Office 365 Security Audit – How to Identify Your Internal Threats?

by

Auditing Your Office 365 For Potential Security Vulnerabilities

It is a well-known fact that a significant number of Enterprise security breaches happen due to internal threats and Office 365 is no exception to this. And being a cloud environment makes things worse due to access from a variety of locations using a number of different devices. While there may be any number of threat-points in the system, the ones related to users, sharing of users information assets through One Drives, both internal and external, user group memberships, internal sharing of user mailboxes  and almost any user related data access are the ones that have the maximum potential to cause security breaches. It is imperative that administrators perform routine scans for such internal threats by performing a security audit related to users in their Office 365 tenants. The personnel in charge of Office 365 Security should document and monitor everything about their Office 365 users – what access rights they have, who the administrators are, what roles have been assigned to Office 365 users, what permissions have been assigned to shared mailboxes, public folders and so on. For the SharePoint Online environment, everything related to permissions assigned on Sites, Lists, List Items, and Site Groups etc. must be documented and monitored regularly.

Since the use of cloud environment has grown and evolved so much in recent times, your Office 365 tenant is likely to be accessed by more people, from more places and platforms like never before. A comprehensive approach is required for the administrators to protect the organization’s information assets in this environment.

Vyapin reporting tool for SharePoint Online & Exchange Online  provides powerful, comprehensive reports and related management features covering all security aspects mentioned above and more.

Given below is a partial list of this solution’s capabilities to address the needs of Office 365 security administration.

Office 365 Security Audit for Exchange Online

Non-Owner Mailbox Access

This report shows the details about the list of permissions assigned on all the mailboxes in your Office 365 tenant for users who are not the owners of those mailboxes along with the level of permissions assigned to them.

Non owner mailbox access

Shared Mailbox Access

One of the most useful and widely used feature in Office 365 is the Shared Mailbox, simply because it comes without costs with the licensing plans. Microsoft allows you to create any number of Shared Mailboxes and you can store up to 10 GB of data in them.

So, it very important to manage these Shared Mailboxes frequently by monitoring the permissions assigned on these mailboxes with level of permissions assigned.

Shared mailbox access

Security Impact report for users

Security Impact report for Users is a report that analyzes the level of impact a user is likely to have with respect to Office 365 security. It shows who has access to which mailboxes and other related information that lets you analyze the security implications of users’ access rights, roles and group memberships within Office 365. This report shows information about Group Membership, Distribution Group Membership, Administration Roles, Other User Mailbox Access, Shared Mailbox Access, Public Folder Access and Licenses assigned for users. Additionally, it also gives information about users One Drive content. This Office 365 security report lets you study the security impact of users and take the required actions when users are provisioned or deprovisioned or when there is a security breach.

security impact report for users

Office 365 Security Audit for SharePoint Online

Effective Permissions of Sites, Lists and List Items

As an administrator of your SharePoint Online environment, you may come across a situation when you have to track the permissions assigned on SharePoint objects like Sites, Lists or List Items due to possible data theft, accidental deletions etc. to narrow down the list of users who may be responsible. The administrator will have to review and analyze permissions assigned for all users on SharePoint objects.

effective permissions for sites list and list items

Effective Permissions of Users and Groups

This Users and Groups Permissions report will display the list of permissions assigned for the selected users / groups on Sites, Lists or List items with the level of permissions assigned. This will help administrators to keep track of the user permissions and to monitor indirect permission assignments for users (through groups).

effective permissions for users and groups

OneDrive Security Audit for SharePoint Online

OneDrive for Business is an integral part of Office 365 or SharePoint Server, and provides place in the cloud where you can store, share, and sync your work files. You can update and share your files from any device with OneDrive for Business. You can even work on Office documents with others at the same time.

OneDrive for Business is online storage intended for business purposes. Your OneDrive for Business is managed by your organization and lets you share and collaborate on work documents with co-workers. Site collection administrators in your organization control what you can do in the library.

OneDrive Reports shows the list of folders and files to which the selected users has access to. This is a useful feature to check where all a user of interest as access to in One Drive. Something an administrator will find useful in the event of a One Drive security breaches.

OneDrive User Permissions

OneDrive User Permissions report shows the list of folders and files in all personal OneDrive sites to which a user has access to. It shows the access rights of the user account to folders and files of other users in their OneDrive sites. This report displays the information such as Account Name, Email Address, Folder or File Name, Object Type, Folder or File URL, Account Type, Permission Type, Permission Level, Author, Editor, Size (in MB).

onedrive user permissions

OneDrive Non-Owner Permissions

OneDrive Non-Owner Permissions report shows the list of users who are not owners but have access to the folders and files within the personal site of a particular user. It displays the users with permissions assigned on folders and files of a personal OneDrive store. Information such as Folder or File Name, Object Type, Folder or File URL, Account Name, Email Address, Account Type, Permission Type, Permission Level, Author, Editor, Size (in MB).

onedrive non owner permissions

Site Collection Administrator Access

Site Collection Administrator Access report shows the list of users who are site collection administrators or site collection owners of the selected OneDrive personal site. Information such as Personal Site of (User), Personal Site Email, Personal Site URL and Site Admin Access.

Site collection administrator access

OneDrive Permissions

OneDrive Permissions report is an OneDrive site-based access rights report that shows the list of users who have access to any particular OneDrive personal site within Office 365. Information such as Personal Site of (User), Personal Site Email, Personal Site URL, User or Group Name, Email Address, Type and Permission Levels.
OneDrive permissions

To audit your Office 365 environment for any potential Security vulnerabilities, try Office 365 reporting tool.

Download free trial version of Microsoft 365 Reports Now!

Office 365 Reporting

ABOUT AUTHOR- VASUDEVAN S

Vasudevan is a Software Engineer working as programmer at Vyapin Software Systems. He is working with Office 365 Management Suite team at Vyapin. He blogs about Office 365 technology and Vyapin's Office 365 management and reporting tools.
Read all posts by Vasudevan S »»

Related Posts