Follow me on Twitter @AntonioMaio2

Monday, April 4, 2016

Securing Office 365: Activity Monitoring

Thanks to everyone that attended my session this weekend at SharePoint Saturday San Antonio.  Thank you also to the organizers of this great event!  I really enjoyed giving the session on Office 365 Activity Monitoring and was very happy that the audience was so engaged!  Great Questions!
My slides can be found here on SlideShare: 

If you'd like to download the presentation please click the link just below the embedded presentation.  Those who have seen my previous posts on this blog will see that I previously posted a presentation on this topic.  Microsoft has updated the Activity Monitoring feature in the Office 365 service in the last 2 months and this presentation is updated to take those updates into account.

As mentioned, Activity Monitoring is just 1 important part of securing our enterprise content management environments, but its not a "set it and forget it" activity.  Making real use of activity monitoring to help improve the security of our systems requires the right policies and procedures in place, and it requires active management and regular review of the logs.  It also requires getting the logs into some form that is not too labor intensive to retrieve, format and review.  I typically recommend the following policies:
  • Review privileged user (administrator) access quarterly
  • Review user access annually
Depending on the number of users in your environment, the annual access review may or may not be very practical so you may have to find some ways to make it practical, like:
  • Taking a sample of users
  • Developing some automated scripts or code which extract specific anomalies in the logs, like if you've identified where sensitive content exists and looking specifically for access to those areas
There are lots of other ways to make this practical, but it will likely require some serious work to put these practices into place in your specific business environment.

There were some really good questions about how you might use PowerShell to extract specific details out of the activity logs.  I'm working on a simple script to do just that now, which I'll try to post later this week.


1 comment:

  1. Great. I think such security is very useful and needed. I also use data room for deals and data storage. here is virtual data room review.