite.png

Come join us for the Compliance pre-day event at Microsoft Ignite in Orlando, Florida on 11/3/2019! This interactive pre-day event will bring you together with leading industry peers, analysts, and partners who will share their views and best practices for protecting and governing sensitive data, handling internal risks, and responding to data compliance requests.

 

Agenda:

Time Description
9:00AM – 10:00AM

Exclusive keynote with Microsoft’s  CISO

 

In this keynote Bret Arsenault, CVP and CISO, shares his strategy for security and compliance in Microsoft’s complex enterprise, details about some of our accomplishments, problems we’re endeavoring to solve, and what we’ve learned along the way

10:30AM – 12:00PM

Analyst-Facilitated Customer Panel

 

Hear from industry leaders about challenges, opportunities, and what’s next for compliance. Participate during our interactive panel.

1:00PM – 2:45PM

Chalk Talk with Microsoft’s Compliance Professionals

 

Join Microsoft compliance professionals to discuss real-world challenges and best practices around insider risk, information protection, and data subject requests.

3:00PM – 3:45PM

Why Microsoft is in the business of compliance: our investment in innovation

 

Hear Microsoft engineering explain how and why we’re invested in the business of compliance.

3:45PM – 4:30PM

Partner Panel Discussion

 

Lessons from partners on how to effectively define and implement a compliance strategy with your key stakeholders.

6:00PM – 9:00PM

 Community building

 

Wrap up the day by joining us for a special dinner and enjoy connecting with peers and partners.

 

Click here to register for the “Compliance requirements: A practical guide to leveraging the capabilities in Microsoft 365” now.* We hope to see you there!

 

*Please note that you will have to register for Ignite prior to registering for the pre-day.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Introducing the new Microsoft Graph Security API add-on for Splunk!

Introducing the new Microsoft Graph Security API add-on for Splunk!

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

A new add-on from Microsoft enables customers to easily integrate security alerts and insights from its security products, services, and partners in Splunk Enterprise. The new Splunk add-on is built by Microsoft, certified by Splunk, and is available on Splunkbase at no additional cost.

 

This add-on, powered by the Microsoft Graph Security API, supports streaming of alerts from the following Microsoft and partner solutions into Splunk using a single add-on and common schema, enabling easier correlation of data across these products:

  1. Azure Security Center
  2. Azure Active Directory Identity Protection
  3. Microsoft Cloud App Security
  4. Microsoft Defender Advanced Threat Protection
  5. Azure Advanced Threat Protection
  6. Office 365 Advanced Threat Protection
  7. Azure Information Protection (preview)
  8. Azure Sentinel (preview)
  9. Palo Alto Networks

Note: Security products are continuously onboarded; Refer to the Microsoft Graph Security alerts providers table for the latest product list.

 

Since the new add-on extends support across a broader set of security products, it will replace the Azure Monitor add-on for Splunk as the preferred method for integrating with the Microsoft Graph Security API.

Getting Started

Follow these steps to install and configure the app. Refer to the documentation for more details.

  1. Register your application for this Splunk add-on on Azure portal.
  2. Configure permissions and be sure to add the SecurityEvents.Read.All permission to your application. Get your Azure AD tenant administrator to grant tenant administrator consent to your application. This is a one-time activity unless permissions change for the application.
  3. Copy and save your registered Application ID and Directory ID from the Overview page. You will need them later to complete the add-on configuration process as illustrated below. Registration_Process_Overview.pngApplication registration
  4. Generate an application secret by going to Certificates & secrets Save the generated secret as well for add-on configuration purposes.
  5. In Splunk, click on Splunk Apps to browse more apps.
  6. Search for ‘Microsoft Graph Security’ and install Microsoft Graph Security API add-on for Splunk
  7. If Splunk Enterprise prompts you to restart, do so.
  8. Verify that the add-on appears in the list of apps and add-ons as shown in the diagram below.  splunk_homepage.PNGMicrosoft Graph Security add-on for Splunk
  9. Configure Microsoft Graph Security data inputs illustrated in the diagram below as per the detailed guidance in the installation documentation for this add-on. This add-on provides the capability to pre-filter your data by specific alert providers or by alert category or severity, etc. by specifying the OData Filter field as shown in the diagram below.  new_input.PNGAdd-on input configuration
  10. Now you can use your Microsoft Graph Security alerts for further processing in Splunk, in dashboards, etc.

  11. If you have Splunk and relevant add-ons running behind a proxy server, follow the additional steps for Splunk behind a Proxy Server in the installation documentation for this add-on.

What’s Next?

We are working to enable support for this add-on on Splunk Cloud. We would love to hear your feedback on this add-on so that we can factor that before making it available on Splunk Cloud. Please share your feedback by filing a GitHub issue

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

New Exact Data Match (EDM) classification helps you better detect and protect sensitive information

New Exact Data Match (EDM) classification helps you better detect and protect sensitive information

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Office 365 Data Loss Prevention (DLP) enables you to create policies to help prevent the inadvertent or inappropriate sharing of documents and emails containing sensitive information. DLP policies can leverage a broad range of over 90 built-in sensitive information types to detect common data types, such as financial data, PII and health-related information. Organizations can also choose to create custom sensitive information types to detect information specific to their organization’s needs – based on patterns, supporting evidence (keywords such as employeebadgeID, and so on), character proximity (how close evidence is to characters in a particular pattern), and confidence levels.

 

Exact Data Match (EDM) is a new capability that enhances custom sensitive information types to help accurately target detection of your exact and unique sensitive content. Exact Data Match (EDM) sensitive information types is designed to:

  • be dynamic and refreshable
  • be more scalable
  • result in fewer false-positives
  • work with structured sensitive data
  • handle sensitive information more securely
  • be used with several Microsoft cloud services

 

Example use cases

 

Example 1: A healthcare provider needs to prevent or block the sharing of medical records that contains patient information – especially to ensure that this information isn’t sent to external users. The organization configures an Exact Data Match (EDM) based sensitive information type to do exact match lookup based on their patient records.

 

A patient EDM sensitive information type is configured to detect content which matches patient SSN or Patient ID or medical record number, along with patient information (e.g. name, date of birth, phone number). Office 365 DLP policies are configured to block external sending of email if a patient EDM sensitive information type is found.

 

Example 2: A banking institution needs to prevent customer account numbers from being sharing outside of the organization’s boundary. They configure an Exact Data Match (EDM) based sensitive information type to do exact match lookup based on customer bank account records.

 

A customer account EDM sensitive information type is configured to detect account number, type of account and customer information (name, email address, phone number). Office 365 and Microsoft Cloud App Security DLP policies are configured to detect and block sharing of content that contains the customer account EDM sensitive information type.

 

exact data match.png

 

Configure Exact Data Match

 

Exact data match configuration involves three key steps:

  • Define the schema for Exact lookup data
  • Update sensitive content used for Exact Lookup
  • Create Exact Data Match sensitive type

 

We provide an EDM Upload Agent to enable indexing and secure upload of sensitive content, which supports:

  • Authorization to ensure that only users with right permission can execute EDM lookup.
  • to ensure that sensitive content used for lookup never exits the customer’s boundary.
  • Uploads indexed file right Microsoft service instance.

 

Detailed steps to create Exact Data Match sensitive information types is located here.

 

Start using Exact Data Match

To start, Office 365 DLP for Exchange Online (email), OneDrive for Business (files), Microsoft Teams (conversations) and Microsoft Cloud App Security policies supports EDM sensitive information types.

 

EDM sensitive information types for the following are currently in development, but not yet available for  Office 365 DLP for SharePoint (files) and auto-classification of content for the purpose of applying sensitivity labels and retention labels.

 

For end-users, Office 365 DLP policy tips are useful to provide notifications that sensitive information has been detected and DLP policies are being applied. While this has been widely available on Office apps for DLP policies, support for EDM policy tips will start in Outlook for the web, and we intend to support policy tips in other Office apps in the future.

 

datamatch2.pngA policy tip in Outlook for the web notifies the user that a patient record was detected.

 

Getting started

As an advanced classification capability, Exact Data Match is included as an entitlement in the following subscriptions:

  • Office 365 E5
  • Microsoft 365 E5
  • Microsoft 365 Compliance
  • Office 365 Advanced Compliance

You must be a global admin, compliance administrator, or Exchange Online administrator to perform the tasks described in . To learn more about DLP permissions, see Permissions.

 

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Check out the Microsoft Graph Security sample application!

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

It’s easy to build rich security applications using the Microsoft Graph Security API. We built one to help demo the capabilities and have shared the sample code on GitHub so you can use it to kick start development of your own security app!

 

The sample app is designed to showcase some of the key scenarios enabled by the Microsoft Graph Security API. As you’ll see, data from across the organization is surfaced – from both Microsoft and third-party security solutions, in one simple dashboard. Users can easily drill down into specific alerts to get additional information and context, update alert status and add tags, pivot to view related alerts for a specific user or device, view detailed information about security recommendations, and much more.

 

Check out the video to see the sample app in action and what additional capabilities are available in the Microsoft Graph Security API.

 

 

Getting Started

Follow the steps below to get access to this sample app and try it on your Azure Active Directory (Azure AD). Refer to the sample app documentation for further details on the steps summarized below.

  1. Ensure prerequisites are set up before you download the sample code and build the app.
  2. Register this app in your Azure AD to meet Microsoft Graph auth requirements.
  3. Gain consent from your Azure AD administrator to view security data.
  4. Build and run the sample.
  5. Deploy the app to Azure.

 

Download the sample app from our GitHub repository and be sure to check out the documentation to get started today! Check out additional samples for more options to connect with the Microsoft Graph Security API. Please share your feedback by filing a GitHub issue.

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Maximizing Your Security Posture with Azure ATP

Maximizing Your Security Posture with Azure ATP

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Our customers spend a lot of time and money on security solutions and very few of them are taking full advantage of the solutions they’ve deployed. Even fewer of them are deploying or maintaining these solutions correctly. Based on this it’s not surprising to see stats like “93% of all breaches could have been avoided if basic cyber hygiene had been in place” (Online Trust Alliance).

 

From my view the industry and even our customers have been overly focused on finding technological solutions with the hope they’ll will address the people and process issues that are the root cause of so many incidents. Here at Microsoft we recognize that technology alone can’t solve the problem and so we’re increasingly focusing on delivering solutions that provide integrated capabilities on all three fronts.

 

2019 - Blog 03 - Secure Score - Technology People Process.png

 

 

 

Microsoft Secure Score is a perfect example of this. With it we can help you take full advantage of the Microsoft 365 security solutions you’ve deployed while at the same time helping you validate that they’ve been configured correctly.

 

Using Microsoft Secure Score to Amp Your Security Posture for Identity

As you’re probably aware of, when an organization suffers from a cyber-attack one of the first things attacks will target are user identities. By brute forcing passwords and then using lateral movement techniques to move across an organization, attackers can achieve their targeted goals. This is where Azure ATP comes in.

 

Azure ATP constantly monitors your domain controllers for identity-based threats, attacks and security posture issues by capturing and parsing network traffic and leveraging Windows events. From here it then analyzes the data utilizing profiling, deterministic detection, machine learning and behavioral algorithms that enable it to learn your network, detect anomalies and warn you of suspicious activities.

 

To maximize Azure ATP’s potential to catch anomalous identity related activities and to lower your time-to-resolve them we need to ensure that Azure ATP is fully configured and to do this you can use Microsoft Secure Score to surface a series of configuration checks.

 

Top 5 Most Impactful Improvement Actions to Prioritize

To maximize Azure ATP’s impact on your overall identity security posture, here are five improvement actions that many will find they can get done in a single day:

 

  1. Install Azure ATP Sensor on all Domain Controllers
  2. Set a honeytoken account
  3. Configure VPN integration
  4. Configure Microsoft Defender ATP Integration
  5. Fix Advanced Audit Policy issues

 

Install Azure ATP Sensor on all Domain Controllers

It may seem trivial, but our telemetry shows that in complex environments IT sometimes struggle to verify that all of their domain controllers are monitored by Azure ATP. This improvement action leverages Azure ATP’s knowledge of your network to pinpoint the domain controllers that you may have missed or were added after Azure ATP’s initial setup. Make this the first Improvement Action to improve your security posture with Azure ATP.

 

2019 - Blog 03 - Secure Score - Install Azure ATP Sensor on all Domain Controllers.png

 

Set a honeytoken account

Setting a honeytoken account(s) is a great way to help expose malicious actors . A honeytoken account, like one temptingly named “SuperAdmin”, is a real account that is used as bait to lure attackers into exposing their presence and activities. Any authentication attempts associated with these accounts will trigger an Azure ATP security alert enabling you to catch attackers in the act.

 

2019 - Blog 03 - Secure Score - Set a honeytoken account.png

 

Configure VPN integration

A user’s VPN related activity can prove interesting for investigation purposes and once the “Configure VPN integration” improvement action has been implemented your SecOps team will be armed with information that will help them expedite their incident response activities. Once configured Azure ATP will start collecting VPN connection data (e.g.: IP addresses and locations where connections originated) which will be exposed in user profile pages within the Azure ATP  .

 

2019 - Blog 03 - Secure Score - Configure VPN integration.png

 

Configure Microsoft Defender ATP Integration

Azure ATP easily integrates with Microsoft Defender ATP to help provide a more end to end threat protection solution. Azure ATP monitors the traffic on your domain controllers, Microsoft Defender ATP monitors your endpoints – together they provide an integrated experience to completely protect your  . For example, Azure ATP will alert on remote execution of malicious code targeting domain controllers from a compromised device. From here an analyst can pivot to detailed device level information from Microsoft Defender ATP that enables the analyst to determine where it the malicious code came from, how it executed, etc.

 

2019 - Blog 03 - Secure Score - Configure Microsoft Defender ATP Integration.png

 

Fix Advanced Audit Policy issues

Azure ATP detection relies on specific Windows Event Logs for visibility into a variety of scenarios, such as NTLM logons and security group modifications. To enable Azure ATP to monitor these events on your domain controllers the “success” and “failure” audit event options should be enabled in the Audit Credential Validation and Audit Security Group Management policies. These policies can be found under Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration.

 

2019 - Blog 03 - Secure Score - Fix Advanced Audit Policy issues.png

 

Wrapping It Up

So, there you have it – a quick tour of the top improvement actions for Azure ATP. As you can likely tell from the list, implementing them will have no negative impact on your users and each of them can be quickly enabled. Start using Microsoft Secure Score today to see how you maximize your security posture and squeak each and every ounce of capability out of your Microsoft 365 security solutions. More information on Azure ATP and Microsoft Secure Score can be found at Microsoft Docs (Azure ATP and Microsoft Secure Score).

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Microsoft Secure Score at Inspire: Partner Opportunities

Microsoft Secure Score at Inspire: Partner Opportunities

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Last week was an exciting time in Las Vegas where we hosted our largest annual partner networking event for thousands of Microsoft Partners from more than 130 countries. This was particularly true for Microsoft Secure Score where we spoke to an audience of well over 100 partners to demonstrate how it can help them grow their businesses.

 

At Microsoft Inspire 2018, Microsoft Secure Score was a relatively new feature and many partners at the event were learning about it for the first time. Since then much has changed. Customer and Microsoft Partner awareness has reached critical mass and adoption and usage has ramped significantly.

 

New Microsoft Secure Score Location and Layout

Much of this occurred when Microsoft 365 security center reached general availability and became the new centralized experience for security administrators. This new console also became the new home for Microsoft Security Score which dramatically enhanced its discoverability. Prior to this change, the Microsoft Secure Score experience was several clicks deep in the Office 365 Security & Compliance portal. Below is a view of the new Microsoft 365 Security Center which is where Microsoft Score is now located.

 

2019 - Blog 04 - Secure Score - Secure Score at Inspire - SCC.png

 

 

In addition, we released a completely revamped user experience in March 2019 to improve usability and create a more action oriented experience for users. With these changes we saw utilization of Microsoft Security Score triple by the end of April and it’s continued to rise from there.

 

In the image below you’ll see the new Microsoft Secure Score interface. The product-based donut scores from before have been removed and we aligned its organization around the Microsoft Threat Protection model which includes five pillars: Identity, Data, Devices, Apps, and Infrastructure. This change was based on feedback from our customers and partners who wanted to see a more category-based approach instead of scores for each product (Office 365, Windows, etc.). In addition, summary views for History and Improvement Actions have been added to the main Overview page and then if you drill down into either of them you’ll find more significant changes to help you work more efficiently.

 

2019 - Blog 04 - Secure Score - Secure Score at Inspire - SC Overview.png

 

The Microsoft Partner Opportunity

From a Microsoft Partner perspective, 2019 has been the year of adoption with many introducing Microsoft Secure Score into their programs, offerings, and tools. Some of these partners are listed below. One partner told us that they’ve used Secure Score to successfully drive cold call related lead quotes from 3% to 15% – a whopping 5X increase for them. Other partners have reported tremendous opportunities in security services work as a result of offering low cost Microsoft Secure Score assessments. As a result, often clients request to raise their secure score leading to additional licensing and services work to implement items such as data protection and smart phone management using product suites such as Microsoft 365.

 

2019 - Blog 04 - Secure Score - Secure Score at Inspire - Partner Slide.png

 

 

While your mileage may vary, what we know for certain is that customers are exhausted by the news and articles describing the latest cyber-security breaches. And while organizations eagerly continue their hunt for better preventative and incident response technologies they’re increasingly searching for new solutions after coming to terms with the fact that 93% of cyber security breaches are the result of failures in basic cyber hygiene (Online Trust Alliance). Based on this statistic, they are also looking for solutions that provide active insights and expert guidance to help them maintain cyber-hygiene and maximize their security posture.

 

Microsoft Secure Score is just such a tool and when a Microsoft Partner shows their clients how Microsoft Secure Score provides them with a methodical approach to help them achieve basic cyber hygiene it is a real eye opener for them. Clients are amazed to learn about the simple things they can do to immediately increase their security posture and avoid becoming tomorrow’s next news story.

 

Partner Enablement

Microsoft Secure Score provides a unique ability for those using the Microsoft Cloud to review, understand, and improve their own security posture. But there are many organizations who are unaware or who do not have the technical expertise to translate that knowledge into action. Many organizations are focused 100% on running their businesses and if their services seem to be working, they assume everything is fine.

 

This operational reality provides a large services opportunity for Microsoft Partners. By positioning Microsoft Secure Score as part of a low-cost security assessment, Microsoft Partners can advertise this as a service. As displayed in the Microsoft Secure Score portal, on average most organizations have a very low score and a long list of important recommendations they should prioritize. Based on this knowledge, a partner like you can engage with almost any customer knowing what the assessment will surface to the customer (i.e.: low score needing significant improvement). From here the value add you can offer customers is to provide them with deeper level of explanation and knowledge, plans on how to address the top recommendations, and of course services to implement them. Through this engagement process, Microsoft partners are in a unique position to learn much more about the client environment which will often lead to additional opportunities.

 

While Microsoft Partners have the option to develop a Microsoft Secure Score Assessment as a stand-alone offer, some partners already have an established Security Assessment offering using a variety of utilities and report generators. For partners like these we’ve seen them add Microsoft Secure Score to their existing assessments which has enabled them to surface additional opportunities for improvement. Others have utilized the Microsoft Secure Score API to extend the capabilities of their scanning utilities. Some Microsoft Managed Services Providers (MSP) now export their client Microsoft Secure Score and review it during normal quarterly meetings. These types of reviews open up doors for many opportunities, not to mention it becomes a strong reminder of how a client’s previously low score is now trending much better because of the Microsoft Partners efforts.

 

To assist Microsoft Partners with the design and marketing of a Microsoft Secure Score Assessment offer, we have designed a marketing template as a place to start and generate ideas. This marketing template is only an example and we highly encourage Microsoft Partners to customize it by adding their own differentiators. The marketing template is available here: aka.ms/SecureScoreOfferTemplate

 

In addition to developing and marketing a Microsoft Secure Score Assessment, we recommend that Microsoft Partners first evaluate their own Microsoft Secure Score. Consider the improvement actions you’d recommend implementing in your own environment. Understand why you’d implement some but not others. Finally, assess the impact of implementing each improvement action on your environment, your users and business? This will help you generate a personal story that will help you assert why YOU’RE the best partner to provide this type of assessment service.

 

Partner Innovation

We’ve talked to a lot of partners about integrating Microsoft Secure Score into their offerings and we’ve been excited to see them using the Graph API to go beyond what we’ve offered natively.

 

QualityHosting is perfect example of partner that is using the Graph API to take make it an even better solution and it impressed us enough that we invited them to speak about it on stage at Inspire. When QualityHosting first saw Microsoft Secure Score they saw its potential, but they also quickly noticed that its user experience was designed for customers rather than partners. The specific challenge they noticed was is that it didn’t enable them to monitor scores and implement improvements across more than one customer tenant at a time. With Quality Hosting’s Managed Security 365 multi-tenant service they solved this challenge for themselves and then they productized the capability for other partners to take advantage of. More information on it can be found in the product video which can be found on their YouTube channel.

 

 

2019 - Blog 04 - Secure Score - Secure Score at Inspire - Quality Hosting.pngQuality Hosting’s Managed 365 Service

Enabling Technologies has incorporated a Microsoft Secure Score evaluation into its already well established and very successful SPARC security engagement program. This is their custom end-to-end security solution that focuses on Strategy, Policy, Awareness, Response, and Compliance with their clients. Discussions about their client’s Microsoft Secure Score has led many to request services to improve their security posture in the following areas just to name a few: securing iOS and Android devices with Intune, enabling multi-factor authentication on privileged accounts, etc. All have increased licenses sold, increased implementation services work, and further protected their clients from cyber risks.

 

Secure Score makes it easy for Agile IT to communicate the need, value, and impacts of its AgileSecurity program. Agile IT’s automation toolkit, combined with the Microsoft Graph API allows them to reach time-to-value and time-to-security faster, but it is Secure Score that tells the story with their clients. Simple visualizations help spur conversations with non-IT business decision makers, while its recommendations help them build prioritized roadmaps with IT leadership. The best part is that Secure Score provides impartial guidance since it is neither an Agile IT nor customer standard.

 

Upcoming Features

In addition to covering partner momentum, opportunities and new resources at our Inspire session we also offered a sneak-peak at some upcoming improvements that we will be releasing later this year. While the details are still being developed, the list below represents some of the key features Microsoft Partners and customers can look forward to:

 

  • Improved scoring system
  • Metrics and trends
  • Improved history and comparisons
  • Near real-time status
  • More action oriented Ux
  • and much more…

 

Below is a screen capture of one of the latest Microsoft Secure Score builds which, if you look closely, reveals a bit more than I mentioned above. The Microsoft Secure Score team will publish new blogs about the improvements as they reach General Availability (GA).

 

2019 - Blog 04 - Secure Score - Secure Score at Inspire - Vi Teaser.png

 

 

Wrapping it up

So, there you have it – a quick recap of Microsoft Secure Score session at Inspire.

 

If you are a partner that is new to Microsoft Secure Score now is the time to learn more and start planning how to take advantage of it. Consider developing a Microsoft Secure Score offer using these resources, educate your sellers, integrate a secure score evaluation into your customer meetings.

 

If you are a partner who has already integrated Microsoft Secure Score we thank you for the support and feedback, all of which has helped shape the latest release and features coming in the future. Be sure you are fully capitalizing on the business opportunity, make sure you have updated your offering and sellers with the latest changes released in March 2019, and then consider using the Graph API to provide innovative and differentiated offerings to your customers.

 

 

 

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Empower security teams to easily report suspicious emails & content and receive instant feedback

Empower security teams to easily report suspicious emails & content and receive instant feedback

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

One of the frequent requests we hear from Office 365 customers is the ability for security teams to easily report suspicious email messages or content to Microsoft and get feedback. Today I’m super excited to announce that we’re rolling out this capability to customers world-wide. This builds on a powerful capability Office 365 already supports – the ability for end users to report suspicious emails to their security teams and Microsoft. With the feature set we’re announcing today, security teams that want to defer reporting issues to Microsoft until after they have reviewed the messages themselves can now do so. What’s more – security teams can get immediate feedback on these submissions within the Office 365 Security and Compliance Center, dramatically reducing the time to investigate and response to issues and take corrective actions.

 

One of Microsoft Threat Protections most important elements is the ability to secure emails and collaboration services with Office 365 Advanced Threat Protection (ATP). Office 365 ATP’s strength of signal offers comprehensive and best-in-class protection against sophisticated, targeted and zero-day phishing and malware attacks. To give you a sense of the scale that we deal with, in the course of 1 year in 2018, Office 365 ATP blocked 5 billion phish emails and analyzed 300k phish campaigns, protecting 4 million unique users from advanced threats. Analyzing such a huge amount of data helps continuously improve the machine learning algorithms, leading to the highest accuracy and effectiveness in the industry.

 

Impact.pngPhish email statistics from Office 365 from January 2018 to September 2018.

Phish.pngThe impact to end users in 2018 from the enhanced anti-phish capabilities in Office 365

 

As proud as we are about the effectiveness offered by Office 365 ATP, we also know that no solution is 100% effective. For this reason, we also offer powerful feedback loops through which suspicious emails can be reported by end users to Microsoft to feed into the overall intelligence and continually improve the service to better protect customers.

 

End users can report suspicious messages they see in their inbox to Microsoft using the  Report Message plug-in in Outlook and Outlook Web Access. Organizations’ security teams can also review these user-reported messages in the Office 365 Security and Compliance Center to better understand the attacks users are seeing and update their security policies.

 

Read-time.pngReal-time report showing all user-submitted emails

From the SecOps perspective, these submissions form an important source of intelligence and can trigger investigation and remediation workflows to significantly reduce the time to detect and respond to an attack and therefore limit the scope of impact of an attack within the organization.

 

The Report Message plug-in is therefore an invaluable tool for users to flag suspicious content to not only their security teams, but directly to Microsoft as well. But some organizations don’t want their users to submit emails directly to Microsoft, as they may contain sensitive information. They want these submissions to first be reviewed by their security teams before being submitted to Microsoft.

 

Today we’re excited to announce that the email submission experience will now be available to security teams and admins from the same place where they review user-reported messages within the Office 365 Security and Compliance Center.

 

With this new capability, admins can easily submit emails and content, provide more details, and receive immediate feedback. The feedback provided by Microsoft will also offers valuable insights into configurations that may have caused a false positive or a false negative, reducing the time to investigate issues and improving the overall effectiveness.

 

With this new submission process, admins can: 

  • Submit suspicious emails, files, and URLs to Microsoft for analysis
  • Receive immediate feedback on their submissions
  • Find and remove rules allowing malicious content into the tenant 
  • Find and remove rules blocking good content into the tenant 

Here’s a quick run through of the experience. You can also learn more about it in our technical docs.

 

Step 1 – Log in to the Security and Compliance Center or the M365 Admin Center as Global Admin, Security Admin, or Security Reader. Click on the ‘Submissions’ node under ‘Threat Management’. You will see all the end user reported messages here. Under the ‘User Reported’ tab. To create a new admin submission from the portal, click the ‘New Admin Submission’ on the top left.

 

details.png

 

Step 2 – Enter all the details related to the submission such as submission type, recipients, reason for submission and submit.

 

review.png

 

Step 3 – Review the status of your submission. You can see the progress of the submission after it is submitted. You can also drill down into specific submissions and see what was submitted, what it was submitted as, and reason for submission, as well as what verdict was issued.

 

sender.PNG

take action.jpg

 

Step 4 – Take actions to fix the suggested configuration.

 

This can be a great tool to manage false positives and help fix configurations issues that may result in EOP/Office 365 ATP not performing optimally. In the future we’ll not only present the config-related issues but also automatically fix them.

 

To whom is it available?

 

All Office 365 customers will be able to use this feature. However, customers using Office 365 ATP will benefit most from it. Customers using third-party reporting tools can also use this capability.

 

As you look to implement this solution, it’s important to know it provides valuable data for more than Office 365 ATP. Microsoft Threat Protection services in general can leverage it to fine tune the machine learning algorithms and better protect, detect, and respond to threats across different threat vectors. Get started with an MTP trial if you want to experience the comprehensive and integrated protection Microsoft Threat Protection provides. Learn more about Microsoft Threat Protection by following our monthly blog series.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Announcing Security Policy Advisor Preview for Office 365 ProPlus

Announcing Security Policy Advisor Preview for Office 365 ProPlus

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Today we are pleased to announce the preview of Security Policy Advisor, a new service that can help enterprises improve the security of Office 365 ProPlus clients in their organization.

 

Office provides a rich set of security policies that allow administrators to customize the security of their Office applications to help meet their enterprise’s security needs.  Administrators have traditionally relied on published guidance like security baselines or their own analysis to come up with a set of security policies they need to enforce. In such instances, the burden falls to the administrator to determine if a security policy is right for their enterprise and will not adversely affect user productivity. 

 

Security Policy Advisor enables IT admins who have deployed Office 365 ProPlus, to manage the security of their Office applications with confidence by providing the following capabilities:

 

  • Tailored recommendations for specific security policies that can provide a high value in helping to raise the overall security posture of an enterprise and helping to protect against contemporary attacks.
  • Rich data insights on security and productivity impact of applying a policy recommendation that can help admins weigh the benefit vs. risk of applying a policy and make a data-informed decision.
  • One-click deployment of policies to end users through the recently released Office cloud policy service that enables admins to enforce Office policies straight from the cloud to any Office 365 ProPlus client without requiring on-premises infrastructure or MDM services.
  • Monitoring and reporting on policy impact that allows an admin to have visibility into how a security policy recommendation is affecting users without having to wait to hear from them.

SPA_TechCommunity.png

 

 

 

This service is now available as a preview in English (en-us) and will be available in additional locales in the coming weeks. If you are an administrator of an organization that has deployed Office 365 ProPlus, you can start using this service by signing into the Office client management portal, turning on Security Policy Advisor and creating Office cloud policy configurations.  For each policy configuration you create and assign to a group of users, Security Policy Advisor will generate recommendations with supporting data that you can review and deploy to users as a policy. Once you have applied a policy, you can continue to monitor its ongoing impact on users through the management portal.

 

For additional documentation on how to use this new policy service and its capabilities please refer to this document: Overview of the Security Policy Advisor (Preview) for Office 365 ProPlus.

 

As you evaluate this preview, please provide feedback using the feedback button (in the upper right corner) to help us improve Security Policy Advisor. We look forward to hearing from you!

  

 

FAQ:

 

Note:  Please refer to our documentation for the most up to date information.

 

What are the pre-requisites to start using Security Policy Advisor?

To start using Security Policy Advisor, your enterprise must have the following pre-requisites

  1. Must be using the Office cloud policy service and meet all the requirements for that service
  2. Office 365 ProPlus apps on the latest Monthly (1904) channel release deployed and being used by users in your organization.
  3. To create the recommendations and insights, Security Policy Advisor relies on necessary service data from Office 365 ProPlus. For more information, see Necessary service data for Office.
  4. Office 365 ProPlus clients can communicate back to Microsoft. Specifically, the following Office 365 URLs and IP Addresses for all Office 365 services and clients published here: Office 365 URLs and IP address ranges.

Note: If you are creating a brand new enterprise subscription in Office 365, please wait atleast 24 hours for the service to detect your subscription before trying to use Security Policy Advisor.

 

How does this relate to a security baseline?

Security baselines are a great starting point for enterprises to configure their applications for security. Office has a published baseline for Office 2016 and Office 365 ProPlus applications.

 

A security baseline is generic best practice guidance that ultimately needs to be consumed and customized for your enterprise to balance your security and productivity goals. You can use Office cloud policy service to apply the user level policies recommended in the Office security baseline.  Security Policy Advisor complements a security baseline by providing custom recommendations for specific policies that are tailored to your enterprise, helping you to choose the most secure policy that has the least impact on productivity for your organization.

 

How are the recommendations, productivity and security impact insights generated?

Security Policy Advisor uses the following data to generate recommendations and associated data insights on productivity and security impact:

  1. To create the recommendations and productivity insights, Security Policy Advisor relies on necessary service data from Office 365 ProPlus . For more information, see Necessary service data for Office.
  2. If your organization has Office 365 Advanced Threat Protection Plan 2, then Security Policy Advisor can use data from this service to provide insights on recommended policies. These insights will be based on threats that have been detected and stopped by Advanced Threat Protection. For more details on Office 365 Advanced Threat Protection, see Office 365 threat investigation and response.

 For more details, please refer to our documentation.

 

What happens when I turn off Security Policy Advisor?

When you turn off Security Policy Advisor, usage and threat data from your organization are no longer analyzed and no recommendations or insights will be generated. 

 

Admins can control the data collected from their clients using the new privacy controls supported by Office apps. More details are available here: Overview of privacy controls for Office 365 ProPlus.

 

What happens if I do not have Office 365 Threat Investigation and Response (via ATP Plan 2)?

If your organization has Office Threat Investigation and Response (via ATP Plan 2), Security Policy Advisor can use data from this service to provide you with information on threats detected and stopped by ATP that the recommended policy can help protect against. This can be great to quantify the actual risk to your organization when you consider applying a recommendation.

 

If your organization does not have ATP Plan 2, no problem, Security Policy Advisor will still show you information on the productivity impact that is helpful in assessing and monitoring impact to end users when applying recommendations. 

 

Which admin roles are allowed to view recommendations and configure policies?

Only the Global Admin, Security Admin or Desktop Analytics Admin (private preview) roles are allowed access to create or view policy configurations.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

How we’re helping our ecosystem build more connected security solutions

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Microsoft offers a number of solutions for developers to build connected security applications. We know that figuring out how to get started using these tools can be challenging. To make it easier for developers, we recently published a developer’s guide to help!

 

If you’re a developer, architect, or tool smith at a large enterprise, independent software vendor (ISV), managed security services provider (MSSP), or a system integrator (SI), check out the new developer guide to building connected security solutions.

 

This guide provides an introduction to the Microsoft APIs, services, and communities available to security developers. In addition, the guide offers detailed guidance on when and how to use each – what technology and integration option best aligns with your desired scenario and application type with links to different types of samples.

 

Download the free guide today! Share your feedback by filing a GitHub issue in the SecurityDev repo.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Announcing Attack Surface Analyzer 2.0

Announcing Attack Surface Analyzer 2.0

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Overview

 

Attack Surface Analyzer has been a valuable asset to software developers and IT security personnel for years in helping detect key system changes that may occur from software installations.  We’re pleased to announce the release of Attack Surface Analyzer 2.0 earlier this month, which is a new .NET Core and Electron rewrite of the classic 2012 version of the tool, and is one of several tools recommended from Microsoft SDL Practices which can help improve customer trust in software.

 

Attack Surface Analyzer 2.0 helps identify potential security risks introduced by new or untrusted software by detecting changes to key areas of the system security configuration including: 

  • File System
  • User Accounts
  • System Services
  • Network Ports (listeners)
  • System Certificate Store
  • Windows Registry

It includes static change detection between snapshots of these key areas and a real-time file change monitoring option as well as an export feature of analysis data which is stored in a local SQLite database file.   Additional collection types and improvements are planned to be released later this year. 

 

It also includes both a scriptable command line interface (CLI) and an Electron option and even allows for your own custom front end to call the underlying core components programmatically to create an entirely different or white label client experience.  The entire codebase has been released as an Open Source project on GitHub allowing developers to further extend the tool features themselves and contribute them to the community.  A key improvement over the classic version is the application now comes with cross-platform support for Windows, Linux and macOS.

 

Usage

 

Attack Surface Analyzer allows you to create “snapshots” before and after you install the target software under consideration.  A clean initial system with minimal additional software is ideal, but not required though it does require administrator user privileges to use fully .

 

Let’s say you want to detect system changes made from the installation of a software application e.g. Firefox. After downloading Attack Surface Analyzer, you can use the Electron GUI option and select Start or Scan to create a baseline initial snapshot labeling it “Before Install” or “Clean System” for example and allowing the scan to complete.

 

Scan1.png

Next, install your software and run a new scan labeling it “After Install” for example and selecting the same collector types used in the initial scan.

 

Note: you can also run additional scans to capture changes made while using the software beyond just the installation.

 

Then use the Analyze Results feature selecting both the initial and post install scans that were previously saved to analyze for changes or selecting any two scans for comparison.  Finally, choose a desired filter to view any unexpected and potentially security impactful changes that were made.

 

Results.png

 

 

Alternatively, use the CLI interface which comes with command line help and the same level of functionality or greater in some cases, and which can be scripted into your build or other processes.

CLIsn1.png

 

Software Development Lifecycle Role

 

Attack Surface Analyzer contributes as an important software development best practice helping ensure the use of least privilege in your own software products for minimizing unwanted attack surface changes to your customers systems.  The output options can provide evidence for release management and security auditors that your product does only what it claims in addition to scanning for 3rd party software installation changes to your system.

 

As maintaining customer trust is key, including Attack Surface Analyzer 2.0 in your development processes or toolchain is a great idea.   Future releases of the tool will also include security guidance help for identified changes that may warrant additional scrutiny.

 

Getting Started

 

To get started, visit the project site on Github at https://github.com/Microsoft/AttackSurfaceAnalyzer and download the latest release.  We value your feedback, bug reports, and ideas and are excited by the release of this valuable tool for contributing to security compliance needs.

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Introducing Microsoft Graph Security API Recognition Program and New Samples!

Introducing Microsoft Graph Security API Recognition Program and New Samples!

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

We are pleased to announce a Recognition program as part of building the Microsoft Graph Security API community. With this program, contributors will be highlighted in the Microsoft Graph Security solutions GitHub contributors page for increased visibility and easy discovery of contributions. Furthermore, contributions for the month will be promoted via Blogs and Tweets. Contributions can be in the form of code in any language of your choice, scripts, playbooks, dashboards, notebooks and queries using the Microsoft Graph Security API.

We have expanded our existing list of samples to publish a set of curated sample queries that you can leverage in any Microsoft Graph Security integrated solution for richer context. We have also added more Jupyter/Azure notebooks and sample playbooks to the repo as well. Review the list of this and all Microsoft Graph Security samples in the GitHub repo.

The Microsoft Graph Security API connects multiple security solutions to enable easier correlation of alerts, provide access to rich contextual information, and simplify automation. This empowers organizations to quickly gain insights and take actions across their security products, while reducing the cost and complexity of building and maintaining multiple integrations. For further details on integrating with the Microsoft Graph Security API, learn about the API and access the schema.

 

Getting Started

You can start contributing sample code, scripts, playbooks, etc. using Microsoft Graph Security API now using the following guidelines. Refer to the Microsoft Graph Security API contribution workflow for more information.

  1. Create a new issue or reuse an existing issue to track the work.
  2. If you are contributing to an existing sample or plan to add a new sample, mention that in the issue and assign the issue to yourself.
  3. Create a personal fork of the GitHub repo. Some of the code samples are on separate GitHub repos and links to these are consolidated in the solutions GitHub repo.
  4. Create a branch off master.
  5. Make and commit your changes.
  6. If it’s a code sample, build the sample with your changes and ensure build is clean and sample works as expected.
  7. Create a pull request (PR) against the upstream repository’s master branch.

Microsoft team and community members will provide feedback on your changes and Microsoft team will merge your change.

 

What types of samples can I contribute?

Microsoft Graph Security API supports different integration options as illustrated below. Samples are available to support each of these integration formats and you can contribute more samples to build out a richer set for the community.

 

ConnectivityOptions.pngMicrosoft Graph Security API Integration Options

You can contribute the following types of samples leveraging these integration options. Check out existing samples linked below to learn and contribute.

What’s next? We really look forward to seeing you in the contributor’s list! Please share your feedback by filing a GitHub issue.

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

The above was provided from Microsoft Security and Compliance blogs at TechCommunity

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

Use Supervision to monitor email, Microsoft Teams, manage risk, meet regulatory requirement and more

The volume and variety of today’s electronic communications are causing many organizations to struggle to meet their communications monitoring and compliance obligations and we’ve heard your concerns about the need to simplify and streamline compliance tools in the modern workplace. Today, we’re rolling out a new supervision solution to support your organization’s compliance needs and journey.

For a quick overview of Supervision policies, see the Supervision policy video on the Microsoft Mechanics channel.

Scenarios for Supervision

Monitoring digital communications is critical to mitigating conduct, reputational, and financial risks. Organizations require a supervision system that meets both business control needs and regulatory compliance requirements. Our supervision solutions help you address the following concerns:

  • Corporate policies: employees must comply with acceptable use, ethical standards, and other corporate policies in all business-related communications. Supervision can detect policy violations and help you take corrective actions to help mitigate these types of incidents. For example, you could monitor your organization for potential human resources violations such as harassment or the use of inappropriate or offensive language in employee communications.
  • Risk management: organizations are responsible for communications distributed through corporate systems. Implementing a supervision program helps identify and manage legal exposure and other risks before they damage corporate reputation and operations. For example, you could monitor your organization for unauthorized communications for confidential projects such as upcoming acquisitions, mergers, earnings disclosures, reorganizations, or leadership team changes.
  • Regulatory compliance: most organizations must comply with some type of regulatory compliance standards as part of their normal operating procedures. These regulations often require organizations to implement some type of supervisory or oversight process for messaging that is appropriate for their industry. The Financial Industry Regulatory Authority (FINRA) Rule 3110 is a good example of a requirement for organizations to have supervisory procedures in place to monitor the activities of its employees and the types of businesses in which it engages. Another example may be a need to monitor broker-dealers in your organization to safeguard against potential money-laundering, insider trading, collusion, or bribery activities. Supervision policies can help your organization meet these requirements by providing a process to both monitor and report on corporate communications.

New in Supervision

With Supervision policies, you can monitor internal or external Exchange email,  Microsoft Teams chats and channels, or 3rd-party communication in your organization. Listed below are key new features in our integrated Supervision solution that reduce the need to export Microsoft 365 data for compliance management or review.

Intelligent policies

  • Intelligent filters (in private preview): the offensive language data model helps identify inappropriate language by leveraging machine learning and artificial intelligence to identify communication patterns over time.
  • Sensitive information types: you can now leverage either the 100 sensitive information types (financial, medical and health or privacy) such as credit card or social security number or custom data types such as your own custom dictionary/lexicon to flag content for review, or a combination of both.
  • Advanced message filters: with domain and retention labels conditions you can now include or exclude emails based on domains and include or exclude emails based on their retention labels.

Policy creation

Efficient reviews

  • Integrated review: you can now easily review, tag, comments and resolve items flagged for review within the Security & Compliance Center using your favorite browser. If needed, you can also continue to manage flagged items using Microsoft Outlook and Outlook on the web.
  • Bulk resolve: within the new built-in review feature in the Security & Compliance Center, you can easily tag, comment or resolve multiple items with just one click.

Supervision review

Defensible insights

  • Productivity reporting: Compliance officers can monitor and ensure items are being reviewed directly in the Security & Compliance Center.
  • Stay ready for audits: All review activities are now fully audited and policy tracking allows you to document the complete history of supervised employees, reviewers, and policy rules at any point in time.

These new supervision innovations, based on customer feedback and pain points with existing solutions, will help your organization more effectively manage compliance risk and the efficiently manage the ever-increasing volume of communications data. Going forward, we’ll continue to invest in intelligent policies to handle the growing volume communications data and to make compliance reviews more efficient to help save time & money.

 

“With Microsoft’s Supervision solution we can get a 360 view of our risk management portfolio to understand how employees in the firm are complying to policies and procedures. For example, with domain exclusions, we now create various policies to understand how our attorneys are communicating with internal and external parties.  We also set various supervision filters to capture data on engagement letter terms and SOWs to make sure employees are complying to the policies and levels of risks the partners have agreed to at the firm.“
— Chad Ergun, DGS Law’s CIO

 

Ready to get started?

Regardless of where you are in your compliance journey, there’s plenty of compliance solutions to explore and implement in Microsoft 365. Learn more about Supervision with Supervision policies in Office 365 and start implementing supervision policies with Configure supervision policies for your organization.

You can also engage with us in our Tech Community and provide additional feedback on UserVoice.

 

Frequently Asked Questions

Q:  What licenses are required to use Supervision?

A: All users monitored by supervision policies must have either a Microsoft 365 E5 Compliance license, Office 365 Enterprise E3 license with the Advanced Compliance add-on or be included in an Office 365 Enterprise E5 subscription. If you don’t have an existing Enterprise E5 plan and want to try supervision, you can sign up for a trial of Office 365 Enterprise E5.

Q: When will these updates be available for my organization?

A: We have started rolling out the new Supervision updates to Office 365 today and most customers should have access to the new features over the next several weeks.

Q: How can I join the Offensive Language private preview? 

A: Please email us at: supervisionolpreview@service.microsoft.com with a description of the use case you are trying to address and your tenant information (tenant ID or domain).We’ll review submissions and let you know if your tenant has been accepted in the program.

 

—Christophe Fiessinger, principal program manager Microsoft 365 Security & Compliance

New Records Management solution and machine learning updates come to Microsoft 365 Compliance

New Records Management solution and machine learning updates come to Microsoft 365 Compliance

The following is provided from Microsoft Security and Compliance blogs at TechCommunity:

Organizations today are looking for ways to harness digital transformation, while meeting complex regulatory or internal requirements and expectations that have not always evolved at the same pace as the modern workplace. Organizations seeking to simplify their compliance archive infrastructure, and regulatory solutions requirements are adopting Microsoft 365 to meet their enterprise information archive and compliance solutions requirements in place.

With today’s updates, organizations can now use Microsoft 365 for more of their data, use new solutions to meet regulatory requirements and benefit from intelligence to triage content for compliance or policy related purposes.

 

Now archive more data with new native connectors to third-party data

 

Use the new native connectors functionality to import non-Microsoft 365 data such as Facebook and Twitter into the Microsoft cloud for archival purposes. The first set of connectors enable social data, next business app data connectors will be available to connect to sources like Bloomberg and other business applications. Once the connector is established and social data is archived into Microsoft 365 it is then available to be utilized in common compliance scenarios.

NativeConnector.pngNow natively import third-party data for archival and compliance purposes.

Read more about how to take advantage of the connectors here

 

Streamline processes with new Records Management solution

 

Organizations of many types are required to identify, classify and maintain business records for certain regulatory requirements and or internal policy guidance. Public institutions and regulated entities often maintain vast archives of business records for years to meet strict requirements.

 

Now organizations can utilize a specific solution for Records Management requirements in the security and compliance center. Migrate and manage complex retention hierarchies across SharePoint, OneDrive for Business, Teams, Exchange and more with the file plan, establish event-based triggers and utilize the disposition review for deletion and export of the list of disposed items. Easily set tailored permissions to give access to the right people across business units for specific activities within the compliance center. Learn more about this solution here

fileplan.pngMigrate and manage hierarchical retention with file plan.

Disposition review provides options for bulk disposition, retention extensions, or re-classifications. Review disposed items and export a list to provide proof of disposal.

Disposition.pngDefensibly dispose of content with disposition review.

 

Support continuous collaboration with New Advanced Records Versioning feature

 

In addition to the solution for Records Management, the public preview of the new advanced record versioning feature is now available. This feature enables continuous record declaration on selected versions of a single document, with one click a user creates a record and auto-stores record versions in a records repository, providing assurance that critical record versions are retained. This new capability brings together compliance and productivity to help organizations meet both sets of requirements.

Record Version.pngEnable collaboration and compliance with advanced record versioning.

 

 

Harness intelligence to identify content of interest with out of the box classifiers

 

Now you can put the machine learned data model for offensive language to work for your organization. This is the first out of the box classifier available to help manage the scale, volume and complexity of the data in your organization for specific compliance scenarios. Organizations are already setting up organization-wide policies to monitor offensive language in the workplace with machine learning that can detect the context and meaning behind common words and phrases.

 

Take a look at how this new technology works in the new Mechanics show on Supervision in Microsoft 365.

 

 

Offensive language is the first classifier coming to the Microsoft 365 compliance center, and we plan to release additional out of the box classifiers soon including attorney client privilege, resume and source code, and a classification assistant to enable organizations to create, train and establish their own intelligent classifiers for compliance outcomes.

 

Organizations are asking more of Microsoft 365 every day. Building these new capabilities into existing solutions helps organizations simplify their compliance processes and infrastructure with integrated and intelligent capabilities that span communications and collaboration technologies.

 

Learn more about how this works today, start an E5 trial or navigate to the Microsoft 365 Compliance Center to get started.

 

Thank you to Shilpa Ranganathan, Principal PM Lead, Microsoft 365 Compliance for delivering today’s post

 

The above was provided from Microsoft Security and Compliance blogs at TechCommunity