{"id":14055,"date":"2018-06-06T00:00:00","date_gmt":"2018-06-06T05:00:00","guid":{"rendered":"https:\/\/centricconsulting.com\/post\/operations-monitoring-office-365_portal\/"},"modified":"2023-09-07T16:42:45","modified_gmt":"2023-09-07T20:42:45","slug":"operations-monitoring-office-365_portal","status":"publish","type":"post","link":"https:\/\/centricconsulting.com\/blog\/operations-monitoring-office-365_portal\/","title":{"rendered":"Asset Protection: Operations and Monitoring in Office 365"},"content":{"rendered":"<h2 style=\"text-align: center;\"><em>In the final post of this series, we highlight the importance of designating operational support and service monitoring guidelines for Office 365.<\/em><\/h2>\n<p><img decoding=\"async\" class=\" wp-image-46639 aligncenter\" src=\"https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations-300x157.jpg\" alt=\"\" width=\"570\" height=\"298\" srcset=\"https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations-300x157.jpg 300w, https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations-1024x535.jpg 1024w, https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations-768x401.jpg 768w, https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations-1536x803.jpg 1536w, https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations-600x314.jpg 600w, https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations-992x518.jpg 992w, https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations-1200x627.jpg 1200w, https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations-850x444.jpg 850w, https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations-750x392.jpg 750w, https:\/\/centricconsulting.com\/wp-content\/uploads\/2018\/06\/FB-Asset-Protection-Operations.jpg 1600w\" sizes=\"(max-width: 570px) 100vw, 570px\" loading=\"lazy\" \/><\/p>\n<p class=\"intro-text\">Have you just been handed your Office 365 tenant and been told to <a href=\"https:\/\/support.office.com\/en-us\/article\/common-management-tasks-for-office-365-46c667f7-5073-47b9-a75f-05a60cf77d91\" target=\"_blank\" rel=\"noopener noreferrer\">support<\/a> it?<\/p>\n<p>Hopefully not, but in smaller environments, I can see the potential for that happening.<\/p>\n<h2>Operational Support Structure<\/h2>\n<p>If you\u2019re a large enough organization, you are likely transitioning teams from their on-premises duties to <a href=\"https:\/\/support.office.com\/en-us\/article\/about-office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d\" target=\"_blank\" rel=\"noopener noreferrer\">new cloud responsibilities<\/a>. We typically recommend the following guideline for a support team: <b><\/b><\/p>\n<ul>\n<li>.2% of the organization\u2019s supported community \u2013 that\u2019s two support people for 1,000 users<\/li>\n<\/ul>\n<p>When we work with clients to plan, rollout, or remediate Office 365, we look at the IT structure as a whole, the number of users, what workloads are being rolled out, and how current support structures can be modified for the cloud.<\/p>\n<p>Your first-level help desk will be key in taking some of the repetitive tasks away from your admins, and a knowledge base that is kept up-to-date will provide a reference to help them.<\/p>\n<p>If you are the help desk <i>and<\/i> the global admin, keep a knowledgebase for yourself in a SharePoint list for easy reference.<\/p>\n<h2>Service Availability Monitoring<\/h2>\n<p>It\u2019s up to us as consumers to ensure we are aware of the level of service we can expect, and that we are monitoring the availability of our own tenants.<\/p>\n<p>If you have a service fall below the SLA documented by Microsoft, you will need to have some proof of that outage. Keep an eye on the Service Health dashboard in the Admin Center. Need service SLA documentation? <a href=\"https:\/\/www.microsoftvolumelicensing.com\/DocumentSearch.aspx?Mode=3&amp;DocumentTypeId=37\" target=\"_blank\" rel=\"noopener noreferrer\">Click here<\/a>.<\/p>\n<p>Service incidents can be found in your Office 365 Admin Portal and come in two varieties:<\/p>\n<ul>\n<li><strong>Planned maintenance events:\u00a0<\/strong>Planned maintenance is regular Microsoft-initiated service updates to the infrastructure and software applications. Planned maintenance notifications inform customers about service work that might affect the functionality of an Office 365 service. Customers are notified no later than five days in advance of all planned maintenance through Message Center on the Office 365 Admin Portal. Microsoft typically plans maintenance for times when service usage is historically at its lowest based on regional time zones.<\/li>\n<li><strong>Unplanned downtime:\u00a0<\/strong>Unplanned service incidents occur when one of the services in the Office 365 suite is unavailable or unresponsive.<\/li>\n<\/ul>\n<p>Monitor the message center at least weekly, if not more often, for updated change notifications, any actions required and expected outages. The Security and Compliance center has default alert policies configured to send admins email messages in a variety of circumstances such as: a mail flow rule has been created, malware is detected, an unusual volume of email has been detected, unusual external user activities have been detected and more.<\/p>\n<p>The Security and Compliance center dashboard is a good place to start for a visual look at anomalies. Take a look at the landing page and the Threat Management section for daily graphs of activity.<\/p>\n<p>Besides the Admin portal you can also use the following to monitor service availability:<\/p>\n<ul>\n<li>Office 365 Admin App<\/li>\n<li>Add-in for Office 365 for System Center<\/li>\n<li>The service communication API<\/li>\n<li>Third party provider of monitoring solutions<\/li>\n<\/ul>\n<h2>Enhancing Monitoring and Supportability<\/h2>\n<p>If you are interested in enhancing the out-of-the-box security monitoring, check out <a href=\"https:\/\/support.office.com\/en-us\/article\/overview-of-office-365-cloud-app-security-81f0ee9a-9645-45ab-ba56-de9cbccab475?ui=en-US&amp;rs=en-US&amp;ad=US\" target=\"_blank\" rel=\"noopener noreferrer\">Cloud App Security<\/a>, an app available with an Azure AD Premium P2 license or an EM+S E5 license. This gives you further insight into activity, app use, alerts, and log review among other tasks. It allows you to create policies from templates or from scratch that give you deeper insight into shadow IT, allowing you to better control where sensitive information is being held.<\/p>\n<p>Another security enhancement available in the same subscriptions as Cloud App Security is Identity Protection. Identity protection is a collection of algorithms that determine if a user sign-in is risky or not. If you\u2019re already using conditional access, you can setup access to be denied if Azure determines the sign-in to be of a risky nature. This will take some testing but you can at least determine if the sign-ins are coming from unknown IP ranges (those not associated with a country) or if the sign-ins involve impossible travel (you can\u2019t sign in from an IP address in London and five minutes later sign in from a different IP address in New York).<\/p>\n<p>These monitoring and operations tasks usually take a few months to settle into the work pace set by your organization, so be flexible early on and also very attentive. You should quickly find repetitive tasks that you can manage and automate more effectively using <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/enterprise\/powershell\/manage-office-365-with-office-365-powershell\" target=\"_blank\" rel=\"noopener noreferrer\">PowerShell<\/a> or other third party add-ins. Almost anything you can do with the UI you can customize and do through PowerShell. If the built-in reports don\u2019t offer the data to meet the need of a specific report request, the information is usually available from the output of a script. You must be a global admin to use PowerShell with Office 365.<\/p>\n<h2>Final Thoughts<\/h2>\n<p>I hope that you have enjoyed this series of blogs about Office 365 security. I\u2019ve tried to synthesize a large amount of information into bite-sized pieces for easy consumption, but if you need more or deeper information, please let me know.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We highlight the importance of designating operational support and service monitoring guidelines for Office 365.<\/p>\n","protected":false},"author":147,"featured_media":21739,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[1],"tags":[18559,19110],"coauthors":[15625],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2024-07-22 09:31:33","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"_links":{"self":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts\/14055"}],"collection":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/users\/147"}],"replies":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/comments?post=14055"}],"version-history":[{"count":0,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts\/14055\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/media\/21739"}],"wp:attachment":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/media?parent=14055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/categories?post=14055"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/tags?post=14055"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/coauthors?post=14055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}