We had a packed house at the new Microsoft Technology Center downtown for our Office 365 Summit. We assembled a team of experts to share best practices on Security for Office 365, PowerApps and Microsoft Stream with tech leaders from around Metro Detroit.
Keeping data and identities secure is a top priority of all businesses large and small. In the past the primary way of securing data was to introduce a firewall on the front end of the network and install Anti-Virus protection on the end points. This may have worked in the past but malicious attacks are getting more and more sophisticated and data thieves are getting more creative in their approach to steal data and compromise identities. There have been many reports in the news lately of large data breaches against well-known reputable companies. One method that hackers and data thieves use is phishing. A hacker will impersonate a valid identity and send emails with an attachment, as soon as that attachment is opened the network and data have been compromised. Credential theft has become a major issue.
Office 365 offers threat protection. Protection against advanced threat protection against advanced threats. Here is a summary of some of the Microsoft O365 security offerings:
- Exchange Online Protection: Protection against spam and malware and the ability to maintain access to email during and after emergencies. EOP, o365 ATP, O365 threat intelligence
- Office 365 Advanced Threat Protection: Protect your mailboxes, files, online storage, and applications against new, sophisticated attacks in real time. It offers holistic protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
- Office 365 Threat Intelligence: A collection of insights and information available in the Office 365 Security & Compliance Center. These insights can help your organization’s security team protect Office 365 users from attacks. Office 365 Threat Intelligence monitors signals and gathers data from multiple sources, such as user activity, authentication, email, compromised PCs, and security incidents. Business decision makers and Office 365 global administrators, security administrators, and security analysts can all use the information Office 365 Threat Intelligence provides to understand and respond to threats against Office 365 users and intellectual property.
- Microsoft Intune MAM (Mobile Application Management): MAM protects an organization’s data within an application. With MAM without enrollment (MAM-WE), a work or school-related app that contains sensitive data can be managed on almost any device, including personal devices in bring-your-own-device (BYOD) scenarios. Many productivity apps, such as the Microsoft Office apps, are able to be managed by Intune MAM. App protection policies are rules that ensure an organization’s data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move “corporate” data, or a set of actions that are prohibited or monitored when the user is inside the app.
There is a cyber-security framework that should be followed to make sure your Office 365 and network infrastructure is properly secure.
- Identify: Identify threats before the infiltrate your environment
- Protect: Supports the ability to limit or contain the impact
- Detect: Enables timely discovery of cyber-security events
- Respond: Respond to threats in timely and proactive manner
- Recover: Planning and improvements in remediation and communications
Office 365 has a built-in security feature Secure Score. Secure Score figures out what services you’re using (like OneDrive, SharePoint, and Exchange) then looks at your settings and activities and compares them to a baseline established by Microsoft. You’ll get a score based on how aligned you are with best security practices. Using Secure Score helps increase your organization’s security by encouraging you to use the built-in security features in Office 365 (many of which you already purchased but might not be aware of). Learning more about these features as you use the tool will help give you piece of mind that you’re taking the right steps to protect your organization from threats. If you want to improve your score, review the action queue to see what you can do to help increase security and reduce risks.
In conclusion, Office 365 Security should be taken very seriously. The threats to steal identities and data are ever increasing from individuals, organizations, terrorist groups and foreign governments. Data loss and stolen identities cost businesses billions of dollars in lost revenue.
We are ready to help and consult to help with your security. If you missed out on attending this one, send us an e-mail at firstname.lastname@example.org and we’ll add you to the invite list for next time!