Abstract: A system and method for configuring an application is described. A mapping definition defines a mapping between a first level attribute, a second level attribute, and a third level attribute of the application. The first level attribute indicates a goal of an operation of the application. The second level attribute indicates a factor that contributes to the goal. The third level attribute indicating a metric associated with the factor. The system accesses metrics that measure of operations of the application by a plurality of user accounts. A graphical user interface is generated for the first level attribute and displays the metric from the third level attribute that is mapped to the second level attribute for a set of user accounts from the plurality of user accounts based on the mapping definition. The system generates a configuration setting for the application of the set of user accounts based on the metric of the third level attribute.

Abstract: Hosted services provided by service provider tenants to their users are an increasingly common software usage model. The usage of such services and handling of data may be subject to regulatory, legal, and industry-based rules, where different rules may be applicable depending on the particular service, handled data, and organization type, for example. Embodiments are directed to providing intelligence and analysis driven security and compliance suggestions for hosted services to reduce the burden on tenant administrators to determine and implement applicable policies and rules. Claims are directed to determination of a suggestion based on an analysis of a tenant's service environment, presentation of the suggestion along with analysis results and a prompt to confirm implementation of the suggestion, and upon receiving confirmation, presentation of an option to customize the suggestion by modifying settings suggested based on analysis results.

Abstract: Threat intelligence management is provided in a security and compliance environment. A threat explorer platform or module of a security and compliance service may detect, investigate, manage, and provide actionable insights for threats at an organizational level. Working with a data insights platform that collects different types of signals (metadata, documents, activities, etc.) and correlates in a multi-stage evaluation, the threat intelligence module may provide actionable visual information on potential threats, affected areas, and actionable insights derived from internal threat data and external information using contextual correlation of data within the data insight platform. User experience may be dynamically adjusted at multiple levels based on context and allow users to drill down arbitrarily deep.

Abstract: Hosted services provided by service provider tenants to their users are an increasingly common software usage model. The usage of such services and handling of data may be subject to regulatory, legal, and industry-based rules, where different rules may be applicable depending on the particular service, handled data, and organization type, for example. Embodiments are directed to providing intelligence and analysis driven security and compliance suggestions for hosted services to reduce the burden on tenant administrators to determine and implement applicable policies and rules. Claims are directed to determination of a suggestion based on an analysis of a tenant's service environment, presentation of the suggestion along with analysis results and a prompt to confirm implementation of the suggestion, and upon receiving confirmation, presentation of an option to customize the suggestion by modifying settings suggested based on analysis results.

Abstract: Hosted services provided by service provider tenants to their users are an increasingly common software usage model. The usage of such services and handling of data may be subject to regulatory, legal, and industry-based rules, where different rules may be applicable depending on the particular service, handled data, and organization type, for example. Embodiments are directed to providing intelligence and analysis driven security and compliance suggestions for hosted services to reduce the burden on tenant administrators to determine and implement applicable policies and rules. Claims are directed to determination of a suggestion based on an analysis of a tenant's service environment, presentation of the suggestion along with analysis results and a prompt to confirm implementation of the suggestion, and upon receiving confirmation, presentation of an option to customize the suggestion by modifying settings suggested based on analysis results.

Abstract: Correlated signals associated with one or more of stored content, content metadata, and activities associated with the stored content of a tenant may be analyzed and alert(s) determined based on alert threshold(s) or broader “abnormal” pattern detection. Different recipients for different alerts or alert levels may be designated and the alert(s) transmitted to the designated recipients. Alerts may also be displayed through an alert management dashboard of a protection service. The alert(s) and the results of the analysis may also be provided to a policy engine for use in adjusting or creating rules within a policy, alert thresholds, and signal collection/analysis. Post-fact investigations may also be initiated upon alerts.

Abstract: Threat intelligence management is provided in a security and compliance environment. A threat explorer platform or module of a security and compliance service may detect, investigate, manage, and provide actionable insights for threats at an organizational level. Working with a data insights platform that collects different types of signals (metadata, documents, activities, etc.) and correlates in a multi-stage evaluation, the threat intelligence module may provide actionable visual information on potential threats, affected areas, and actionable insights derived from internal threat data and external information using contextual correlation of data within the data insight platform. User experience may be dynamically adjusted at multiple levels based on context and allow users to drill down arbitrarily deep.

Abstract: A multi-purpose platform may collect different types of signals such as metadata, documents, activities, etc. and correlate in a multi-stage evaluation framework in order to allow simple queries from components and clients of a compliance and security environment to be converted into rich analyses on available data. Various signals may be collected from tenant environment and correlated at multiple levels based on their content and context. Queries from components such as a threat intelligence manager, a data explorer module, or even clients of the system may be executed on the correlated data by focusing and/or filtering the queries based on the context, effectively converting a simple query to a comprehensive analysis. The platform may have intelligence to decide which type of data to run a query on based on the request and allow data investigations performing a chain-linked investigation that can go multiple levels deep.

Abstract: Hosted services provided by service provider tenants to their users are an increasingly common software usage model. The usage of such services and handling of data may be subject to regulatory, legal, and industry-based rules, where different rules may be applicable depending on the particular service, handled data, and organization type, for example. Embodiments are directed to providing intelligence and analysis driven security and compliance suggestions for hosted services to reduce the burden on tenant administrators to determine and implement applicable policies and rules. Claims are directed to determination of a suggestion based on an analysis of a tenant's service environment, presentation of the suggestion along with analysis results and a prompt to confirm implementation of the suggestion, and upon receiving confirmation, presentation of an option to customize the suggestion by modifying settings suggested based on analysis results.