Advanced Security Management for your Office 365 dev/test environment

 

Applies to: Office 365 Enterprise

Topic Last Modified: 2017-06-07

Summary: Configure and demonstrate Office 365 Advanced Security Management in your Office 365 dev/test environment.

Office 365 Advanced Security Management allows you to create policies that monitor for and inform you of suspicious activities in your Office 365 subscription, so that you can investigate and take possible remediation action. For more information, see Overview of Advanced Security Management in Office 365.

With the instructions in this article, you enable and test Advanced Security Management in your Office 365 trial subscription.

TipTip:
Click here for a visual map to all the articles in the One Microsoft Cloud Test Lab Guide stack.

If you just want to test Advanced Security Management in a lightweight way with the minimum requirements, follow the instructions in phases 2 and 3 of Office 365 dev/test environment.

If you want to test Advanced Security Management in a simulated enterprise, follow the instructions in DirSync for your Office 365 dev/test environment.

NoteNote:
Testing Advanced Security Management does not require the simulated enterprise dev/test environment, which includes a simulated intranet connected to the Internet and directory synchronization for a Windows Server AD forest. It is provided here as an option so that you can test Advanced Security Management and experiment with it in an environment that represents a typical organization.

In this procedure, you demonstrate that before enabling Advanced Security Management, changing a user’s role provides no email notification to the global administrator.

Test the default notification behavior of Office 365
  1. Go to the Office 365 portal (https://portal.office.com) and sign in to your Office 365 trial subscription with your global administrator account.

    • If you are using the lightweight Office 365 dev/test environment, sign in from your local computer.

    • If you are using the simulated enterprise Office 365 dev/test environment, use the Azure portal to connect to the CLIENT1 virtual machine, and then sign in from CLIENT1.

  2. From the main portal page, click Admin.

  3. In the left navigation, click Users > Active users.

  4. Click the User 4 account.

  5. On the User 4 page, click Edit for the Roles row.

  6. On the Edit user roles page, click Global administrator, type user4@contoso.com in the Alternative email address, and then click Save. Click Close twice.

  7. Select the app launcher icon in the upper-left and choose Mail.

  8. Wait 30 minutes. Notice that there is no email message in the inbox notifying you of the change in User 4’s role as a global administrator.

In this procedure, you enable Advanced Security Management and create a new policy to send email notifications to your global administrator account for changes in user account roles. This procedure requires:

  • The global administrator account name and password of your Office 365 trial subscription.

  • The name and password of the User 5 account of your Office 365 trial subscription.

Enable and configure Advanced Security Management
  1. Use the information in Opt-in steps for Advanced Security Management to enable Advanced Security Management.

  2. On the Policies page, click Create policy, and then click Activity policy.

  3. In Policy name, type Role changes.

  4. In Policy severity, click High.

  5. In Activity filters, click Select a filter, and then click Activity type.

  6. In Select activity, click Add member to role.

  7. In Alerts, click Send alert as email. In To, type the email address of your global administrator account.

  8. At the bottom of the page, click Create.

In this procedure, you demonstrate how Advanced Security Management sends an email notification to the global administrator account when User 4 makes User 5 a password and user management administrator.

Demonstrate email notification for a change in user account roles
  1. In the upper-right, click the user icon, and then click Sign out. Close Internet Explorer.

  2. From the Start screen, click Internet Explorer.

  3. Go to https://portal.office.com.

  4. On the Office 365 sign in page, click Use another account.

  5. Type the User 4 account name and its password, and then click Sign in.

  6. If needed, change the User 4 account password, and then click Update password and sign in.

  7. On the Office 365 portal page, click Admin.

  8. If needed, click cancel when prompted to update your admin contact info.

  9. From the main portal page, click Admin.

  10. In the left navigation, click Users > Active users.

  11. Click the User 5 account.

  12. On the User 5 page, click Edit for the Roles row.

  13. On the Edit user roles page, click Customized administrator, click Password administrator and User management administrator, type user5@contoso.com in the Alternative email address, and then click Save. Click Close twice.

  14. Click the user icon in the upper-right, and then click Sign out. Close Internet Explorer.

  15. From the Start screen, click Internet Explorer.

  16. Go to https://portal.office.com.

  17. On the Office 365 sign in page, click your global administrator account name.

  18. Type the password, and then click Sign in.

  19. From the main portal page, click Mail. Wait up to 30 minutes. You should see two new email messages in the inbox whose title begins with Cloud App Security. One message indicates that the User 5 account was added to the Helpdesk Administrator role (equal to the Password administrator role in the Office 365 Admin center) and another message indicates that the User 5 account was added to the User Account Administrator role (equal to the User management administrator role in the Office 365 Admin center).

You can now use this environment to create new policies and further experiment with Advanced Security Management.

TipTip:
Click here for a visual map to all of the articles in the Office 365 and EMS Test Lab Guide stack.

Show: