How to set up Microsoft Cloud App Security

This is Susan Bradley for CSO Online. I’m here to tell you about something that I think you need to add to any global admin account. for Office 365 or Microsoft 365. In order to track access. First off a little bit of background. Now the reason why I want you to take a little more time and effort to protect your global administrator accounts is that they’re being targeted. Recently on Krebs on security he pointed out that a managed service provider was targeted to attack their customers. As the story notes the attackers stole administrative credentials that the MSP used to manage client accounts with an Office 365. So what can you do to provide yourself with a little bit more protection for yourself and your clients. Well I’ve got some ideas. Microsoft already has some ideas. They’re going to mandate the use of multi factor authentication for any cloud service providers. But I have one more idea that I think you should look into. This is a service called. Cloud application security. Now you can add it to an existing subscription or if you happen to have an E5 subscription it’s default. You can purchase a single subscription and add it to any global administrative account. The way to set it up if you have a subscription to it is go into alerts. Click on manage advanced alerts. And you want to turn on Office 365 cloud app security. As you can see there is many different policies. The built in policies that are actually quite effective. We’re going to do a special custom policy and it’s quite easy to do. We’re first going to start out by clicking on create policy. And as you can see there’s many different templates that you can build on. There’s access policy activity. App discovery. Cloud Discovery bio policy. OAuth. App policy and social policy. We’re going to choose that type of custom alert we want to set. You can build an alert from an existing template or leave it blank to build a totally custom. If you want to block Loggins from a certain geographic region. You click on create policy and then we’re going to click on activity policy. We’re going to leave the policy template blank. We could choose a template but we’re going to leave it blank. We’re going to call the policy a name. In our case we’re going to call it geo blocking.

We’re going to put a description. We’re going to set the severity to high. We’re going to choose threat detection.

We’re going to choose single activity on the create filters. And now we’re going to select a filter. As you can see there’s many different filters down here. We’re going to pick location. And as you can see now we can pick all sorts of different countries. Or regions that we want to block. And I mean no disrespect to anyone. So if your country is being chosen down here I mean no disrespect to you. So I’m just going to pick, oh let’s pick. Malta. Again no disrespect intended. Then you want to create the type of alert. Send an email. Send a text message. You can even send an alert to something called Flow. I’ll go into that in an upcoming episode. For now I’ll just send a text message. You put your phone number in there. And then you’re going to pick what action occurs. In my case I’m going to pick Office 365 and. I’m going to say that it’s five times something comes in from this country and I don’t want it to be I’m going to suspend the user. And then once I’m done I’m going to hit create. You can also come up here and say edit and preview the results to see if any one is going to be impacted by this policy. We’re going to create.
And there you have it. There’s your customer alert for a certain geographic location. As you can see this is a very powerful tool. And again something that I recommend that any administrator for Office 365 consider adding to your subscription or if you haven’t enabled it please do so. Cloud application security can also be used to monitor different cloud applications. And identify hidden or secret I.T. events in your network. For example if somebody is using some application that they aren’t supposed to or aren’t authorized to do so this will tell that. Check it out. Microsoft cloud application security is a very powerful tool that you can add to your identification and detection arsenal. That’s it for now. This is Susan Bradley for CSO Online.

READ MORE HERE