Microsoft’s new Office 365 security tool spotlights rogue cloud apps

The new product is part of Microsoft's Cloud App Security portfolio, which is based on technology it acquired from Adallom and can be used to control the use of unauthorised cloud apps — so-called ‘shadow IT’ — within a network.

Microsoft announced Cloud App Security in February, flagging its capabilities would be coming to Office 365 in the future. Cloud App Security arrived in April to help customers manage shadow IT in general, whereas Advanced Security Management caters specifically to those risks in Office 365 environments.

The three key features of Advanced Security Management for Office 365 include the ability to spot unusual usage and security incidents, more controls over Office 365 data, and the ability to see how employees are using Office 365 and so-called shadow IT.

Microsoft is rolling out the feature as a free add-on as well as a paid service, depending on the tier of Office 365 that they subscribe to. Advanced Security Management is bundled with Microsoft’s top tier Office 365 E5 users, while other Office 365 enterprise plans can buy it for $3 per user, per month.

“The threat detection and activity policy creation features are rolling out to Office 365 E5 customers worldwide starting today. The ability to view an application’s permissions into Office 365 and the application discovery dashboard will be available by the end of the third quarter of 2016,” Microsoft said.

Feature wise, the threat detection capability will allow admins to set up flags for anomalies, which work by scanning user activities and weighing risk based on indicators such as log-ins over time based on the user’s location. It also includes behavioural analytics to spot odd behaviour within Office 365.

Tech admins can also use templates to create policies that flag suspicious behaviour such as when a person is downloading an unusually large amount of data, or has multiple failed sign-in attempts from an unusual IP address. Admins will have the choice to cut off a user immediately or suspend activity if it looks risky. It will also display to admins which third-party apps are connected to and have access to Office 365 data.

Admins will also have the ability to see how data flows to OneDrive for Business, Box, Dropbox and other cloud storage providers.

And Microsoft stresses that these oversight capabilities are possible without installing an agent on end-user devices.