This blog is going to cover the basics of Office 365 security and governance and I will follow up with more blog with every feature. Feel free to stop by the Microsoft security & compliance online resource but you will see very soon realize that it is just overwhelming, since there is so much to it. The below options will help you secure your office 365 platform and give you a quick score on your security. Below is a screenshot of a widget which is available in the SCC (security & compliance center)
Moving to a cloud shouldn’t mean losing access to
knowing what’s going on. With Office 365, it doesn’t. Microsoft aims to be transparent in operations so you can
monitor the state of your service, track issues, and have a historical view of availability.
If you are responsible for the security of your office 365 services & data
you will across SCC, this area is mostly for Office 365 admins to security the
Office 365 data & services to meet organizational compliance requirements.
1. Following are the categories to secure
your office 365 services & data:
§ Alerts
§ Permissions
§ Classifications
§ Data Loss Prevention
§ Data Governance
§ threat Management
§ Search & Investigation
§ Reports
§ Service Assurance
Security & Compliance Center availability for different Office 365 plans
Security & Compliance Center availability for Business and Enterprise plans
Feature
|
Office 365 Business Essentials
|
Office 365 Business
|
Office 365 Business Premium
|
Office 365 Enterprise E1
Office 365 US Government G1
|
Office 365 Enterprise E3
Office 365 US Government G3
|
Office 365 Enterprise E5
|
Office 365 Enterprise F1
Office 365 US Government F1
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
No
|
No
|
No
|
No
|
No
|
Yes
|
No
|
|
Threat management such as mail filtering and
anti-malware
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Advanced threat
management such as customer lockbox and threat explorer for phishing
campaigns6
|
No
|
No
|
No
|
No
|
No
|
Yes
|
No
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Data loss prevention |
No
|
No
|
No
|
No
|
Yes
|
Yes
|
No
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
No
|
No
|
No
|
No
|
No
|
Yes
|
No
|
|
Search and investigation |
Yes
|
No
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
No
|
No
|
No
|
No
|
Yes
|
Yes
|
No
|
|
No
|
No
|
No
|
No
|
No
|
Yes
|
No
|
|
Litigation Holds (including
query-based Litigation Holds)
|
No
|
No
|
No
|
No
|
Yes
|
Yes
|
No
|
No
|
No
|
No
|
Yes3
|
Yes4
|
Yes4
|
No
|
|
Manual retention/deletion policies
|
No
|
No
|
No
|
No
|
Yes
|
Yes
|
No
|
Security & Compliance Center availability for Standalone plans
Feature
|
Exchange Online Plan 1
|
Exchange Online Plan 2
|
Exchange Online Kiosk
|
SharePoint Online Plan 1
|
SharePoint Online Plan 2
|
Skype for Business Online Plan 1
|
Skype for Business Online Plan 2
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
No
|
Yes
|
No
|
No
|
Yes
|
No
|
Yes
|
|
Threat management such as mail filtering and
anti-malware
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Advanced threat
management such as customer lockbox and threat explorer for phishing
campaigns
|
No
|
No
|
No
|
No
|
No
|
No
|
No
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Data loss prevention |
No
|
Yes
|
No
|
No
|
Yes
|
No
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
No
|
No
|
No
|
No
|
No
|
No
|
No
|
|
Search and investigation |
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
No
|
No
|
|
No
|
Yes
|
No
|
No
|
Yes
|
No
|
No
|
|
No
|
No
|
No
|
No
|
No
|
No
|
No
|
|
Litigation Holds (including
query-based Litigation Holds)
|
No
|
Yes
|
No
|
No
|
Yes
|
No
|
No
|
Yes
|
Yes
|
No
|
Yes
|
Yes
|
No
|
No
|
|
Manual retention/deletion policies
|
No
|
Yes
|
No
|
No
|
Yes
|
No
|
Yes
|
1.1 Alerts
Alerts is where an organization can configure and manage security
alerts.
This is where a security admin can configure & manage alert
policies, It has the following options:
§ Manage Alerts
§ View Security
Alerts
§ Manage
Advanced Alerts
Security Alerts can also be configured to be sent out an email notification.
Alerting with Advanced Security Management also needs to be switched on
Advanced
Security Management includes:
§ Threat
detection—Helps you identify high-risk and abnormal usage, and security incidents.
§ Enhanced control—Shapes your
Office 365 environment leveraging granular controls and security policies.
§ Discovery and
insights—Get enhanced visibility into your Office 365 usage and shadow IT
without installing an endpoint agent.
1. 2 Permissions
Assign permissions to people in your organization
so they can perform tasks in the Security & Compliance Center. Although you
can use this page to assign permissions for most features in here, you'll need
to use the Exchange admin center and SharePoint to set permissions for others.
Permissions in the Security & Compliance Center are based on
the same Role Based Access Control (RBAC) permissions model that is used in
Exchange Online. To access the Security & Compliance Center, users need to
be a member of one or more Compliance Center role groups that are listed on
the Permissions page.
Below is a list of Security & Compliance Center role
groups:
1.3 Classification
This is where data can be classified using with
labels, you can classify data across your organization for governance, and
enforce retention rules based on that classification.
For example, you might have:
§ Tax forms
that need to be retained for a minimum period.
§ Press
materials that need to be permanently deleted when they reach a
certain age.
§ Competitive
research that needs to be both retained and then permanently
deleted.
§ Work visas
that must be marked as a record so that they can’t be edited or
deleted.
With labels, you can:
§ Enable people in your organization to apply a label
manually to content in Outlook on the web, Outlook 2010 and later,
OneDrive, SharePoint, and Office 365 groups. Users often know best what type of
content they’re working with, so they can classify it and have the appropriate
policy applied.
§ Apply labels to content automatically if it matches specific
conditions, such as when the content contains:
o
Specific types of sensitive
information. This is available for content in SharePoint and OneDrive.
o
Specific keywords that match a
query you create. This is available for content in Exchange, SharePoint,
OneDrive, and Office 365 groups.
The ability to apply labels to
content automatically is important because:
§ You don’t need to train your users on all your classifications.
§ You don’t need to rely on users to classify all content correctly.
§ Users no longer need to know about data governance policies – they
can instead focus on their work.
§ Note that auto-apply labels require an Office 365 Enterprise E5
subscription.
§ Apply a default label to a document library in SharePoint and
Office 365 group sites, so that all documents in that library get the default
label.
§ Implement records management across Office 365, including both
email and documents. You can use a label to classify content as a record. When
this happens, the label can’t be changed or removed, and the content can’t be
edited or deleted.
§ You create and manage labels on the Labels page in the
Office 365 Security & Compliance Center.
1.4 Data Loss
Prevention
for Organizations to protect sensitive
information, prevent its disclosure organization need to comply with several
standards and industry regulations.
Examples of sensitive information might be
personally identifiable information (PII) like a medical record, social security information etc. DLP (data loss
prevention) can be used to identify, monitor and protect sensitive information
across office 365 platform.
§ Identify
sensitive information across many locations, such as Exchange Online,
SharePoint Online, and OneDrive for Business.
§ Prevent the
accidental sharing of sensitive information
§ Monitor and
protect sensitive information in the desktop versions of Excel 2016, PowerPoint
2016, and Word 2016.
§ Help users
learn how to stay compliant without interrupting their workflow.
§ View DLP
reports showing content that matches your organization’s DLP policies.
1.5 Data Governance
Data governance is all about keeping your data
around when you need it and getting rid of it when you don't. With data
governance in Office 365, you can manage the full content lifecycle, from
importing and storing data at the beginning, to create
policies that retain and then permanently delete content at the end.
You can import email from other systems, enables archive mailboxes
or set policies for
retaining email and other content within your organization
§ Import -
Import PST files to Exchange mailboxes then you can use the Intelligent Import
feature to filter the items in PST files that get imported to the target
mailboxes.
§ Archive - Archive
mailboxes to provide additional email storage for the people in your
organization. Enable or disable a user's archive mailbox
§ Retention - Create a policy to retain what you want and get rid of
what you don't. While your organization may be required to retain content for a
period of time because of compliance, legal, or other business requirements,
keeping content longer than required might create unnecessary legal risk.
§ Supervision - Supervision lets you define policies that capture email and
3rd-party communications in your organization so they can be examined by
internal or external reviewers. Reviewers can then classify these
communications, make sure they're compliant with your organization's policies,
and escalate questionable material if necessary.
1.6 Threat Management
§ help control and manage mobile device access to your organization's data
§ help protect your organization from data loss
§ help protect inbound and outbound messages from malicious software and spam
§ to protect your domain's reputation and to determine whether senders are maliciously spoofing accounts from your domain
Options
for creating threat management policies:
1.7 Search & Investigation
This feature can be used to search
through ALL the content of your organization. Everybody's email, documents,
Skype conversation history, everything really.
few things that can be done here
are
§ Content Search:
This is the neatly ordered and automated version of the admin power-trip.
You can search through ALL the content of your organization. Everybody's email,
documents, Skype conversation history, everything really.
§ Audit Log Search
You can view ALL actions in your Office365 organization. Who
accessed what, who shared what, which admin deleted that group? Every action is
taken within Office365 with a bunch of
predefined result-filters.
§ eDiscovery
eDiscovery is the tool you use when you need to prove something.
It does not just do the whole search all the contents!!!', it logs the actual
search criteria so an investigator (read: non-it-admin, for instance, someone from the legal
department) can not only produce the requested data, but also show how they acquired it. It also lets you delegate the
searching for this data to a
specific group of users (so legal can do it themselves without
granting them uber-admin rights) AND you can save the query so they can run it
whenever they like (so no more 'hey all that boring search-work you did for us
last Friday, can you do that again, every Friday for the next 12 months or
so?').
·
Productivity app discovery
1.8 Reports
There are whole bunch of reports here that can be used to help you understand
how your organization is using Office 365, including reports related to
auditing, device management, Supervisory review, and data loss prevention. View
user activity reports such as sign-ins for
SharePoint Online, Exchange
Online, and Azure Active Directory
1.9 Service Assurance
Service assurance is used to
access details of how Microsoft keeps office 365 customer safe and meets
industry compliance requirements, some of the documents you can see here are:
§ Microsoft security practices for customer data that is stored in
Office 365.
§ Independent third-party audit reports of Office 365.
§ Implementation and testing details for security, privacy, and
compliance controls that Office 365 uses to protect your data.
You can also find out how Office
365 can help customers comply with standards, laws, and regulations across
industries, such as the:
§ International Organization for Standardization (ISO) 27001 and
27018
§ Health Insurance Portability and Accountability Act of 1996
(HIPAA)
§ Federal Risk and Authorization Management Program (FedRAMP)