Best Practices for Monitoring Microsoft 365 from On-Premises

With the recent flurry of cyber-attacks across the globe, one question we have heard from our users is best practices or recommendations on securely monitoring SaaS or cloud based resources from an on-premises monitoring solution such as Orion.

In this scenario, we will focus on Microsoft 365 and monitoring it securely from Orion.  There are a couple of ways in which to ultimately accomplish this.  

  1. Orion can be deployed into the cloud and self-hosted.  SolarWinds provides images for both Azure and AWS, so you can always monitoring cloud resources or services in this manner
  2. Create the appropriate firewall rules at the edge of your environment to only allow traffic to and from the Orion server externally from that service.  
  3. Microsoft’s Conditional Access capabilities.  Leveraging this capability, you can lock down access from an account used to access Microsoft 365 to a specific user, IP, location or device. For example, the Orion server itself.   

Microsoft have published an example of configuring this based on a location.

Microsoft has put together and published very thorough documentation on how to secure Microsoft 365 from On-Premises environment, which you can read more about here.  If you are monitoring cloud resources from AWS, Azure, etc. additionally you can create a virtual private network setup to ensure secure communication between Orion on-premises and the cloud service provider.

Security is something we need to take the time, research and plan out carefully to ensure our users and environment stay safe and secure.

Anonymous
  • In general, the types ofMicrosoft 365 activities you should be monitoring (if you're not already doing so) include: User access: Learn who is accessing your Microsoft 365 subscription, when, and from where. Set up a baseline for normal user access behavior and detect any deviations to spot attack attempts. Cinema HD V2 Apk & MovieBox Pro

    The company recently announced that it had "expanded" its Office Suite 365, which now includes an administration level monitoring tool to keep track of worker activity. The feature can be found under "Workplace Analytics.

  • Microsoft recently rebranded Office 365 as Microsoft 365. It can help you design, deliver, operate, and support great digital experiences for every person engaging with your business myvanilladebitcard. The goal of this offering is to provide simplified collaboration for all your business activities.

  • Another tip, for those with deeper pockets:

    Purchase an Additional Polling Engine license, and deploy it within a DMZ network. That way, should any breach occur, only the DMZ will be impacted. You'd need to get all your firewall rules spot on, of course, but the Success Center has you covered there :)

  • These are great suggestions! The simple idea of using Conditional Access policies for the credentials being used to monitor Azure/365 is a great improvement even by itself.