Presentation is loading. Please wait.

Presentation is loading. Please wait.

8/7/2018 11:28 AM BRK3198 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

Published byAnis Gilmore Modified over 6 years ago

Similar presentations

Presentation on theme: "8/7/2018 11:28 AM BRK3198 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office."— Presentation transcript:

1 8/7/ :28 AM BRK3198 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office 365 Information Protection Charu Puhazholi Senior Program Manager, Office 365 Information Protection © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Visibility into data is important
8/7/ :28 AM Visibility into data is important Data is exploding Cyberattacks are surging Internal threats are worming 2.5 billion $2.1 trillion 35% Activity logs generated by Office 365 users every day Cost of data breaches predicted globally by 2019 Insider data breaches take longer than a week to discover © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Security and Compliance workflow
8/7/ :28 AM Security and Compliance workflow Monitor Alerts Reports Insights Action Investigation Search Explorer Remediation Policy © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4   Efficiency Intelligence Across Office 365 8/7/2018 11:28 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Data platform and applications
8/7/ :28 AM Data platform and applications Security & Compliance Center (UX) Activity API Audit log search Alerts Insights Reports Explorer Application Auditing pipeline Security & Compliance Data Intelligence Platform Platform User and admin activities Mail Classification Threat data More… Data signal © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 What will we look at today?
8/7/ :28 AM What will we look at today? Auditing Alerts Explorer Demo – Alert & investigation Insights Reports Demo – Insights & reports Roadmap & Resources © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Use auditing to monitor and investigate user and admin activities
8/7/ :28 AM Use auditing to monitor and investigate user and admin activities © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Auditing User and admin activities Mail Classification Threat data
8/7/ :28 AM Auditing Security & Compliance Center (UX) User and admin activities Mail Classification Threat data Auditing pipeline Security & Compliance Data Intelligence Platform Activity API Audit log search More… Alerts Insights Reports Explorer Application Platform Data signal © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Auditing 6,000 2.5 billion events collected daily 19 million
Microsoft 2016 8/7/ :28 AM Threat Intel Auditing Teams 6,000 distinct events tracked 19 million active users searching 2.5 billion events collected daily Azure Active Directory SharePoint Online Security & Compliance Center Exchange Online Power BI © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Microsoft 2016 8/7/ :28 AM What data is audited? Exchange Online Admin activity, end-user (mailbox) activity SharePoint Online File activity, sharing activity Security and Compliance Center Admin activity Azure Active Directory O365 logins, directory activity Power BI Admin activity Microsoft Teams new Admin & end user activity Yammer new End user activity Sway new Admin & end user activity Customer Lockbox new Data center admin elevation activity Dynamics 365 new User and admin activity Microsoft Flow new User activity © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Office 365 Auditing Platform + Activity API
Microsoft 2016 8/7/ :28 AM Office 365 Auditing Platform + Activity API O365 services O365 services Azure Microservice O365 Substrate Applications Azure AD Exchange Online SharePoint & OneDrive for Business Security & Compliance Center Power BI mbx2 Tenant 2 shard1 shard2 shard3 Tenant 1 Tenant 3 Audit log search Security & Compliance Center Fast Channel Shredder Tenant 1 Service bus Tenant 2 Tenant 3 Slow Channel Search-UnifiedAuditLog PowerShell Microsoft OMS Microsoft CAS External partners Partners Activity API © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Use alerts to monitor your user and data
8/7/ :28 AM Use alerts to monitor your user and data © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Alerts User and admin activities Mail Classification Threat data
8/7/ :28 AM Alerts Security & Compliance Center (UX) User and admin activities Mail Classification Threat data Auditing pipeline Security & Compliance Data Intelligence Platform Activity API Audit log search More… Alerts Insights Reports Explorer Application Platform Data signal © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Alert pipeline and infrastructure
Microsoft 2016 8/7/ :28 AM Alert pipeline and infrastructure NRT Audit data Classification Mail flow Unified data Threat data Security and Compliance Intelligence Policy store Data store Alert policy evaluation Alert store REST API Intelligent service Data enrichment Integrated experience Alert notifications Security and Compliance Center View and manage alerts Manage alert policies © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 What alerts are available in S&CC?
8/7/ :28 AM What alerts are available in S&CC? System default alerts Elevation of Exchange admin privilege Malware campaign detected after delivery Malware campaign detected and blocked Unusual external user file activity Unusual volume of external file sharing Unusual volume of file deletion Creation of forwarding/redirect rule Unusual increase in reported as phish or junk/not junk Malware campaign detected in SharePoint and OneDrive User click on malicious link in Custom alerts User activities, malware and phishing attacks, submissions new new new new © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Create your own custom alert
8/7/ :28 AM Create your own custom alert Select activity to monitor Create forwarding rule Mailbox delegation User receives malware and more… Select the conditions User/Recipient Site/Document URL IP address and more… Select the threshold Single event alert Threshold Baseline anomaly © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Use explorer to investigate threats and risks
8/7/ :28 AM Use explorer to investigate threats and risks © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Explorer User and admin activities Mail Classification Threat data
8/7/ :28 AM Explorer Security & Compliance Center (UX) User and admin activities Mail Classification Threat data Auditing pipeline Security & Compliance Data Intelligence Platform Activity API Audit log search More… Alerts Insights Reports Explorer Application Platform Data signal © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 8/7/ :28 AM What is Explorer? An investigation tool with enhanced visualizations, filters and pivots Expands across , document and user activity Integrated experience with alerts, reports, remediation actions © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Explorer pipeline and infrastructure
Microsoft 2016 8/7/ :28 AM Explorer pipeline and infrastructure NRT Audit data Classification Mail flow Unified data Threat data Security and Compliance Intelligence Data store Elastic Search REST API Intelligent service Data enrichment Security and Compliance Center Integrated experience Explorer Alert workflow Report workflow Tracker/Saved query Saved query © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 What data are available in explorer?
8/7/ :28 AM What data are available in explorer? All Malware attack in Malicious links in Submission of malware, phish and spam s Document Malware in SharePoint and OneDrive Classification Activity Risky content activity Risky user activity All activity new new new new new new new © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Demo: Alert + investigation
8/7/ :28 AM Demo: Alert + investigation Binyan Chen © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Insights Reports 8/7/2018 11:28 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Areas of Focus Intelligence powered insights
Identity & access management Areas of Focus Threat protection Intelligence powered insights Reduce total cost of ownership Protection beyond Office 365 Platform Information protection Security management Compliance solutions

25 Use insights to identify key focus areas and take action
8/7/ :28 AM Use insights to identify key focus areas and take action © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 ENABLING OUR CUSTOMERS TO
8/7/ :28 AM ENABLING OUR CUSTOMERS TO DETECT RESPOND PROTECT © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 8/7/ :28 AM What are insights? Cloud powered intelligence that allows you to focus on the high priority issues Associated recommended actions that enable you to resolve problem areas Interconnected and enriched investigation experiences that recommend associated data to look at © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Types of insights Interfaces Policy violations Spam Malware
Unusual user activity Mail flow optics and TLS Interfaces Reports Mail flow dashboard Security dashboard © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Use reports to monitor trends on data and user activities
8/7/ :28 AM Use reports to monitor trends on data and user activities © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 What is available in reports?
8/7/ :28 AM What is available in reports? Security and Compliance center Out of box reports Reports dashboard © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Reports and dashboard Mail flow and trends Malware Spam and Spoof
Advanced Threat Protection Data Loss Prevention © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 What is new in reports? Out of box reports
8/7/ :28 AM What is new in reports? Security and Compliance center Out of box reports Scheduling/ Request report options new Scheduling management and download dashboards new Reports dashboard © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Manage and download Manage and edit configurations
8/7/ :28 AM Manage and download Manage and edit configurations Download custom and scheduled reports © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 What is new in reports? Out of box reports
8/7/ :28 AM What is new in reports? Security and Compliance center Out of box reports Scheduling/ Request report options Insights driven smart reports new new Security and Compliance digests new Scheduling management and download dashboards new Reports dashboard © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Smart reports and notifications
8/7/ :28 AM Smart reports and notifications Cloud intelligence powered smart reports Remediation and recommendations Information at your finger tips with summary digests © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Data platform User and admin activities Mail Classification
8/7/ :28 AM Data platform Security & Compliance Center (UX) User and admin activities Mail Classification Threat data Auditing pipeline Security & Compliance Data Intelligence Platform Activity API Audit log search More… Alerts Insights Reports Explorer Application Platform Data signal © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Reports and Insights – data pipeline
Microsoft 2016 8/7/ :28 AM Reports and Insights – data pipeline Unified data Intelligent service Integrated experience Security and Compliance Intelligence REST API/ Cmdlets Security and Compliance Center Audit data Data pipeline Aggregation Raw data store Reports store Reports Dashboards Mail, document data Processing Insights store Threat, spam data Scheduled and custom reports requests Mapping Compliance, classification Digest Report notifications © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Demo: Reports + Insights
8/7/ :28 AM Demo: Reports + Insights Charu Puhazholi © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 Recap New workloads in Auditing
8/7/ :28 AM Recap New workloads in Auditing New system default alerts, custom alert capabilities New explorer data types for investigation New reports and scheduling and download capabilities New insights and intelligence across Security and Compliance © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40 Roadmap Intelligence Organization efficiency Services
8/7/ :28 AM Roadmap Intelligence Security and Compliance Organization efficiency Services © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 Roadmap Richer, customized insights
8/7/ :28 AM Roadmap Intelligence Richer, customized insights More out of box smart reports and alerts Alert on breach detection and investigation Data extension to newer services Bringing more data into Near Realtime ingestion More… Security and Compliance Organization efficiency Services © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Related sessions Code Name Time Location BRK3093
Keep what you need but don’t horde everything with intelligent data governance in Office 365 Tuesday, September 26 9:00 AM - 10:15 AM OCCC W221 THR2032 The utility belt for managing security and compliance in Office 365 12:05 PM - 12:25 PM OCCC South – Expo Theater #8 BRK3136 Office 365 Security and Compliance Overview 12:30 PM - 1:45 PM OCCC W414 BRK3198 Monitor and investigate actions on your user and data with alerts, insights and reports Wednesday, September 27 10:45 AM - 12:00 PM OCCC W230 BRK3126 Stay Ahead of the Cyberattacks with Office 365 Threat Intelligence Thursday, September 28 2:15 PM - 3:30 PM BRK3082 Anti-phishing with Office 365 Advanced Threat Protection 4:00 PM - 5:15 PM OCCC W304 BRK3111 Keeping your sensitive data secure in Office 365 with Data Loss Prevention Friday, September 29 OCCC W311 BRK2090 Insights into your Office 365 Mail Flow OCCC W315 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43 8/7/ :28 AM Q/A © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44 Please evaluate this session
Tech Ready 15 8/7/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

45

Download ppt "8/7/2018 11:28 AM BRK3198 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office."

Similar presentations

Microsoft Ignite 2016 10/1/ :41 PM BRK3249

Microsoft Ignite /1/ :41 PM BRK3249
Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
Enterprise Security in Practice

Enterprise Security in Practice
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
Cloud Security IS Application-Centric Security

Cloud Security IS Application-Centric Security
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
6/17/2018 10:27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.

6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Office 365 Groups Governance and Compliance

Office 365 Groups Governance and Compliance
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,

6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Decoding audit events in Microsoft Office 365

Decoding audit events in Microsoft Office 365
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
Build data-driven solutions using Microsoft Visio

Build data-driven solutions using Microsoft Visio
Office 365 Customer Key Jaclynn Hiranaka Senior Program Manager

Office 365 Customer Key Jaclynn Hiranaka Senior Program Manager
Understanding Multi-Geo Capabilities in Office 365

Understanding Multi-Geo Capabilities in Office 365
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP
Location – the next frontier in analytics

Location – the next frontier in analytics

Similar presentations

Ads by Google