My slides can be found here on SlideShare:
Securing Office365 with Activity Monitoring - SharePoint Saturday San Antonio 2016 from AntonioMaio2
If you'd like to download the presentation please click the link just below the embedded presentation. Those who have seen my previous posts on this blog will see that I previously posted a presentation on this topic. Microsoft has updated the Activity Monitoring feature in the Office 365 service in the last 2 months and this presentation is updated to take those updates into account.
As mentioned, Activity Monitoring is just 1 important part of securing our enterprise content management environments, but its not a "set it and forget it" activity. Making real use of activity monitoring to help improve the security of our systems requires the right policies and procedures in place, and it requires active management and regular review of the logs. It also requires getting the logs into some form that is not too labor intensive to retrieve, format and review. I typically recommend the following policies:
- Review privileged user (administrator) access quarterly
- Review user access annually
- Taking a sample of users
- Developing some automated scripts or code which extract specific anomalies in the logs, like if you've identified where sensitive content exists and looking specifically for access to those areas
There were some really good questions about how you might use PowerShell to extract specific details out of the activity logs. I'm working on a simple script to do just that now, which I'll try to post later this week.
Enjoy.
-Antonio
Great. I think such security is very useful and needed. I also use data room for deals and data storage. here is virtual data room review.
ReplyDelete