Cloud App Security Administration Guide for Office 365
- Cloud App Security
- Understanding Cloud App Security
- Configuring Cloud App Security
- Managing Quarantine for Office 365 and Microsoft 365
- Setting Up a Quarantine Mailbox for Office 365 and Microsoft 365 Email (Exchange Online)
- Setting Up a Quarantine Folder for Office 365 and Microsoft 365 OneDrive
- Setting Up a Quarantine Folder for Office 365 and Microsoft 365 SharePoint
- Using the Quarantine View for Office 365 and Microsoft 365 Email (Exchange Online)
- Using the Quarantine Page
- Using the Quarantined File Creator Dashboard
- Using the User Dashboard for Office 365 and Microsoft 365
- Managing Restore Requests
- Using the SonicWall Cloud App Security Dashboard
- Managing Security Events
- Managing Policies
- Understanding Cloud App Security Policies
- Creating New Policy Rules
- Stopping Policy Rules
- Removing Policy Rules
- Managing Office 365 and Microsoft 365 (Exchange Online) Mail-Flow Rules
- Managing Spam and Anti-Phishing
- Managing Spam
- Managing User-Reported Phishing
- Customizing Warning Messages
- Managing Nickname Impersonation
- Managing the Anti-Phishing Exceptions
- Using the Mail Explorer
- Working with Office 365 and Microsoft 365 Email Encryption
- Configuring and Using Click-Time Protection
- Using Cloud App Security Analytics
- Configuring Cloud Applications in the Cloud App Store
- Managing Security Applications in the Security App Store
- Managing Anomaly Exceptions
- Managing Security Tool Exceptions
- Using the System Log
- Managing Cloud App Security Licenses
- SonicWall Support
Understanding Anomalies
One threat individuals in your organization can face is the takeover of their account(s). SonicWall Cloud App Security can detect this by analyzing unusual behavior an account user, such:
- logins to an account from new browsers, devices, or locations
- suspicious email activity or configurations, such as deleting all incoming email messages or forwarding messages to an external account or domain
- email account configurations that are insecure or make extensive use of filters, forwarding, or secondary accounts
- accounts where two-factor authentication has been disabled
- suspicious internal emails, often with multiple recipients
- multiple account password resets within an unusually short period of time
- changes in the grouping of contacts in emails messages or mailing lists
- changes in the usual characteristics of user sessions (such as the time of day, length of login session, or applications used)
Was This Article Helpful?
Help us to improve our support portal