Office 365 Data Security & Compliancy
description
Transcript of Office 365 Data Security & Compliancy
![Page 1: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/1.jpg)
Office 365Data Security & Compliancy Jethro Seghers
MVP Office 365MCITP SharePoint 2010ITILv3 Certified
![Page 2: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/2.jpg)
@jseghers – http://www.j-solutions.be/blog
Blogger
Twitter: @jseghersE-mail: [email protected]: http://www.j-solutions.be/blog
Consultant
Jethro Seghers
Trainer
![Page 3: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/3.jpg)
@jseghers – http://www.j-solutions.be/blog
J-Solutions.be Located in Belgium Provides IT Business Consultancy
SharePoint 2010 and Online Cloud Services – Office 365 and Windows Intune IT as a service – MOF and ITIL v3
![Page 4: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/4.jpg)
@jseghers – http://www.j-solutions.be/blog
Agenda Office 365 Terminology Infrastructure settings Exchange Online Lync Online SharePoint Online Sources of Information
![Page 5: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/5.jpg)
Data Security
![Page 6: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/6.jpg)
The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure
![Page 7: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/7.jpg)
Data Compliance
![Page 8: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/8.jpg)
Compliance is either a state of being in accordance with established guidelines, specifications, or legislation or the process of becoming so
![Page 9: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/9.jpg)
BRINGING TOGETHER CLOUD VERSIONS OF OUR MOST TRUSTED COMMUNICATIONS AND COLLABORATION PRODUCTS WITH THE LATEST
VERSION OF OUR DESKTOP SUITE FOR BUSINESSES OF ALL SIZES.
![Page 10: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/10.jpg)
Infrastructure
![Page 11: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/11.jpg)
@jseghers – http://www.j-solutions.be/blog
Overview Microsoft Datacenters & their locations DataFlow Privacy Encryption Identity Protection Password Policies
![Page 12: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/12.jpg)
@jseghers – http://www.j-solutions.be/blog
Microsoft Datacenters . Physical Security
Secure physical access for authorized personnel only State of the Art datacenters
Hosted Applications Security Anti SPAM Encryption Mail
Security Development Lifecycle Potential threats while running a service Exposed aspects of the service that are open to attack
![Page 13: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/13.jpg)
@jseghers – http://www.j-solutions.be/blog
Microsoft Datacenters .. Secured Office 365 Services Infrastructure
Server Monitoring via System Center Secure Remote Access via RDS Intrusion Detection
Network-level Security Measures Customer Access via SSL Uptime 99,9 %
Identity & Access Management Access control follows the separation of duties
principle and granting least privilege.
![Page 14: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/14.jpg)
@jseghers – http://www.j-solutions.be/blog
Where is our data stored: Example: EMEA A primary data center is where the application
software and the customer data running on the application software are hosted.
A backup data center is used for failover purposes Data center Dublin: Primary for F.O.P.E. Data center The Netherlands: SharePoint Online Dublin + The Netherlands: interchangeably
Exchange Online + Lync Online
![Page 15: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/15.jpg)
@jseghers – http://www.j-solutions.be/blog
What is stored in the US: EMEA Customer Information Microsoft Online Portal Routing Lync Online Communications Office 365 Authentication
Additionally, Microsoft abides by the Safe Harbor Framework for transfer of data between the European Union and the United States.
![Page 16: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/16.jpg)
@jseghers – http://www.j-solutions.be/blog
Privacy .Microsoft Online Services Customer Data
Usage Data Account andAddress Book Data
Customer Data(excluding CoreCustomer Data)
CoreCustomer Data
Operating and Troubleshooting the Service
Yes Yes Yes Yes
Security, Spam and Malware Prevention
Yes Yes Yes Yes
Improving the Purchased Service, Analytics
Yes Yes Yes No
Personalization, User Profile Promotions
No Yes No No
Communications (Tips, Advice, Surveys, Promotions)
No Yes No No
![Page 17: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/17.jpg)
@jseghers – http://www.j-solutions.be/blog
Privacy ..Microsoft Online Services Customer Data
Usage Data Account andAddress Book Data
Customer Data(excluding CoreCustomer Data)
CoreCustomer Data
Voluntary Disclosure to Law Enforcement
No No No No
Advertising No No No No
![Page 18: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/18.jpg)
@jseghers – http://www.j-solutions.be/blog
Encryption HTTPS Communication with
portal.microsoftonline.com HTTPS Communication between clients and
Exchange Online for all protocols PGP: Transportation and storage of Exchange
Online Messages Lync Online: Instant Messaging, IM Federation SharePoint Online: HTTPS Connection (only for
Enterprise)
![Page 19: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/19.jpg)
@jseghers – http://www.j-solutions.be/blog
Identity Protection Identity stored in Microsoft Online Identity federation via SSO Granular Licenses Different Administrator Roles
![Page 20: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/20.jpg)
Bronze Sky customer premises
Identity architecture: Identity options1. Microsoft Online IDs
ADMS Online
Directory Sync
Identity platform
Provisioningplatform Lync
Online
SharePoint Online
Exchange Online
FederationGateway
Active Directory Federation Server
2.0
Trust
IdP DirectoryStore
Admin Portal
Authentication platform IdP
Service connector
Microsoft Office 365 Services
2. Microsoft Online IDs + DirSync3. Federated IDs + DirSync
![Page 21: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/21.jpg)
Identity options comparison1. MS Online IDs
Appropriate for• Smaller organizations
without AD on-premise
Pros• No servers required on-
premise
Cons• No SSO• 2 sets of credentials to
manage with differing password policies
• Users and groups mastered in the cloud
2. MS Online IDs + Dir Sync
Appropriate for• Orgs with AD on-premise
Pros• Users and groups mastered
on-premise• Enables co-existence
scenarios
Cons• No SSO• 2 sets of credentials to
manage with differing password policies
• Single server deployment
3. Federated IDs + Dir Sync
Appropriate for• Larger enterprise
organizations with AD on-premise
Pros• SSO with corporate cred• Users and groups mastered
on-premise• Password policy controlled
on-premise• Enables co-existence
scenarios
Cons• High availability server
deployments required
![Page 22: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/22.jpg)
@jseghers – http://www.j-solutions.be/blog
Password Policy Password Restriction: 8 characters minimum and
16 characters maximum Values allowed:
A-Z a-z 0-9 ! @ # $ % ^ & * - _ + = [ ] { } | \ : ‘ , . ? / ` ~ “ < > ( ) ; No UNICODE
Cannot contain the username alias (part before @ symbol) Password expiry duration:
This is set to 90 days and is not configurable
![Page 23: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/23.jpg)
@jseghers – http://www.j-solutions.be/blog
Password Policy Password expiry:
Can be enabled/disable via powershell at user level Password strength
Strong passwords require 3 out of 4 of the following: Lowercase characters Uppercase characters Numbers (0-9) Symbols (see password restrictions above)
Password history Last password cannot be used again
![Page 24: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/24.jpg)
@jseghers – http://www.j-solutions.be/blog
Password Policy Account Lockout
After 10 unsuccessful logon attempts (wrong password), the user will need to solve a CAPTCHA dialog as part of logon.
![Page 25: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/25.jpg)
Is this Independently Verified?
![Page 26: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/26.jpg)
@jseghers – http://www.j-solutions.be/blog
MS Online Certification and Compliance Finder Certified for ISO 27001 EU Safe Harbor HIPAA-Business Associate Agreement Data Processing Agreement FISMA
![Page 27: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/27.jpg)
Exchange Online
![Page 28: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/28.jpg)
@jseghers – http://www.j-solutions.be/blog
Exchange Online . Archiving
100 GB for E Subscriptions – 25 GB for P Subscriptions Moderation Security/Distribution Groups Item Level Recovery
14 days Transport Rules Retention Policies – Managed Folder Assistent Deleted Mailbox Recovery
Within 30 days
![Page 29: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/29.jpg)
@jseghers – http://www.j-solutions.be/blog
Exchange Online .. Journaling F.O.P.E. Auditing Retention Hold
Only via PowerShell Disables Retention Policies on Mailbox
Litigation Hold Only via PowerShell Logging of every change on a Mailbox
Mobile Device
![Page 30: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/30.jpg)
DEMO
![Page 31: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/31.jpg)
Lync Online
![Page 32: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/32.jpg)
@jseghers – http://www.j-solutions.be/blog
Lync Online Privacy Settings External Communications User Defined Settings
Sending files via IM Make audio and video calls Record Call and conferences Federation with Lync users in other organizations Federation with Users of public IM service providers Dial-in Conferencing
![Page 33: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/33.jpg)
DEMO
![Page 34: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/34.jpg)
SharePoint Online
![Page 35: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/35.jpg)
@jseghers – http://www.j-solutions.be/blog
SharePoint Online . Information Management Policy – Records Use Of Term Store & Required Fields – Content
Types Drop Off Library Audit Blocked File Types Security Versioning Recycle Bin Backup: 14 days
![Page 36: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/36.jpg)
@jseghers – http://www.j-solutions.be/blog
SharePoint Online .. Governance defines your security and compliancy
Very hard to maintain and to make it required. Missing functionalities that are available on Premise.
![Page 37: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/37.jpg)
DEMO
![Page 38: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/38.jpg)
@jseghers – http://www.j-solutions.be/blog
3rd Party Tools Backup SharePoint Online:
Metavis AvePoint: DocAve Online
Compliance Tools: Axceler: Control Point AvePoint: DocAve Online
![Page 39: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/39.jpg)
@jseghers – http://www.j-solutions.be/blog
Sources Of Information Office 365 Trust Center : http://
www.microsoft.com/en-us/office365/trust-center.aspx
Service Description Office 365 Password Policy Security White Paper Data Boundaries
![Page 40: Office 365 Data Security & Compliancy](https://reader035.fdocuments.us/reader035/viewer/2022062315/56815e90550346895dcd21b3/html5/thumbnails/40.jpg)
Questions