To streamline threat investigation and incident management, SaaS Security has introduced a new Filter by Policy capability within the Behavior Threats dashboard. This enhancement allows security administrators to quickly isolate specific types of risks by filtering the incident view based on the underlying detection policy.

With this update, you can now target high-priority behavioral anomalies such as abnormal location access, bulk data downloads, or suspicious uploads with a single click. By narrowing the focus to specific policy violations, security teams can significantly reduce noise, prioritize critical alerts, and accelerate response times for potential insider threats or account compromises.

This feature provides more granular control over how you view and assess threats, ensuring that your security operations center (SOC) can efficiently manage the complex landscape of SaaS application behavior. This capability is now available in the Behavior Threats monitoring view under the incident filters.

When you need to assess your application security without allowing automated remediation actions, read-only connectors provide a secure solution that limits access permissions while delivering critical visibility. This feature addresses a key customer requirement for security assessment without modification capabilities, particularly in sensitive environments or during initial deployment phases. Data Security enables you to onboard the Office 365 app in read-only mode during the onboarding process, which establishes connections with appropriate limited permissions that prevent any changes to your cloud resources. This approach enables security monitoring, compliance verification, and risk assessment while maintaining strict change control procedures within your organization.

Read-only mode is especially valuable when you want to evaluate security monitoring capabilities before granting remediation permissions, when working with highly regulated environments where change processes require manual approval workflows, or when you need to provide security visibility to teams who should not have modification rights. The connector still provides comprehensive visibility while respecting your organization's operational boundaries. You can later upgrade read-only connectors to full read-write access when your organization is ready to implement automated remediation capabilities.

When you need to assess your application security without allowing automated remediation actions, read-only connectors provide a secure solution that limits access permissions while delivering critical visibility. This feature addresses a key customer requirement for security assessment without modification capabilities, particularly in sensitive environments or during initial deployment phases. Data Security enables you to onboard the Microsoft Teams app in read-only mode during the onboarding process, which establishes connections with appropriate limited permissions that prevent any changes to your cloud resources. This approach enables security monitoring, compliance verification, and risk assessment while maintaining strict change control procedures within your organization.

Read-only mode is especially valuable when you want to evaluate security monitoring capabilities before granting remediation permissions, when working with highly regulated environments where change processes require manual approval workflows, or when you need to provide security visibility to teams who should not have modification rights. The connector still provides comprehensive visibility while respecting your organization's operational boundaries. You can later upgrade read-only connectors to full read-write access when your organization is ready to implement automated remediation capabilities.