Written By:  Jared Spataro |  Published:  2/24/2020

Introducing Security Policy Advisor—a new service to manage your Office 365 security policies

Securing your users has never been more important, or more difficult. For many, it’s become a scramble to simply stay ahead of the latest threats. And all too often the complexity and variety of the security solutions themselves only adds to your burden. What most people really need is someone to help shoulder the load. We hear you. And that’s why we’re taking steps to provide new, easy-to-use capabilities that support you as you protect the people, apps, devices, and data in your organizations.

Today, we’re excited to announce the public preview of Security Policy Advisor—the first in a series of security investments to further strengthen the apps in Office 365 ProPlus. Security Policy Advisor is a service that offers an easier, more effective way to manage your security policies. It provides custom policy recommendations, supported with rich data insights into how these policies would impact your group’s use of features in Office—allowing you to make decisions with full information.

Simplify policy management across devices

Earlier today, we announced the release of our new Office cloud policy service, an easy-to-use cloud-based tool that allows you to define policies for Office 365 ProPlus and assign them to users via Azure Active Directory groups. Once defined, policies are automatically enforced as individuals sign in. What’s more, Office cloud policy service extends your reach to managed and unmanaged devices without requiring any on-premises infrastructure or modern device management services. If you have a BYOD policy or users who occasionally sign in to Office 365 ProPlus from other devices, you’re covered.

Manage and monitor policy configurations with confidence

Now, we’re building on this service to help you secure your organization with confidence, taking the guesswork out of configuring security policies. In the past, the burden fell to you alone to determine if a particular policy would help or hurt a specific group. Setting macro policies, for example, involved numerous group policy objects (GPOs), each with multiple settings, detailed yet always too generic security baseline studies, and cumbersome deployment. And in the end, you still had to wait for frustrated support calls to know the user impact.

Security Policy Advisor changes the game with knowledge already available within your organization. It analyzes how individuals use Office and then recommends specific policies to boost your security profile. Even better, for each recommendation, you can see how people would be impacted, giving you greater confidence in choosing policies that are right for your environment. It may recommend, for example, disabling VBA macros in Word or macros in Excel files from the web—providing relevant threat intelligence (if available) and identifying just how frequently individuals in your group use those features and would be impacted by the policy.

When you’re ready, you can apply policies at the app, feature, or group level—all with one click.

The job doesn’t end once a policy is applied. In a dynamic workplace needs evolve, groups change, and a set of policies that worked just months ago may actually become a hinderance. Security Policy Advisor actively monitors policy impact on your employees, highlighting areas worth your attention or suggesting changes if needed. If you’ve enabled individuals to override specific policies, you’ll see how this is used. With cloud-based management, you can update or even roll back at the push of a button.

And rest assured: if you are currently using GPOs, they can run in parallel with any changes you make with the Office cloud policy service. Existing policies are retained and, if there are any conflicts, policies you apply via Office cloud policy service will always take precedence.

See what Security Policy Advisor recommends for you

Security Policy Advisor is now available in preview in English (en-us) with broad availability in coming weeks. If you’re an administrator in an organization that has deployed Office 365 ProPlus, you can start right now by signing in to the Office client management portal and configuring Office policies. For each configuration you create and assign to a group, you’ll receive recommendations with supporting data that you can review and deploy to users as a policy. Visit Tech Community for additional information and documentation.