Microsoft Office 365 is the fastest growing cloud-based collaboration and productivity platform adapted by Enterprises across the globe. This enables companies always own the latest versions of Excel, Word, PowerPoint and Outlook, as well as cloud-based collaboration and productivity platforms, namely OneDrive, Exchange Online, Yammer, and SharePoint Online. And thus, the companies enjoy enormous power with a complete pack of technologies under a single umbrella of Office 365 for skyrocketing its business productivity.
There’s an old saying “With Great Power Brings Great Responsibility “, and here arise the concerns for security. To address these security concerns, Microsoft Office 365 emerges with its inbuild security modules. These are multi-factor authentication, IP filtering, single sign-on, rights management, S/MIME, and message encryption. Each of these capabilities strengthens the protection for corporate data. Microsoft’s cloud-based productivity suite also boasts numerous security certifications including ISO 27001, ISO 27018, SAS 70, SSAE16, and ISAE 3401.
In this blog article we will touch base these 6 protectors of your intellectual assets in Office 365.
Single sign-on means one password to use for all their applications, which allows a centralized place to manage password policies alongside of user convenience. Office 365 supports popular third-party identity providers including One Login, and Ping Identity, and Centrify. Microsoft’s own single sign-on solution in Azure Active Directory. Using user can log not only to Microsoft cloud application but others as well.
Multi-Factor authentication, as the name says, provision for secondary authentication after a username and password has been submitted by user. This method will restrict an intruder from login, even the username and password are being stolen. The secondary authentication methods supported by Office 365 include the use of mobile app notification, a one-time password generated by a mobile app or sent to the user via a phone call or SMS text message, and per-app passwords used with clients such as Outlook.
IP Filtering is a network level security process where only IP Whitelist and Trusted IPs are allowed either from corporate network or accessing via VPN to the cloud services. This mechanism also supports (especially for customers vendors etc.) using either Azure Active Directory or federating user identity with their on-premise Active Directory. or third-party single sign-on solutions.
RIGHTS MANAGEMENT SERVICE
Microsoft RMS to protect documents stored on-premises by extending information rights management policies to OneDrive, Exchange Online, and SharePoint Online. During document creation, it’s mandatory to bind Azure Active Directory with Azure Rights Management. This enables user to restrict the document to the intended users and groups, where RMS requires the user to be running client software to access the document and ask to print, edit, or save new versions of the document as permitted by document creator.
Message Encryption allows sender to send an encrypted message to one or more recipient. The recipient receives an email with a link to a page on a download portal where they authenticate using their corporate or O365 login or a one-time passcode and view the message.
SECURE MULTIPURPOSE INTERNET MAIL EXTENSION (S/MIME) uses certificates to digitally sign and optionally encrypt the email content. Digitally signing the email ensures that the message content hasn’t been altered or tampered. It requires users to access their email through a client like Outlook for setup user certificates.
Apart from the above security features Microsoft operates on a shared responsibility model. They take responsibility for protecting its cloud infrastructure; whenever they detect fraud and abuse and respond to incidents by notifying customers. At this stage, customers are responsible for implementing enforcing compliance and governance policies for restricting any glitch of Office 365 security across the organization.
So, why not implement compliance and governance policies at first place?