Microsoft has continued to expand its security stack, making enterprise-level security capabilities available to growing businesses that need a scalable method for managing data governance and compliance. Recently, they launched a public preview of the improved Microsoft 365 Security Center, which is envisioned to be your one-stop-shop for monitoring and managing security across Microsoft identities, data, devices, apps, and infrastructure. It is designed to consolidate functionalities from existing Microsoft security platforms, like Microsoft Defender Security Center and the Office 365 Security & Compliance Center, and includes:
- Microsoft 365 Defender: Uses the Microsoft security portfolio to analyze threat data across various domains and consolidate this information into a single dashboard for a big-picture view of the attack.
- Microsoft Defender for Endpoint: focuses on preventing, detecting, investigating, and responding to threats across your organization’s various devices and endpoints.
- Microsoft Defender for Office 365: Protects email and Office 365 resources using threat prevention, detection, investigation, and “hunting” features.
In other words, the new Microsoft 365 Security Center helps security teams more effectively detect and respond to attacks by consolidating data and alerts across various workloads into one platform for managing incidents and alerts, threat hunting, proactive and reactive remediation, and threat analytics. Microsoft 365 Defender integrates data from Microsoft Defender for Identity, which is scheduled to roll out a few new compliance features worth noting. Many of these new features in this article are centered around risk management and focus on shortening the time between breach detection and incident response. Additional features enable companies to streamline data security efforts and reduce the time spent maintaining regulatory standards by leveraging advanced compliance controls and activity audit logs. These compliance solutions are integrated within Microsoft 365 Compliance Center, which is expecting some improvements of its own that we will cover later in this post.
Audit Log of Administrative Activity: Know Who Changed the Admin Settings & When
In June 2021, Microsoft will add new auditing capabilities to its Microsoft Defender for Identity. These new additions will enable admins to track most activities around setting and configuration changes via a comprehensive audit log published in the Microsoft 365 Security and Compliance Center. Your global network admin, or the administrative level on the Microsoft 365 side, will be able to access an Advanced Audit log of activity types that archive, in real-time, who is making changes within the administrative settings and configurations and when. To access Advanced Audit in Microsoft 365, you need an Office 365 E5/G5 or Microsoft 365 Enterprise E5/G5 subscription.
Microsoft Panel Change Alerts and Auditing: Identify & Investigate Changes
Other functionalities within Microsoft Defender for Identity also allow your IT team to receive alerts when a change has been made inside the panel such as:
- Assigned admin privileges in Exchange Online
- File deletion
- External file sharing
- Phishing campaigns
- Malware attacks
- And additional specified activities
This information will provide security teams with a full alert and investigation experience natively in the Microsoft 365 Security Center. So, if an unusual change is made to an account’s permissions from an unusual location across the world, alerts can notify your IT team for faster threat detection and response. The full alert experience in the M365 Security Center is scheduled to roll out in March 2021.
Source: Microsoft
Automate the Detection of Suspicious Additions to Sensitive Groups
Microsoft plans to roll out another Microsoft Defender for Identity update in March 2021. The update is designed to add new logs to the detection logic for “normal” activity, improving the detection of suspicious changes within an organization’s environment. This eliminates the need to continually reestablish a baseline as alerts are received and enables your organization to act on alerts that could signal a breach or insider threat to sensitive groups. The alerts are quicker to set up, and you do not have to spend time identifying what is considered to be normal activity within a specific span of time. For example, if the AI logic detects that people outside of the U.S. are accessing your data, or are making changes, it will alert you of an attack and a potential insider threat because the behavior falls outside the bounds the AI has determined to be “normal” activity. All that the AI is doing is utilizing data that is already there to set an appropriate baseline, so you don’t have to waste time confirming the issue instead of addressing it.
Microsoft Compliance Center: 3rd Party Data Connectors Compliance Controls
The Microsoft Compliance Center is a specific space that Microsoft developed to help you determine your secure score, which is designed to identify, from an organization standpoint, how compliant are you operating at an individual and/or a security group level. Microsoft is working on implementing new features to help expand the Microsoft 365 Compliance Center’s capabilities via third-party data connectors for Zoom meetings, Facebook, AT&T Network, Android, and more! Microsoft’s target launch date for general availability is March 2021. As your organization starts operating outside the confines of Microsoft data, from social media, to document collaboration platforms, instant messaging apps, web pages, mailboxes, and more, this feature enables you to import and archive third-party data in Microsoft 365. In addition, you can apply a variety of M365 compliance solutions to this data once it has been imported, such as:
- Litigation Hold
- eDiscovery
- Retention Settings
- Records Management
- Communication Compliance
- Insider Risk Management
For example, you can set up a connector for Facebook Business pages that allows you to apply Microsoft 365 compliance features such as Litigation Hold, In-Place Archiving, Content Search, and more to the imported data. This feature gives you the ability to connect to and import that data while maintaining compliance regulations on both sides in one centralized platform. If your CPA firm undergoes an SEC audit, your marketing team can easily pull the archived data around company page posts, events, interactions, and more. IT security and compliance can be a challenge for businesses to maintain, especially when they’re not taking advantage of automation to save time on manual tasks and processes. Microsoft 365 offers businesses the ability to automate tasks like detecting unusual activity and maintaining change logs. However, it takes more than a one-time setup to make the most of these tools and maintain a compliant and protected IT environment moving forward. With the right level of IT consulting and strategic planning, we can help your business configure Microsoft 365’s compliance and security features to meet the needs of your unique business. Schedule time to speak with a member of our team for more information on how we can help you maximize the value of Microsoft 365.