How-to protect user in #Office365

How to protect against Cyber attacks and malicious attacks ? This one service Office365 can take your organization’s security to an extra mile.

Do you know that there are be default 28 policies in the Office365 Cloud App Security. These are very simple policies but they bring a lot value and their impact to protect your cloud environment is very high. You must enable these policies and see how power they are.

Microsoft CloudApp Security

You’d be surprised if you see the power of CloudApp security and not using this feature in your tenant. Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that operates on multiple clouds. Yes even outside Microsoft service, you can enable is against Google Drive and Drop and other known file shares. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.

The best feature is Impossible Travel , which is based on #AI and can monitor your or anyone in your organization for any impossible travel activity

Microsoft Cloud App Security and Multiple Hacking Attempts

A few weeks ago I’ve turned on Cloud App security feature in my Office 365 Subscription. I was surprised today when i started getting the alerts that there were some attempts made to login as my on my account. In less than two hours there were m15 attempts and they were all outside US and from an unknown device. First I didn’t know where it came from but when I logged on the links provided and I re-called that I did setup some policies a weeks ago.

As you can see below there were three email sent to me whenever there was an attempt made to hack into my account

Email Alerts

And here is the policy matched and alert was triggered

 

The Next Step – Review the alert

The next action was to Review the alert and investigate it. I was brought on to this page

 

What did I configure? It was not enabled by default

As I said above I created a policy while ago and based upon that now I’m getting these alerts

As you can see, in GOVERNANCE I’ve options to select the action.

Pro Tip !

Enable Multi-factor authentication