Critical O365 Alerts Buried and Only Seeing Garbage?
No Real-time Monitoring and Alerts for Security and Compliance Issues
When it comes to alerts, IT either has so many it can’t see the ones that really matter, or too few, with little to no visibility into critical issues. The answer is enabling real-time monitoring and alerts for potential security compliance issues in the Office 365 environment.
One CoreView customer used to spend 10 to 50 hours every month writing and running custom PowerShell scripts to decipher the millions of log entries and search for security problems. Now they leverage CoreView to provide automated alerts for security issues on an almost real-time basis. Whenever a known issue is reported within any of the different Office 365 event logs, the CoreView monitoring agent creates an alert and notifies the specific IT admins to take action.
Once alerted with the appropriate information about the security issue, the IT admins can take immediate action to rectify the situation and close the security concern. Another customer said they now have hundreds of these CoreView security compliance alerts configured within their environment to empower them with the real-time knowledge of noncompliance activities so they can be remediated quickly.
Doing Alerts Right Through Automation
CoreView enables the configuration of automated alerts for any event activity reported in Office 365 log files. The simplified wizard UI to configure these alerts makes it easy for IT administrators to choose the available log categories and associated events from available picklists and activities to identify the exact security risks they want to monitor. The wizard UI walks the administrator through a six-step process to identify the log event and select the recipients to alert.
These alert notifications are generated from the audit activities performed by CoreView on an almost real-time basis. When a preconfigured security watchdog setting matches a known compliance breach, an alert message is sent via e-mail to a specified distribution list. Administrators can then take immediate action to rectify the situation and close the security concern.
Here are two key alerts.
Identifying Likely Malware Infected Mailboxes
A simple alert configuration can be made using CoreView to identify mailboxes that are possibly infected with malware. If an account is sending thousands of messages a day to both internal and external addresses, then there is definitely an investigation that needs to be made by IT administrators. Being quickly notified of these malware-infected accounts can help administrators remediate the issue before it becomes critical.
Alerts for Password Policy Compliance Issues
Most organizations want to track password settings on accounts and flag those with incorrect provisions allowed. Automated alerts from CoreView provide the administrators with enough information so they can perform follow-up investigations with those end-user accounts and fix the password policies as needed. Since CoreView monitors all these activities and configuration settings, it is simple for IT administrators to configure alert notifications for specific security concerns.
Protect Your O365 Tenant With CoreView
Or sign up for a personalized CoreView demo.
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.