Announcing Security Policy Advisor Preview for Office 365 ProPlus

April 23, 2019
The original article is published on the Microsoft Tech Community Security, Privacy and Compliance Blog.

Today we are pleased to announce the preview of Security Policy Advisor, a new service that can help enterprises improve the security of Office 365 ProPlus clients in their organization.

Office provides a rich set of security policies that allow administrators to customize the security of their Office applications to help meet their enterprise’s security needs.  Administrators have traditionally relied on published guidance like security baselines or their own analysis to come up with a set of security policies they need to enforce. In such instances, the burden falls to the administrator to determine if a security policy is right for their enterprise and will not adversely affect user productivity. 

Security Policy Advisor enables IT admins who have deployed Office 365 ProPlus, to manage the security of their Office applications with confidence by providing the following capabilities:

  • Tailored recommendations for specific security policies that can provide a high value in helping to raise the overall security posture of an enterprise and helping to protect against contemporary attacks.
  • Rich data insights on security and productivity impact of applying a policy recommendation that can help admins weigh the benefit vs. risk of applying a policy and make a data-informed decision.
  • One-click deployment of policies to end users through the recently released Office cloud policy service that enables admins to enforce Office policies straight from the cloud to any Office 365 ProPlus client without requiring on-premises infrastructure or MDM services.
  • Monitoring and reporting on policy impact that allows an admin to have visibility into how a security policy recommendation is affecting users without having to wait to hear from them.

SPA_TechCommunity.png

 

This service is now available as a preview in English (en-us) and will be available in additional locales in the coming weeks. If you are an administrator of an organization that has deployed Office 365 ProPlus, you can start using this service by signing into the Office client management portal, turning on Security Policy Advisor and creating Office cloud policy configurations.  For each policy configuration you create and assign to a group of users, Security Policy Advisor will generate recommendations with supporting data that you can review and deploy to users as a policy. Once you have applied a policy, you can continue to monitor its ongoing impact on users through the management portal.

For additional documentation on how to use this new policy service and its capabilities please refer to this document: Overview of the Security Policy Advisor (Preview) for Office 365 ProPlus.

As you evaluate this preview, please provide feedback using the feedback button (in the upper right corner) to help us improve Security Policy Advisor. We look forward to hearing from you!

  

FAQ:

 

Note:  Please refer to our documentation for the most up to date information.

 

What are the pre-requisites to start using Security Policy Advisor?

To start using Security Policy Advisor, your enterprise must have the following pre-requisites

  1. Must be using the Office cloud policy service and meet all the requirements for that service
  2. Office 365 ProPlus apps on the latest Monthly (1904) channel release deployed and being used by users in your organization.
  3. To create the recommendations and insights, Security Policy Advisor relies on necessary service data from Office 365 ProPlus. For more information, see Necessary service data for Office.
  4. Office 365 ProPlus clients can communicate back to Microsoft. Specifically, the following Office 365 URLs and IP Addresses for all Office 365 services and clients published here: Office 365 URLs and IP address ranges.

Note: If you are creating a brand new enterprise subscription in Office 365, please wait atleast 24 hours for the service to detect your subscription before trying to use Security Policy Advisor.

 

How does this relate to a security baseline?

Security baselines are a great starting point for enterprises to configure their applications for security. Office has a published baseline for Office 2016 and Office 365 ProPlus applications.

A security baseline is generic best practice guidance that ultimately needs to be consumed and customized for your enterprise to balance your security and productivity goals. You can use Office cloud policy service to apply the user level policies recommended in the Office security baseline.  Security Policy Advisor complements a security baseline by providing custom recommendations for specific policies that are tailored to your enterprise, helping you to choose the most secure policy that has the least impact on productivity for your organization.

 

How are the recommendations, productivity and security impact insights generated?

Security Policy Advisor uses the following data to generate recommendations and associated data insights on productivity and security impact:

  1. To create the recommendations and productivity insights, Security Policy Advisor relies on necessary service data from Office 365 ProPlus . For more information, see Necessary service data for Office.
  2. If your organization has Office 365 Advanced Threat Protection Plan 2, then Security Policy Advisor can use data from this service to provide insights on recommended policies. These insights will be based on threats that have been detected and stopped by Advanced Threat Protection. For more details on Office 365 Advanced Threat Protection, see Office 365 threat investigation and response.

 For more details, please refer to our documentation.

What happens when I turn off Security Policy Advisor?

When you turn off Security Policy Advisor, usage and threat data from your organization are no longer analyzed and no recommendations or insights will be generated. 

 

Admins can control the data collected from their clients using the new privacy controls supported by Office apps. More details are available here: Overview of privacy controls for Office 365 ProPlus.

What happens if I do not have Office 365 Threat Investigation and Response (via ATP Plan 2)?

If your organization has Office Threat Investigation and Response (via ATP Plan 2), Security Policy Advisor can use data from this service to provide you with information on threats detected and stopped by ATP that the recommended policy can help protect against. This can be great to quantify the actual risk to your organization when you consider applying a recommendation.

If your organization does not have ATP Plan 2, no problem, Security Policy Advisor will still show you information on the productivity impact that is helpful in assessing and monitoring impact to end users when applying recommendations. 

Which admin roles are allowed to view recommendations and configure policies?

Only the Global Admin, Security Admin or Desktop Analytics Admin (private preview) roles are allowed access to create or view policy configurations.

Discuss this article in the Microsoft Technical Community.