lolloj - Fotolia


Seven Office 365 Enterprise security features you should know about

Microsoft's Office 365 plans make a host of apps -- and data -- easily available to users. Expert Reda Chouffani shares seven security and compliance features you should be using.

Like other subscription-based services, Microsoft's Office 365 Enterprise plans make it easier for administrators...

to maintain systems and for users to access programs on any device, anywhere. However, that easy access to data stored in SharePoint, OneDrive, CRM, Delve, Sway and Planner can also create a security and compliance headache.

In response, Microsoft has included a number of data protection capabilities in its cloud-based services to help protect user data. The following features are available as either stand-alone tools or as part of Office 365 Enterprise plans, including E1, E3 and E5:

Data loss prevention (DLP): DLP enables the IT department and compliance teams to implement common data use policies and activate them to block or notify end users and administrators of potential data leaks. Sensitive data such as personally identifiable information, credit card numbers, health records or any other criteria can automatically trigger an event if they are being transmitted via email. DLP has also been enabled for SharePoint to ensure that the data residing in it or OneDrive is monitored and different policies can be applied.

Online Advanced Threat Protection: The new Online Advanced Threat Protection capability can offer the most robust method to help block or prevent some ransomware attacks for the Office 365 E5 plan. Since most recent infections come via email attachments opened by unsuspecting users, Microsoft has established a new way to safely process attachments and determine the security threat of an email. This new functionality helps IT further detect infections hidden in email even when antivirus products are not able to detect them.

Azure Rights Management Services: We've all seen the news stories: An internal email from an executive gets sent to an external address, an account list spreadsheet gets forwarded to a competitor, or an employee copies several contracts onto a USB flash drive and leaves with it on his last day.

The Azure Rights Management Services enables IT to build RMS policies that can be applied to any content, including Word, Excel or PowerPoint documents, in order to restrict access and interactions. For example, if an executive chooses to apply an email policy where the message cannot be forwarded outside of the internal email domain, then RMS will be able to disable the ability to forward or even print the message. If someone who isn't allowed tries to open a document, they won't be able to and a notification will be sent to the document author. The tool is available as part of Office 365 as well as stand-alone, and can be applied to Exchange Online, Exchange on-premises, file servers, SharePoint and OneDrive for business.

Multifactor authentication: Millions of accounts have been leaked from recent hacking incidents like the data breach with LinkedIn. It would not be hard to believe that some corporate users may have had their own passwords exposed to the internet. To help protect against these vulnerabilities, Microsoft provides added protection through multifactor authentication available within Azure Active Directory Premium services. Not only does the platform require users to use two forms of authentication, but it also supports single sign-on capabilities to increase efficiency when accessing multiple systems.

Office 365 admin center reporting tools: There are a number of reports available out of the box within the Office 365 admin report portal. The list ranges from audit trails of administrator access all the way to the DLP policies flagging email and content that meets any of the criteria set by the administrators.

Office 365 Message Encryption: There is always the need for email encryption when handling sensitive data and communicating with external entities. As a result, Microsoft opted to offer its own email encryption service built into it Office 365 Enterprise plans. This capability is highly customizable and allows IT to build policies that can automatically detect and classify email to be encrypted; users can also encrypt email on demand, based on a keyword in the subject line.

Content search and In-Place eDiscovery: A number of IT administrators are finding that they no longer need to maintain a separate platform to manage information searches within SharePoint and Exchange. This is the result of Microsoft offering the same security compliance capabilities in its Office 365 admin portal that are offered by most vendors in the marketplace. One of the biggest values added is that it can search content located in Exchange, SharePoint, Skype for Business and OneDrive for Business. This further centralizes administration and reduces the complexity that had required many in the past to seek multiple packages in order to pull evidence needed in legal cases from multiple data sources.

Microsoft has certainly put a considerable amount of effort into developing security compliance features. Not only is the company ensuring that it meets a number of industry-specific certifications, but it also provides additional tools to help users further enhance the protection of their own data on their own terms, while still meeting some of the standard compliance requirements that are expected. As IT continues to evaluate all the capabilities that Microsoft Office 365 Enterprise offers, it may make sense to look at the tools you already have.

Next Steps

What's the roadmap for Office 365?

See how Office 365 apps work together

The productivity suite smack down

Dig Deeper on Information governance management