Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
Thomas Vochten
23/09/2016
Data Protection & Security in Office 365
Thomas Vochten
SharePoint architect. Microsoft MVP.Speaker. Trainer. Involuntary DBA.
@thomasvochtenhttp://[email protected]
• Let’s talk about trust
• Protecting your data
• Advanced Security Management
• Secure cloud access
• Mobility
• Office 365 Plans & Addons
Agenda
Let’s talk about trust
PrivacyComplianceOperations
Privacy
• Data Ownership
• Data Processing
• Privacy Controls
Compliance
• Independent Verification
• Proactive Approach
• Customer Control
Operations
• Data location & access
• Human escalation points
• Accountability
Where is my Office 365 Data Located?
Protecting your data
Data Encryption in Rest
Volume level encryption
• Uses BitLocker
• For all volumes containing customer data
• AES 128-bit+ encryption
• Master keys are stored securely
Data Encryption in Rest
File level encryption
• Files are broken into chunks through “Shredded Storage”
• Each chunk is encrypted using its own unique key
• Chunks are stored in multiple Azure storage accounts,
• Distributed across multiple datacenters
• Encryption keys are encrypted too
• Mappings are stored in a content database
Customer Lockbox
• Microsoft support does not have access to your data
• Explicit data access authorization by the customer
• Customer holds the key and the final authorization
E5 only
Customer Lockbox
Data Encryption in Transit
Protection with TLS 1.2 & HSTS
https://en.wikipedia.org/wiki/Transport_Layer_Securityhttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Data Encryption in Transit
Protection with TLS 1.2 & HSTS
• All customer-facing endpoints are protected with TLS & HSTS
• Traffic between MSFT datacenters is protected with application-layer encryption and network transport layer encryption
A-Grade Encryption
https://www.ssllabs.com/ssltest/analyze.html?d=microsoft.sharepoint.com&s=104.146.212.14&latest
Information Rights Management
Customer-managed encryption
• Based on Azure Rights Management
• Encryption, identity, and authorization policies
• Inside and outside your organization
• You can provide a key yourself if you want (BYOK)
Information Rights Management
Customer-managed encryption
• Overrides permissions
• Works across devices
• Office Integration
Information Rights Management
DEMO
Data Loss Prevention - What does it provide?
• Identify sensitive information across Office 365
• Block access to content or
• Educate users about sensitive information
• Prevent accidental sharing
• Office 2016 client integration
• Reporting capabilities
Data Loss Prevention -End-User Experience
Data Loss Prevention - Policies
Data Loss Prevention - Information Types
https://support.office.com/en-us/article/What-the-sensitive-information-types-look-for-fd505979-76be-4d9f-b459-abef3fc9e86b
Data Loss Prevention
DEMO
Content Search
• Discover content across all Office 365 content sources• SharePoint
• OneDrive for Business
• Exchange
• Search and preview
• Exporting capabilities
• Special permissions required
• Simpler to use than eDiscovery
Content Search
DEMO
Advanced Security Management
Advanced Security Management
• Beyond standard auditing & reporting
• Alerts on potential security problems
• Usage analysis
• App usage analysis
Advanced Security Management
Advanced Security Management
DEMO
Secure cloud access
Multi Factor Authentication
• Easy to enable
• Multiple authentication mechanisms• Call to phone
• Text message to phone
• Notification through mobile app
• Verification code from mobile app
• App passwords for legacy apps
Multi Factor Authentication
DEMO
Controlling external access
Fine grained control over logon, access and sharing with externals
Mobility
Mobile Device Management
Control mobile devices:
• Provision
• Configure
• Monitor
• Actions
MDM
• Included with many O365 plans
• Managed through O365
• Less supported clients
• Focus on security policies
InTune
• Paid subscription
• InTune admin console
• More supported clients
• Full featured
Part of the Enterprise Mobility & Security offering (EMS)
MDM versus InTune
Bonus: Join your device to Azure AD & Office 365
Mobile Device Management
DEMO
Office 365 Plans & Addons
Features Office 365 Services $8 $20 $35
Business Class Email and Calendars Exchange Online 50 GB Unlimited Unlimited
Social, Video, Sites, Work Management Yammer, O365 Video, SharePoint Online, Planner
New
●New
● ●
IM, Online Meetings, Meeting Broadcast Skype for Business
New
●New
● ●
File Storage, Sharing, Information Discovery OneDrive for Business, Delve ● ● ●
Office Online ● ● ●
Office Client Apps Office 365 ProPlus ● ●
Archiving, Rights Management, Data Loss Prevention, EncryptionNew
● ●
Advanced Security Management, Advanced eDiscovery, Secure Attachments and URLs,
Access Control●
Analytics Power BI Pro, Delve Analytics ●
Cloud PBX Skype for Business ●
PSTN Conferencing* Skype for Business ●
Enterprise Plan Add-ons
PSTN Calling** Skype for Business +$24
CRM Online Professional Dynamics +$50 +$50
Office 365 Enterprise Suites
45
New Office 365 Premium Add-ons
Exchange Online* Included Add-on Add-on $2
Exchange Online or
SharePoint OnlineIncluded Add-on Add-on $2
Exchange Online Included Add-on Add-on $4
None Included Add-on Add-on $10
Exchange Online or
SharePoint OnlineIncluded Add-on Add-on $8
None Included Add-on Add-on $3
Skype for Business
Online Plan 2Included Add-on N/A $8
Skype for Business
Online Plan 2Included Add-on Add-on $4
Skype for Business
Online Plan 2
+
Cloud PBX
Add-on Add-onCloud PBX Required
N/A $12/$24
Add-ons are SKUs that can be added to an
existing suite or service
Secure & Productive Enterprise Licensing
All productivity & security related features in a single license.
Coming soon!
Enterprise Mobility & SecurityWindows 10 Enterprise
SharePoint Roundtable
7 October 2016 - Microsoft Offices in Zaventem
Data Protection, Security and Compliance in Office 365
Tuesday, 18 October 2016 | https://www.xylos.com/nl/corporate/events/explore-new-digital-ways