Introducing Security Policy Advisor - A New Service to Manage Your Office 365 Security Policies
When workers used only in-house technology to get their jobs done, it was relatively simple for companies to secure their IT infrastructure. Now that the average employee
uses 2.3 devices to access company applications and data, effective cybersecurity is much more difficult to achieve. Each device brought into the fold has its own security policies (rules that define users’ permission within a company’s IT environment) that need to be configured, which gets cumbersome quickly.
Managing security policies effectively is one of the most important methods for mitigating breaches, but with more employees bringing their own devices not managed by their employers, regulations shifting constantly, and compliance standards becoming more stringent, it’s extremely difficult to keep them relevant. That’s why
only 39% of organizations even set up security policies in the first place.
Therefore, companies need to identify tools that can help them keep security policies up-to-date in the midst of rapid change occurring inside and outside of their organizations. This year, Office 365 ProPlus launched Security Policy Advisor, which provides intelligent security recommendations that can be implemented simply with the click of a button. This release is a boon to cybersecurity considering Office 365
dominates 65% of the business productivity market and most of the security policies a typical company must manage are related to it.
What is Office 365 Security Policy Advisor?
Security Policy Advisor helps companies large and small manage and roll out security policies. At a high level, it delivers the following:
· Security policy recommendations
· Single-click deployment of recommendations
· Monitoring and reporting of policy impacts
· Insights into security and how it affects productivity
The service analyzes how employees use Office 365 and offers recommendations on how security policies should change in real-time. It provides insight into how recommended policy changes, if accepted, would impact the workforce, which takes the most difficult part of setting policy—predicting and weighing the effect—out of the equation. Recommendations are based on user interactions and seek to ameliorate anything that introduces risk. For instance, Security Policy Advisor may point out that having VBA macros enabled in Word for certain users or groups renders the company vulnerable. It would then model how disabling them would affect productivity for the workplace at large.
With a single click, administrations could have recommended policies implemented. Security Policy Advisor prompts accepted changes to be executed in the Office Cloud Policy service, the cloud-based tool that actually sets the policies in Office 365 and assigns them to users via the Azure Active Directory Groups.
Why use Office 365 Security Policy Advisor?
Ultimately, Security Policy Advisor’s goal is to provide full insight into the implications of proposed policy changes before they are executed, so the best decisions can be made. Previously, IT administrators not only would have to identify vulnerabilities themselves, but also would have to wait and see how a change would affect company workflow. Likely, they received a barrage of angry calls when access rights were curtailed for one group because it had unforeseen implications for others. Now, administrators can provide advanced warning to parties that would be affected by changes because Security Policy Advisor takes into account interactions between groups within Office 365 and provides detailed reporting on such dependencies.
It’s incredibly easy not only to enact policy changes but to also revert them. Any accepted recommendations could be rolled back with a single click as well. The service conveniently takes into account existing policies and reconciles conflicts, giving any policy triggered directly in Office Cloud Policy preference. It is also able to work with Group Policy Objects (GPOs) for companies that use them.
One of the most important benefits is that Security Policy Advisor takes into account all devices employees use to access Office 365, including ones they own themselves and aren’t managed by the company. This ensures the company maintains security no matter how it workers are accessing its data in the Microsoft Cloud.