Note
|
By obtaining and aggregating high risk event data from Trend Vision One and Microsoft
Identity Protection, Cloud App Security allows you to learn about the risk trends of Microsoft 365 users in your organization
based on a wide range of risk information.
The high risk events fall into the following categories:
-
Suspicious sign-in activities: sign-in activities with anomalous attributes, such as IP address, location, or browser
-
Suspicious credential activities: activities indicating credential attack or compromise
-
Suspicious user activities: unusual user behavior, such as abnormal permission assignment and suspicious access or configuration
-
Admin confirmed user compromised: user compromise confirmed by administrators
Use the drop-down menu to select the time period to view.
Widget
|
Description
|
At-Risk User Trends
|
Displays the number of Microsoft 365 users in your organization triggering high risk
events over a period of time.
Click a risk category to view or hide the number of users triggering the risk events
in
this category in the trend graph.
Hover over a point in the trend graph to view details about the triggering users.
Click Go to Operations Dashboard to view more risk information
about the users in your organization.
The Operations Dashboard in Trend Vision One aggregates data from wider sources and
dimensions to provide you in-depth and comprehensive risk insights.
|
Top 5 Users with High-Risk Events
|
Displays the internal Microsoft 365 users that trigger the most high risk events.
By obtaining and aggregating high risk event data from Trend Vision One and Microsoft
Identity Protection, Cloud App Security allows you to identify the most at-risk internal Microsoft 365 users in your organization
based on a wide range of risk information.
Hover over the number of events to view the event details, including the name and
triggered times of each event.
Select a conditional access action to apply to a user.
Click Go to Operations Dashboard to view more risk information
about the users in your organization.
The Operations Dashboard in Trend Vision One aggregates data from wider sources and
dimensions to provide you in-depth and comprehensive risk insights.
|
Top 5 High-Risk Events
|
Displays the high risk events that are triggered most frequently by internal Microsoft
365 users.
By obtaining and aggregating high risk event data from Trend Vision One and Microsoft
Identity Protection, Cloud App Security allows you to identify the
risk events that pose the biggest dangers to your organization based on a wide range
of risk
information.
Select a risk category from the Risk Category drop-down menu to
view the top users that trigger the high risk events in this category.
Click Go to Operations Dashboard to view more risk information
about the users in your organization.
The Operations Dashboard in Trend Vision One aggregates data from wider sources and
dimensions to provide you in-depth and comprehensive risk insights.
|