370 likes | 385 Views
Learn about the pillars of Office 365 security, including privacy, transparency, compliance, and continuity. Discover how Office 365 addresses common security themes and provides built-in features for identity and access management, mobile device and app management, and information protection. Explore the benefits of Enterprise Mobility Suite for Office 365 customers and the various security assessments available. Take advantage of the commercial and operational mitigations offered by Office 365 and gain control over data access and security.
E N D
Office 365 security: everywhere you need it to be James Lewis and Simon Waight PRD331
A bit about us… James Lewis james.lewis@kloud.com.au @jimmy_lewis Sydney Office 365 User Group Simon Waight simon.waight@kloud.com.au @simonwaight Sydney Azure User Group http://blog.kloud.com.au/
“Some organizations, especially outside the U.S., are paying an opportunity cost by allowing unwarranted fears about security to inhibit their use of public cloud services.” Gartner Source: http://www.gartner.com/technology/reprints.do?id=1-2OEYJKW&ct=150930&st=sbzzz
Session Overview Pillars of Office 365 security Security assessments – common themes How Office 365 security addresses common themes
Security teams: putting the “no” into “technology”.
Leadership in security, privacy & trust Privacy Transparency Compliance Security Continuity No use of data for advertising purposes. No data mining of your data by Microsoft. No co-mingling of consumer and business data. Your data is yours and you can take it any time Customers know where their data is stored Customers know who can access their data and why Customers can stay in the know by choosing to receive updates regarding changes to security, privacy and audit information ISO 27001 • Australia Certified Cloud Services List EU Model Clauses HIPAA-HITECH FERPA FISMA U.K. G-Cloud IL2 CJIS 24 hour monitored physical datacenters Logical isolation of data between tenants Network segregation. Encryption at rest and in transit Data loss prevention Anti-virus/anti spam 99.9% uptime Financial guarantees on uptime Redundancy in both functionality as well data Automated monitoring and recovery systems 24x7 on-call engineering team available to handle issues
Leadership in security, privacy & trust Privacy Transparency Compliance Security Continuity No use of data for advertising purposes. No data mining of your data by Microsoft. No co-mingling of consumer and business data. Your data is yours and you can take it any time Customers know where their data is stored Customers know who can access their data and why Customers can stay in the know by choosing to receive updates regarding changes to security, privacy and audit information ISO 27001 • Australia CertifiedCloud Services List EU Model Clauses HIPAA-HITECH FERPA FISMA U.K. G-Cloud IL2 CJIS 24 hour monitored physical datacenters Logical isolation of data between tenants Network segregation. Encryption at rest and in transit Data loss prevention Anti-virus/anti spam 99.9% uptime Financial guarantees on uptime Redundancy in both functionality as well data Automated monitoring and recovery systems 24x7 on-call engineering team available to handle issues
Office 365 built-in features Identity & Access Management Mobile device and app management Information protection Basic identity management via Azure AD Single sign-on for Office 365 Basic multifactor authentication Basic mobile device management via MDM Device settings management Selective wipe Built into Office 365 Management Console RMS protection via RMS for Office 365 Protection for content stored in Office (on-premises or Office 365) Access to RMS SDK Bring Your Own Key
EMS benefits for Office 365 customers Identity & Access Management Mobile device and app management Information protection Azure AD for Office 365+ Single sign-on for all cloud apps Advanced multifactor authentication for all workloads Self-service group management and password reset with write back to on-premises directory Advanced security reports FIM (now MIM), Server + CAL MDM for Office 365+ PC management Mobile app management (prevent cutting/copying/pasting/saving from corporate apps to personal apps) Secure content viewers Certificate provisioning System Center integration RMS for Office 365+ Protection for on-premises Windows Server file shares Email notifications when sharing documents Email notifications when shared documents are forwarded Enterprise Mobility Suite
Types of assessment Commercial Operational and Data
Top five common risks Data leakage or loss Weak authentication Poor separation of duties Malware / phishing Access from untrusted devices. Have a crack!
Commercial Assessments Trust Center is yourstartingpoint Work with Partners or Microsoft to get additional answers.
NEW! Trust Portal
Anomaly reporting Basic reports include: Sign ins from unknown sources Sign ins after multiple failures Signs from multiple geographies Users with threatened creds.
Admin account protection improvements No longer just one Administrator account Full multi-factor authentication support.
Office 365 Management APIs (preview) Don’t replace the current Reporting API Extends coverage of policy events in both Office 365 and Azure Active Directory Designed primarily for use by ISVs.
Control which devices access your data Support for devices with iOS 7+, Android 4+ Enforce device policy - security, no jailbrake, encryption Supports selective or full device remote wipe.
Extend your protection using EMS Managed iOS/Android apps deployed via Intune Company Portal Blocks copy / paste of content into other apps Includes desktop/laptop management.
Data Leakage Protection Available for Exchange Online, SharePoint Online and OneDrive for Business Access via Compliance Centerin admin portal Australian-centric rules are available for use Rolling out now to tenants.
OneDrive for Business Domain Join Avoid data leakage onto totally unmanaged devices Supports multiple AD directories Relatively new feature – some restrictions: Doesn’t block mobile clients Mac clients are blocked No retrospective file deletion of remote devices.
Key takeaways Office 365 has a strong default security stance Pre-purchase: refer to the five pillars and leverage Trust Center Already using: strengthen admin access with use of roles and MFA leverage DLP and other configurations to increase consider EMS upgrade to access advanced features.
Please do an evaluation! James Lewis james.lewis@kloud.com.au @jimmy_lewis Sydney Office 365 User Group Simon Waight simon.waight@kloud.com.au @simonwaight Sydney Azure User Group http://blog.kloud.com.au/
Complete your session evaluation on My Ignite for your chance to win one of many daily prizes.
Continue your Ignite learning path Visit Microsoft Virtual Academy for free online training visit https://www.microsoftvirtualacademy.com Visit Channel 9 to access a wide range of Microsoft training and event recordings https://channel9.msdn.com/ Head to the TechNet Eval Centre to download trials of the latest Microsoft products http://Microsoft.com/en-us/evalcenter/