Microsoft has been loading up Office 365 with new products and features. The rumor mill is awash with speculation on what it all means. Is Microsoft ultimately going to replace Office with these online apps? Maybe it's CRM they are replacing? Or maybe it doesn't matter because sadly it is still the case that most deployments are only using the basic email features of Office 365. But the real treasurers in Office 365 that make it worth paying for have little to do with email and lot to do with managing and protecting data.
Because the volume of changes are difficult to keep up with, you may not have noticed that there's a section in the admin console called Security & Compliance. Within it lies the a gem called Alerts. It's a tiny piece of Office 365's managing and protecting data story but it really packs a punch. Configuring it to the needs of a business might even propel your status from migration pro to CIO.
One of the worries that people have with a move to the cloud is that their data is going to disappear. That can be a little bit scary, but as I tell my clients, did you really know where you data was before? Yes, it was in the server but you still needed help figuring out which black box holds the data, how to access it, and finding it if it was lost. Guess the cloud isn't so different after all because outside of the IT department no one really knows how to get to their data if the normal means of access aren't working.
Still, we want to assuage some of those fears while adding features that weren't available before. We also have to manage the reality that data is being stored in many different places when you add up all of the syncing to mobile devices, desktops, and laptops. Gone are the days when the administrator dictated that all data was kept on the server. Mobility means that your data can temporarily reside on mobile devices before it gets sync'd up to your cloud storage and gets sucked into your backup. This window of vulnerability is bigger or smaller depending on the habits of your staff, but it's there for everyone. As a case in point, I wrote this article offline while waiting for my plane at the airport. It was hours later before I connected to the Internet where it could sync into my cloud store. If something bad happened to my laptop during that time my work product, this article would have been lost.
Stay in control with Office 365 Alerts
Both administrators and business owners have reason to be wary of cloud activities, because they are one step removed from the control they used to have. This is where Microsoft has stepped up with the Alerts feature for Office 365 in the Security & Compliance console that sends an email when some action is taken that you want to be alerted about. The sheer number of things that you can be alerted on is fantastic. They are organized into the categories of: File and Folder, Sharing and Access Request, Synchronization, Site Administrator, Exchange Mailbox activities, Sway activities, User administration, Group administration, Application Administration, Role administration, Directory, eDiscovery, and PowerBI Activities. It gets more granular from there. Whether you're the administrator, the business owner, or the department manager, you can set alerts to give the specific job roles information that they never had before with their on-premise solution.
For example, in my domain, I have alerts set to let me know when a file has been deleted, when a file is synchronized to a new computer, when items have been deleted from the deleted items folder in a mailbox, and when someone shared data outside of our organization.
Together, these alerts are giving me a picture of where my data is going, who it is shared with, and if any has been deleted. Why do I need alerting?
- The alert regarding deleting items from the deleted items folder in a mailbox might give me heads up that an employee is leaving the company. I set this one up as a proof of concept because we often have clients looking for some advance warning clues. Sure, we can recover that information, so that rule isn't about preserving data. It's a tool for the Human Resources department.
- The alert called A File Has Been Deleted let's me know when someone deletes a file from our OneDrive shares or other Sharepoint locations. We can now answer the question, "what happen to the _____ file?"
- The Alert called Someone Shared Data let's me know when an employee shares a file with someone outside of our organization. The loss of secrets is a serious problem for some industries.
- The Alert called Someone downloaded files to a new computer does just that. It let's me know when someone has decided to setup an offline sync to a new computer. Users have more power to manipulate your data today.
It's imperative that administrators and business owners know where their data is going and who has it. These alerts are a nice check and balance against the greater freedom to work from anywhere at anytime on any device. The best part is that you can customize these alerts to fit your data protection needs.
I'll add that of course we have fine grained permissions that can accomplish some of the same things. But you need alerts to complete the picture. Without alerting, you might not know if a hole exists in your security posture.
When any of those actions that I have selected happen I get an email that looks like this:
This email gives me some great information: the time the file was deleted, the person who deleted it, the location the file was in, and the IP address from which the file was deleted. Traditionally, administrators have to implement complex big dollar solutions to get information like this. In Office 365, it's just a couple of clicks to implement. Microsoft has even provided links for you to click and go directly into the Office 365 logs to continue your research into the matter if required.
Create an Alert
Creating these alerts is super simple. Go to the Security and Compliance console and fill out the form. I'm impressed with how simple the process is.
- In the Name field, enter a name for your alert.
- Optionally, provide a description.
- Leave the Alert type field as is.
- Click the drop down next to Send this alert when…to choose the activity you'd like to be alerted on.
- Click the drop down next to Send this alert to…and enter the name of the people that you want the email alert to be sent to.
- Click Save and your alert is set. It is truly just that simple.
You already own it. Why not give the people that need to know the assurance that their data is safe and secure by letting them receive alerts for things they are most concerned about? Creating the alerts is easy. The benefits to business are potentially huge and by enabling them you've not only provided the business with information they'll find valuable, you're also showing that you're someone who is looking at the bigger picture of security.