Introduction :
Office 365 became Microsoft 365 now with several other additional services, that includes Windows 10 Enterprise, Enterprise mobility & security services. Similarly, Office 365 Security & Compliance became Microsoft 365 Security Center and Compliance Center. In the old Office 365 portal, you can see Security & Compliance in the same portal and is a separate portal in Microsoft 365 as Microsoft 365 Security Center & Microsoft 365 Compliance Center with additional security and compliance features added. Attached screenshots show how Office 365 Security and Compliance portal looks like and new separate Microsoft 365 Security Center & Microsoft 365 Compliance Center is changed now.
Office 365 Security & Compliance portal
Microsoft 365 Security Center portal
In this blog, we can see an overview of Microsoft 365 Security Center and its components in detail separately. A Global Administrator, Security Administrator, Security Operator, or Security Reader in Azure Active Directory can access the Microsoft 365 security center.
Access URLs
Office 365 Security & Compliance portal
https://protection.office.com/homepage
Microsoft 365 Security Center portal
https://security.microsoft.com/homepage
Microsoft 365 Compliance Center portal
https://compliance.microsoft.com/homepage
Microsoft 365 Security Center
What is Microsoft 365 Security Center?
According to Microsoft documentation definition, Microsoft 365 Security Center is the new home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. Here an administrator can easily view the security health of their organization, act to configure devices, users, and apps, and get alerts for suspicious activity. The Microsoft 365 security center is specifically intended for security admins and security operations teams to better manage and protect their organization.
Microsoft 365 Security Center broadly classified into these components under its card section on the home page:
- Alerts
- Reports
- Secure Score
- Classification
- Policies and
- Permissions
Alerts – Provides greater visibility on all Microsoft 365 environments, that includes alerts from Microsoft Cloud App Security, Office 365 ATP, Azure AD, Azure ATP, and Microsoft Defender ATP. Available to E3 and E5 customers. A sample alert from Office 365 ATP is shown below.
On clicking each alert, you will get the detailed information of each alert on the same screen
Reports – You can view security trends and track the protection status of your identities, data, devices, apps, and infrastructure. This includes the information under separate labels and can be categorized as Group by Category or Group by topic.
Group by category Labels are detailed below
Identities – Users at risk and Global Admins
Reports Users at risk on Office365 and Azure users provided permission to use Office 365 licenses. Provided risk levels – Low, Medium, and High.
You can take action based on the risk level such as confirm user(s) compromised, dismiss users’ risk, change password, and block users by selecting individual users.
Global Admins – Reports Azure AD roles for Global admin activities
Data – Users with most shared files and Third-party DLP matches, and you require a separate subscription “Microsoft CloudAPP security” to view these details.
Devices – Devices at Risk & Device compliance and Devices with active Malware.
Devices at Risk – For getting these reports administrator to require a Microsoft Defender ATP license
Device compliance – This opens Device compliance blade in Azure, and you can do the following actions – manage, monitor and set up in Azure
Manage – Administrator can view reports based on Policies, Notifications, Retire Non Compliant devices and Locations
Monitor – Administrator can view reports and do the action for – Non Compliant devices, Devices without compliance policy, Setting Compliance, Policy Compliance, Windows health attestation report, and Threat agent status.
Setup – Administrator can setup Compliance policy settings, Microsoft Defender ATP, Mobile Thread Defence, and Partner device management
Devices with Active Malware – This shows reports on devices with malware detection. Ensure devices don’t have active, unremediated malware. Check if users have allowed malware to run or if the devices have pending restarts, rescans, or other manual cleanup actions.
Device threat analytics – This requires Microsoft Defender ATP license to view in detail.
Users with malware detections – Administrator can filter based on the user who owns the devices with malware detection.
Apps – Privileged OAuth Apps Cloud Apps accounts for review and Discovered Cloud Apps
Secure Score – Microsoft Secure Score analyzes the protection state of your identities, data, devices, apps, and infrastructure. More your score, more your infrastructure is protected. The secure score portal shows an Overview, historical score over time in a graph, and way to improve the score on various actions carried out by the Administrator
Overview – This shows overall secured score of the Microsoft Infrastructure based on individual scores achieved on the below items
Identity – Protection state of your Azure AD accounts and roles
Data – Protection state of your Office 365 documents
Device – Protection state of your devices
Apps – protection state of your email and cloud apps
Infrastructure – Protection state of your Azure resources
You can also update your secure score through Microsoft Graph API from the last 90 days of data periodically
Improvement action
Below are the actions carried out by the Global administrator / Exchange Administrator on various activities, each carries scores based on User impact running from 1 to 50 marks. Here are some of the activities shown with higher scores detailed below.
Require MFA for the administrative role – By implementing MFA for administrative role, your secure score increase by 50 points and is ranked 1
Ensure all users can complete MFA for secure access – By implementing MFA for all users, your secure score increase by 30 points and is ranked 12
Turn on sign-in risk policy – Implementing sign-in policy for all users will increase your secure score by 30 points and is ranked 58
Turn on user risk policy – Implementing this policy for all users will increase the secure score by 30 points and is ranked 59
Apply Data loss prevention policies – Implementing these policies for all users will increase the secure score by 20 points and is ranked 54
Enable policy to block legacy authentication – Preventing old age vulnerable authentication will increase secure score by 20 points and is ranked 68
Enable password Hash Sync if hybrid – If hybrid user’s authentication password sync done through hashing will increase secure score by 20 points and is ranked 9
Do not expire passwords – This setting increase secure score by 10 and is ranked 33
Note: Ranking is based on the order Microsoft suggests taking these actions due to security value
History – shows the current trend in the graph for the mentioned period 7 days or 30 days or 30 days or Custom date range. This will give you a graphical comparison on your Office 365 tenant Microsoft infrastructure with similar seat count & Global average
Classification – Help protect data loss by adding labels to classify documents, email messages, documents, sites, and more. When a label is applied (automatically or by the user), the content or site is protected based on the settings you choose. For example, you can create labels that encrypt files, add content marking, and control user access to specific sites. This comprises four sections viz Sensitivity labels, Retention labels, Sensitivity info types, and Label analytics.
Sensitivity labels – Sensitivity labels are used to classify email messages, documents, sites, and more. When a label is applied (automatically or by the user), the content or site is protected based on the settings you choose. For example, you can create labels that encrypt files, add content marking, and control user access to specific sites.
Sensitivity label policies – Create sensitivity label policies to publish one or more labels to your users’ Office apps (like Outlook and Word), SharePoint sites, and Office 365 groups. Once published, users can apply the labels to protect their content
Retention labels – When published, retention labels appear in your users’ apps, such as Outlook, SharePoint, and OneDrive. When a label is applied to email or docs (automatically or by the user), the content is retained based on the settings you chose. For example, you can create labels that retain content for a certain time or ones that simply delete content when it reaches a certain age
Retention label policies – Create retention label policies to either publish or auto-apply labels. When you publish labels to locations such as Outlook and SharePoint, users can manually apply the labels to retain their content. When you auto-apply labels, users will see the labels automatically applied to content that matches your conditions (such as content containing specific sensitive info).
Sensitive info types – The sensitive info types here are available to use in your security and compliance policies. These include a large collection of types we provide, spanning regions around the globe, as well as any custom types you have created. There are 100 items here, and you can create a custom info type by clicking + sign.
Label analytics – Stay informed on how retention and sensitivity labels are being used to classify, retain, and protect your organization’s content in the cloud. Get insights into how content is being labeled, including which labels are used most, who’s been applying them, what emails and files they’re being applied to, and more.
Policies – Set up policies to manage devices, protect against threats, and receive alerts about various activities in your organization
Policy types include 11 items and are categorized under
Alert – Office 365 alert & Cloud App Security
Device – Device security, Device configuration & Device compliance
Threat protection – Anti-malware, ATP anti-phishing, ATP safe attachments, ATP safe link, Anti Spam and DKIM
Permissions – Manage who in your organization has access to the Microsoft 365 security center to view content and perform tasks. You can also assign Microsoft 365 permissions in Azure Active Directory. Here the list shows already assigned various admin roles for the Microsoft Infrastructure
Conclusion :
The new Microsoft 365 is specifically intended for security administrators and security operation teams. These solutions are integrated across Microsoft 365 services and provide actionable insights to help reduce risks and safeguard Microsoft infrastructure including Office 365 and Azure. Using the above points any security administrator can understand each and every service operation to improve his knowledge and also improve the security, and reduce any risks.
Download Vembu Backup for Microsoft Office 365 and Protect your Office 365 Data!
Download the full-featured 30-day free trial of our latest version Vembu BDR Suite v4.2.0 and experience modern data protection for your Office 365 environment.
- Backup your Mails, Contacts, Calendars, and OneDrive items
- Recover data anywhere and anytime
- Restore domain or user-level data
- Store your data on-premise or in Vembu Cloud
Learn more and get started with Vembu Backup for Microsoft Office 365 here
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.