The Complete Guide To Office 365 Security: Administrative Controls
By Katie ThorntonWhile Office 365 is a service that is managed by Microsoft, there are still many tools and controls within the platform whereby customers can manage security, compliance, and ongoing platform governance to meet the more granular controls of the platform. In today’s post we’ll be discussing 10 controls administrators can implement to enhance their Office 365 Security experience.
Rights Management Services
Rights management offers users an encryption service using 128-bit AES and policies on email or documents. This allows individuals and administrators to specify access permissions to documents, workbooks, and presentations. This then ensures appropriate use of content, by the right people. Sensitive information is at a lesser risk of becoming printed, forwarded, or copied by unauthorized parties.
TechNet article: What is Azure Rights Management?
Multi-Factor Authentication
Put simply, multi-factor authentication enhances your level of security by requiring a second piece of verification for multi-device, mobile, and the cloud centric world. This second requirement could be a password or a PIN in addition to a user’s identity. In short, it helps you to better understand who is accessing your system.
Office Support: Set up multi-factor authentication for Office 365
Privacy Controls for Sites, Libraries, and Folders
These privacy controls are methods and APIs, primarily the Office 365 Management Activity API, that give organizations greater visibility into actions taken on content, and the ability to manage access. SharePoint Online, a key component service of Office 365 that provides collaboration functionality, has a number of privacy controls. These privacy controls allow you to review a wide range of logs on user interactions with content so you can create better policies for ongoing monitoring, analysis, and data visualization.
Office Support: Control user access with permissions
Office blog: Enhancing transparency and control for Office 365 customers
S/MIME
A Secure/Multipurpose Internet Mail Extension, or S/MIME, is a widely-accepted standard for public key encryption and MIME data (digital signatures). It enables encryption of your email messages and allows for the originator to digitally sign the message to protect the integrity and origin of the message.
TechNet article: S/MIME for message signing and encryption
Video tutorial: Encryption in Microsoft Office 365
Privacy Controls for Communications
Privacy controls for communications are great tools to help control the visibility of your organization both inside and outside of your company. For example, Skype for Business offers real-time communication, and there are both administrator and user level controls that allow you to block communication with external users.
Office Support: Control access to your presence information in Skype for Business
Office 365 Message Encryption
Message encryption for O365 allows you to send and receive encrypted email as easily as normal email. Sensitive information is protected when leaving your system, based on policy rules and compliance standards that admins control. Using this service alleviates the cost of third-party infrastructure and eliminates the need for certificates, by using the recipient’s own email as the public key.
Office blog: Introducing Office 365 Message Encryption: Send encrypted emails to anyone!
TechNet article: Office 365 Message Encryption FAQ
Video tutorial: What controls do we provide to protect your data in transit in Office 365?
Role Based Access Control
Role based access control grants access to users based on role assignment, role authorization, and permission authorization. So, administrative controls can be delegated across your company, with different users allotted access to different parts of the O365 environment. They can easily be granted permissions to subset areas, while still giving administrators visibility into the delegation of roles across O365.
Office Support: Assigning admin roles in Office 365
Office Support: Permissions in Office 365
Exchange Online Protection
Exchange Online Protection is a hosted email security service within Office 365. It works to find malware, spam, and viruses with near real-time reporting. Admins can manage a company’s antivirus and antispam settings right from the O365 console. Policy-based filtering and message tracing are also included in reporting to better ensure security and compliance standards are being met.
TechNet article: Exchange Online Protection details
TechNet article: Exchange Online Protection overview
Identity Management
Identity management is the process of identifying users and controlling their access to resources within the system. This tool offers various options for identity management, such as cloudbased identity or federated identities, to then integrate into the O365 identity management system based on the security needs within an organization.
Office Support: Understanding Office 365 identity and Azure Active Directory
TechNet article: User Account Management
Microsoft Virtual Academy: Office 365 Identity Management
Mobile Device Management
Mobile device management grants you control over the access to Office 365 from a diverse range of phones and tablets. Devices can also run on any operating system (iOS, Android, or Windows). This tool helps you manage security policies across the various devices so that compliance and governance policies are being met from any access point into your environment.
Office blog: Introducing built-in mobile device management for Office 365
So there you have it, 10 administrative controls that will help you become a master of your Office 365 security and environment. Now go forth, and grant access- wisely!
For the complete guide to Office 365 security, download the eBook below.