Microsoft Office 365 is popular because of its mobility and collaboration features. However, in a cloud-hosted environment, security is the main concern because new threats are constantly introduced. Your organization, therefore, needs to use all the tools at your disposal to secure your customers’ data.
This is why Office 365 offers built-in capabilities and customer controls to help customers meet compliance standards. Let’s look at the security and governance feature available in all major services.
1) Multi-Factor AuthenticationMulti-factor authentication requires more than just a username and password. After users logged in with a username and password, they’ll receive a phone call or text message (depending on the configuration). Then they either answer the call or enter the access code received via text into the browser.
This can be set up on a user-by-user basis. For example, if you only want to set MFA on a particular group such as higher officials or company leads and not on the entire organization, it can be done with few clicks.IP addresses can be whitelisted, meaning that, when users are at the office, they don’t need to use multi-factor authentication. This will only be required if they’re somewhere else.
2) App Passcode
An app password is a code that gives an app or device permission to access an Office 365 account of your users. If you’re using Multi-Factor Authentication and want to use applications that connect to your Office 365 account, you will need to create an Office 365 App Password. This is to enable the App to connect to Office 365.
For example, if you’re using Outlook 2016 or an earlier version, Apple Mail App, Skype for Business or any other third party client with Office 365, you’ll need to create an App Password.
3) Office 365 Trust Center
Microsoft created a site called Office 365 Trust Center. It covers everything regarding security, including:
Physical security: Can people walk in and out at data centers? How are the buildings physically secured?
Logical security: How are servers configured? What kind of network security is applied? What kind of auditing is implemented?
Data security: How is the actual data secured? If someone gains access to the database, are they able to read your data?
4) Role-Based Access ControlRole-Based Access Control (RBAC role) is a feature designed to control the administrative access over different services across Office 365. It requires the ability to control these services by separate administrators.
The best example to have such role-based access on the services is the following: let’s say you hired a SharePoint Developer, who will be designing and customizing your SharePoint sites, for a short time period. In that case, he will need admin level access to the SharePoint admin center.
In the Security and Compliance Center, you can track a new activity and monitor user’s actions on the portal. You can configure policies to get alerts when updates take place. If a user performs any new update activity, an alert is triggered as per the conditions applied by the administrator.
6) Audit Log Search
In large organizations, it is a very common requirement to track the user and administrator’s actions on the services. Whether it is an administrator going rogue or a regular user deleting an important business document, it is equally harmful to an organization. While there are many ways to restrict and control access to Office 365, it is still important that there’s an audit log available with this required information.
7) Azure AD Connect and Single Sign OnAzure Active Directory provides access control and identity management capabilities for Office 365 cloud services. Azure AD Connect allows you to synchronize on-premises active directory objects with Microsoft Office 365 cloud services. This allows you to provide a common identity for your users for Office 365, Azure, and SaaS applications integrated with Azure AD.
Azure AD Connect is made up of three main components, namely Sync Services, AD FS and Health Monitoring. The Sync services component is the old DirSync and is responsible for replicating on-premises Active Directory users and groups to the Office 365 cloud. AD FS is an optional component and can be used to set up a Hybrid environment with Office 365. Features like SSO, sign-on policy, smart cards, etc. are available after Hybrid setup.
8) Mobile Device Management via Intune
Intune is Microsoft’s mobile device and mobile application management solution. It’s typically available as part of Microsoft’s Enterprise Mobility + Security licensing bundle. Intune allows you to manage employee mobile devices and apps from a single dashboard. Manage across Android, iOS and Window devices. It also allows you to centrally manage the deployment of updates and applications to keep your workers at peak productivity. Key features of Intune are:
- Protect your company information by helping to control the way your workforce accesses and shares it.
- Manage the mobile devices your workforce uses to access company data.
- Manage the mobile apps your workforce uses.
- Ensure devices and apps are compliant with company security requirements.
- Apply conditional access policies so users can follow organization-based access policies even when they are not on the office premises.
9) Microsoft Advanced threat AnalyticsAdvanced Threat Analytics is meant to help businesses block targeted attacks by automatically analyzing, learning and identifying all normal and abnormal behavior.
Microsoft ATA can identify advanced persistent threats, as well as other malicious activity, better than traditional defenses because it is continuously learning about how users, devices, and network resources interact. It is also able to detect when these patterns change.
10) Password Policy
Every user account that needs to sign in to Office 365 must have a unique user principal name (UPN) or LOGIN ID attribute value associated with their account. Password restrictions are mentioned below:
- 8 characters minimum and 16 characters maximum
- Strong passwords only: Requires 3 out of 4 of the following:
- Lowercase characters
- Uppercase characters
- Numbers (0-9)
- Symbols (see password restrictions above)
You can set password expiration as per your company policy. This configuration can be done via PowerShell or from the Office 365 Admin Center Security settings.
After 10 unsuccessful sign-in attempts (wrong password), the user will be locked out for one minute. Further incorrect sign-in attempts will lock out the user for longer.
Our Office Address | Network Security Services Surrey:-
7404 King George Blvd., Suite 200
Surrey, BC V3W 1N6