Many businesses have already switched to Office 365. If they haven’t yet, they will soon. Office 365 is the best choice for productivity apps in an enterprise environment. It is also more cloud-based that previous versions of Office.
This means Office 365 must be monitored for data breaches and data loss prevention. Microsoft makes it easy for you to set up security alerts that are specific to your organization. Today we will discuss how to filter Office 365 alerts and manage them.
The Recommended Severity Ratings of Incidents in Offices 365
The Office 365 Admin panel’s Security and Compliance dashboard alerts work in a similar way to a traditional ticketing system. The main difference is that security events, or tickets, are generated automatically. In a traditional ticketing system these tickets (or alerts), would be created manually by either the end-users or IT staff.
These alerts are automatically created based on a specific set of criteria. Let’s say you want to know if an account has been accessed from another country. You can create a security alarm rule that searches for this data. You can also label the severity of automatically generated alerts as part of the criteria.
Alert severity can be classified as:
Low
Medium
High
There is no universal way to classify alerts and tickets based upon severity. These labels can change from one business to the next. IT professionals have a common guideline for determining which severity rating should be applied to tickets.
Low-level issues that only affect one user and have a workaround are acceptable.
Medium should be used for issues that affect one user or a few end-users and require no workaround.
High severity should be given to any issues that prevent an entire department or company from functioning.
Alerts in Office 365 are not limited to users. They could also indicate security issues. An alert could be issued if an account is accessed by someone from another country. You could also create an alert if sensitive information was sent to someone outside your organization. These alerts may be considered high severity depending on the business’s operations.
How to create a new security alert in Office 365
It is simple to create a new Office 365 security alert. Security alerts can only be created by certain Office 365 subscription levels. You will need an Enterprise account or U.S. Government account to subscribe to one of these subscription tiers.
E1 / F1 / G1
E3 / F3/ G3
E5 / G5
Only subscribers to the E5 or G5 subscriptions have access the advanced functionality of Office 365 alerts. This includes accounts with a subscriptions to Microsoft Defender for Office 365 P2, Microsoft 365 E5 Compliance or the Audit addon subscription.
First, log in to Office 365 and go to the Security and Compliance’ area. Next, click on the ‘New Alert Policy’ button under the ‘Alert Policy’ box. This will open a web wizard to create a new alert strategy.
Four parameters must be set up in the wizard’s first window.
Name
Description
Severity Level
Category
You must provide the name, severity level, as well as category parameters. Your organization’s naming conventions will give your new alert policy a name. It is a good idea to make your policy name descriptive of what it does.
Although the description parameter is not necessary, it is a good idea for adding some information about this warning. Make it easier for the next person to take care of things.
You can label the severity rating as low, medium, and high. The severity rating can vary from one business to the next. The severity rating should be higher for the more severe incident.
Select a category to be alerted. For more information