10 ways to protect data in Office 365

    The other day it happened to conduct a webinar on the topic of building enterprise ecosystems. When we touched on the topic of clouds, most questions rained about what Microsoft did new in the field of data security in the clouds.

    It is these issues that deprive sleep and become a headache for IT managers of companies using public cloud services. Answers to this question at the Microsoft Ignite conference, held from May 4 to 8, 2015 in Chicago, were voiced by Brian Reid of NBConsult. Here's what he said about information security practices for organizations using Office 365.

    1. Security Policy

    Always use the policy and password time limit to secure your data and access to the application. There are various settings for the timing for updating passwords depending on user profiles. For users of cloud services, passwords lose their relevance after 90 days by default, while users synchronized with Active Directory are subject to the policy in accordance with the on-premise settings. For users of cloud services, password reset in self-service mode is freely available. With Azure Active Directory, you can let users of the on-premise system change passwords for cloud services. There are 4 methods of authentication when resetting a password - through an office phone, mobile phone, e-mail and security questions.

    2. Data Loss Prevention (DLP)

    A data loss prevention strategy ensures that confidential and personal data is kept safe from unauthorized downloading, distribution, or emailing. DLP is available in SharePoint Online and Exchange, and can be integrated with Enterprise Search. Along with this, you can create policies to limit the storage of content in certain places, such as One Drive for Business and SharePoint Online. When you enable DLP to work in test verification mode, it will provide a report on inconsistent loading and storage of data that violates the security policy.

    image

    3. Rights management

    Rights Management protects documents and email using encryption and an associated access policy. Documents can only be used by certain users for certain purposes. You can set content compliance rules and create offline access settings, as well as set policies at the document level, which, for example, will prevent an unauthorized user from opening a Word document saved to disk. This option requires an E3 license or Azure Rights Management license.

    4. Message encryption in Office 365

    Office 365 message encryption requires a login password to read and reply to emails. It usually works with a one-time password to access the email. Message encryption is available in E3 Office 365.

    5. Mobile Device Management (MDM)

    Mobile device management helps protect data on users’s devices. MDM allows you to set access conditions, differentiate policies for different users, manage mobile devices and delete data from them, if necessary, partially or completely. MDM has been freely offered in Office 365 commercial subscription packages since May 2015.

    6. Multi-factor authentication

    Multi-factor authentication requires more than just a username and password to access Office 365. It can be set individually for each user. Users, in addition to the standard username and password, receive a call to the phone or text message. Answering a call or entering a received access code in a browser provides authentication with increased security. The system can turn on depending on the IP address, requesting an additional code only when accessing from public networks and deactivating when working in the office. Multi-factor authentication is a free option in all Office 365 plans.

    7. Advanced threat protection

    Exchange Online Protection protects all Exchange Online mailboxes as part of a subscription. Advanced threat protection will be available by the end of 2015 as an additional option to deal with serious problems such as phishing on behalf of trusted sources and malware attacks through application vulnerabilities.

    8. Client device security

    We must not forget about the security of client devices that have access to Office 365. Be sure that updates to resolve IS problems are installed in a timely manner. Using Active Directory Federation Services you can set security policies that restrict users from logging in from specific IP addresses. Keep in mind that the mobile device management functionality described above replaces this option.

    9. Deploying the Office Client

    This security method ensures that the client version of
    Office is up to date through the installation of current updates. Users can flexibly configure updates at certain time intervals. You can control the situation through the XML-based Click2Run process, available only in Office 365 Pro Plus subscription plans.

    10. Content sharing

    The admin portal provides the ability to enable or limit the sharing of content. You can control the use of content in Office 365, including sites, calendar, Skype for Business, and other applications. There are reports showing the sharing settings for content. The administrator can change the settings directly from the management console, without entering the application settings.


    Also popular now: