Keeping your Confidential Data Secure with Microsoft Office 365
Corruption and data loss can be caused by a variety of reasons – hardware or system malfunction, software corruption, computer viruses, malware and even human error.
Despite of the location, organizations has confidential and sensitive information that must be protected. Microsoft Office 365 security features are intended to ensure that data has been flagged as confidential in view of customizable policies.
Microsoft Office 365 is designed to help meet your organization’s needs for content security and data usage compliance with legal, regulatory, and technical standards. Setting up policies and enabling services that optimize these conditions is an important part of administering Office 365. To establish a secure and compliant Office 365 work environment that meets your organization’s requirements, the following describes the Office 365 features that are available to help you with fulfill your organization’s security and compliance needs.
Data loss prevention in Office 365. Data loss prevention (DLP) helps you protect sensitive information and prevent its inadvertent disclosure. Examples of sensitive information that you might want to prevent from leaking outside your organization include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy, you can identify, monitor, and automatically protect sensitive information across Office 365.
Anti-spam and anti-malware protection in Office 365. Office 365 has built-in malware and spam filtering capabilities that help protect inbound and outbound email messages from malicious software and help protect you from spam. You don’t need to set up or maintain the filtering technologies, which are enabled by default, but you can make company-specific filtering customizations.
Information management policies in Office 365. An information management policy is a set of rules for a type of content. In SharePoint Online, information management policies enable organizations to control and track things like how long content is retained or what actions users can take with that content. Predefined policies include retention policies, expiring out-of-date content, and auditing of document usage. You can use site policies to help control site proliferation. A site policy defines the lifecycle of a site by specifying when the site will be closed and when it will be deleted.
Information Rights Management. Information Rights Management (IRM) helps prevent sensitive information from being printed, forwarded, saved, edited, or copied by unauthorized people.
Legacy Exchange Hosted Services. Information about transition from the following legacy exchange hosted services:
- Exchange Hosted Archiving (EHA)
- Exchange Hosted Encryption (EHE)
- Forefront Online Protection for Exchange (FOPE)
Inactive mailboxes in Office 365. An inactive mailbox is used to preserve a former employee’s email after he or she leaves your organization. A mailbox becomes inactive when a Litigation Hold or an In-Place Hold is placed on the mailbox before the corresponding Office 365 user account is deleted. The contents of an inactive mailbox are preserved for the duration of the hold that was placed on the mailbox before it was made inactive. Administrators, compliance officers, or records managers can use eDiscovery in Office 365 to access and search the contents of an inactive mailbox.
Archiving in Office 365. Archiving allows to manage information lifecycle in Office 365 by automatically archiving older and infrequently accessed content, and removing older content after it’s no longer required. It includes archive mailboxes, retention policies, Overview of document deletion policies and records management.
Hold in Office 365. Hold allows to preserve or archive content for compliance and eDiscovery. The types of hold include Overview of preservation policies in the Office 365 Security & Compliance Center and In-Place Hold and Litigation Hold in Exchange Online.
Transport Rules in Office 365. Using transport rules, you can look for specific conditions in messages that pass through your organization and take action on them. Transport rules let you apply your business policies to email messages and they can help with securing messages, protecting messaging systems, and preventing information loss. You can use the Exchange Admin Center or Windows PowerShell to manage transport rules.
Office 365 Import Service. Use the Office 365 Import Service to import PST files to Exchange Online mailboxes or import data files to your SharePoint Online organization. For both types of files, you can upload the files over the network or copy them to a hard drive and then ship the drive to a Microsoft datacenter, where the data will be imported to Office 365.
Encryption in Office 365. Office 365 Message Encryption is an easy-to-use service that lets email users send encrypted messages to people inside or outside their organization. For more information, see Encryption in the Microsoft Cloud.
Auditing in Office 365. You can use the auditing functionality in Office 365 to track changes made to your Exchange Online configuration by Microsoft and by your organization’s administrators and changes made by users to documents and other items in the site collections of your SharePoint Online organization. After you turn on auditing to capture admin and user actions, you can view audit reports and export the audit logs.
eDiscovery in Office 365. Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases. You can use eDiscovery in Office 365 to search for content in Exchange Online mailboxes, SharePoint Online sites, or both. Using eDiscovery, you can identify, hold, and export content found in Exchange mailboxes and SharePoint sites. For more information, see Office 365 Advance eDiscovery
Mobile Device Management in Office 365. Office 365 can be used to secure and manage any device that uses Exchange ActiveSync to sync with your organization’s email, calendar, contacts, and tasks. Using the Office 365 and Exchange admin centers, you can perform common mobile device management tasks like setting device access rules, viewing device reports, and remotely wiping devices that are lost or stolen. Office 365 users today are always on the move and need access wherever they are, using a variety of devices. Using Microsoft Intune mobile-device management is one of the efficient ways to manage and protect devices across Windows, Apple iOS, and Android platforms. You can identify, monitor, and protect sensitive information with data-loss prevention controls in mobile application management.
Office 365 Security & Compliance Center. Office 365 Security & Compliance Center can be used to manage compliance across Office 365, Exchange Online, and SharePoint Online. You can manage archive mailboxes, eDiscovery cases, auditing reports, and retention and deletion polices in Exchange Online and SharePoint Online. You can also assign permissions to compliance managers in your organization so they can access some or all of the compliance features in the Security & Compliance Center.
In the spirit of continuous improvement, Microsoft also announced recently three new Office 365 security features and governance features:
- Office 365 Secure Score analyzes your current Office 365 configuration and provide recommendations for improvements as well as long-term analytics
- Office 365 Threat Intelligence Private Preview helps you leverage Microsoft’s threat intelligence resources in order to find and analyze threats in your own environment
- Office 365 Advanced Data Governance helps with your data classification, archival and retention programs.
Microsoft Office 365 security can help you protect confidential and sensitive information and meet compliance requirements as data protection becomes increasingly important and difficult to manage. To learn the full features of Microsoft Office 365 Security and Compliance and learn more about Motionwave Office 365 Support, feel free to consult our group at Motionwave Technologies.