Keep your information assets safe by setting up cloud monitoring and alerting services.
Microsoft monitors everything in Office 365, right?
Well, it depends on your definition of monitoring. Microsoft monitors Microsoft’s concerns and notifies you when they deem appropriate. This does not necessarily mean you are covered.
You should use the insurance provided by the logs, APIs, and built-in reports as well as buy additional coverage where needed.
So what needs to be covered?
Cloud Monitoring in Office 365
Office 365, while a managed service, leaves some gaps in traditional, enterprise monitoring and reporting philosophies. It also introduces new ideas into these paradigms like subscription management, and changes to old paradigms like service management.
Your options will depend on the following:
- What you deem as important or critical to know about
- The areas in which you need to retain historical data
- And what information can help you forecast future behavior based on current trends
I approach decision-making on cloud monitoring by using the following steps:
- Determine what services, applications, and platforms you’re using. I ask you to discuss these because everyone in your organization has a little bit different idea about what your cloud offering consists of.
- Determine what is critical or most important about these services, applications, and platforms. Is it the entirety of the platform or application, or perhaps a particular service that other applications depend on?
- What do you need to know about the outage / disruption / change and who needs to have the information?
- What are you going to do about it? You know the popular marketing campaign that includes the catchphrase, “Why monitor a situation if you’re not going to do anything about it?” Your monitored results must be actionable.
- In most cases I have seen, the resulting action is primarily around information dissemination. But if you are not keeping up with the various outlets for Microsoft roadmap information, you could get a surprise.
Regardless, monitor your subscriptions on a regular, if not daily basis.
Alerting in Office 365
You want to be informed of a problem by an application, not by your users.
Alerting in Office 365 continues to get better. You can now be alerted to all of the actions that make up the audit log. This is great for visibility into not only what your users and admins are doing, but also how this impacts your data.
EM+S E3, and in particular Intune, provide reports and alerts for your mobile users. Some diligence will be required by your global administrators to spot trends using the available reports in the Office 365 Admin Center, as well as the Azure application pages for EM+S products.
Also, be aware that the Admin Application for iOS is random at best. I have configured it to alert me about everything, in all the ways the phone allows and yet it is only on a rare occasion when I receive a notification.
As I write this, I just checked the Office 365 Service Health page and there are three incidents about which I was unaware. You will probably find that you need better coverage for alerting than out-of-the-cloud Office 365 provides.
Available Tools for Monitoring and Alerting
Below are some cloud monitoring and alerting services that will help you with information security:
- Security and Compliance Center Alerts/System Health: included in the Office 365 subscription
- Management and Reporting APIs for Office 365/Azure: also included, this will allow developers to create custom reports using C# or REST
- ManageEngine Office 365 Manager Plus: $7,995 annually for up to 20,000 users; $4,995 for up to 10,000 users; cost steadily decreases with the number of users – nice interface with access to all user and app data, except for SharePoint, mobile alerts, Azure AD management, customizable rules for alerts, and a few more
- Sharegate: $6,995 for up to five users – provides more than just monitoring
- System Center Operations Manager: probably cost prohibitive for this need as it is an enterprise-wide monitoring solution – however, management packs for Azure AD and AIP are available
- Office 365 Mon: $99 to $199 per month – the pricier option provides value in dashboard reports
- Exoprise CloudReady Office 365 Monitoring: $500 to $1,000 per month, depending on the number of apps or functions you want to monitor
- Intune: standalone at $6 per user, per month; included in EMS E3 and E5 – sends email alerts for mobile device management, policies, applications, updates at critical, informational, and warning levels
- Azure Information Protection (AIP): $5 per user, per month; included in EMS E3 and E5 – alerts users when they are working with classified documents and has plenty of other features
There are lots of products available and others out there, but their prices are not posted so I did not include them here.