Security & Compliance Updates for O365
There have been a number of Office 365 security and compliance announcements and updates during the Microsoft Ignite conference. Some of these are summarised below:
Protect against advanced threats
There are several feature updates to Office 365 threat protection services that address the evolution and advances in the threat landscape.
Updates to Office 365 Advanced Threat Protection (ATP):
- Enhanced anti-phishing capabilities – The existing machine-learning based phishing technologies are being expanded to help protect against phishing attacks. Customers can now turn on Safe Links protection for internal emails to help protect against a comprised account sending phish mails within the organization. Office 365 ATP’s detonation technology is leveraged to detect phishing URLs in the email body and phishing URLs within attachments. Rich integration with Windows 10 and Microsoft Edge expands detection capability of malicious and phishing links in emails leveraging signals from both Windows 10 and Edge. This integration also benefits Exchange Online Protection (EOP) only users. These are all available immediately.
Later this year, new intelligence will be added to enhance protection against domain spoofing. There will also be improved impersonation detection to help prevent business email compromise and sophisticated spear phishing attacks. In addition, Microsoft will provide users safety tips when emails that impersonate a known contact land in a user’s inbox.
Expansion of Advanced Threat Protection (ATP) to Office 365 workloads – SharePoint Online, OneDrive for Business and Microsoft Teams are now protected by ATP, leveraging our signal strength, smart heuristics, machine learning, file detonation and reputation filters.
Safe Links updates – Microsoft have removed the URL wrapping. Users can now see the original URL when they hover over a link. Later this year, Safe Links will be available for Office clients on the iOS and Android platforms as well.
- Safe Attachments updates – While the malware scanning times have been greatly reduced over the last year, there are still some scenarios where users need immediate access to documents. For this a new capability is being introduced that enables users to preview the content of the attachment even as it’s being scanned. The user can also interact with the preview document as they would with the real document, such as make edits or other changes to the document.
New in Office 365 Threat Intelligence:
- Attack Simulator – Admins will have the ability to simulate different threat scenarios to gain an understanding of how your users would behave in the event of a real attack and evaluate how secure their configurations are.
Updates to Advanced eDiscovery:
- Analysis of non-Office 365 data – While the amount of data being generated and stored in Office 365 is growing at an exponential rate, many organizations still have data in legacy file shares, archives as well as being generated in other cloud services – all which may be relevant for an eDiscovery case. Analysis of non-Office 365 data allows organizations to import the case-specific copy of such data into a specifically assigned Azure container and analyze it using Office 365 Advanced eDiscovery. Having one eDiscovery workflow for both Office 365 and non-Office 365 data provides organizations with the consistency they need to make defensible decisions across the entire data set of a case.
This feature is currently in preview and requires an Advanced eDiscovery license for each user whose data is being analyzed. Later this year, in addition to Advanced eDiscovery licenses, this feature will require the purchase of the eDiscovery Storage plan for all non-Office 365 data imported into the specifically assigned Azure container for analysis by Advanced eDiscovery. The eDiscovery Storage plan comes in increments of 500GB of storage and is priced at circa $100 per month.
New in Advanced Data Governance:
- Event based retention – Effectively managing records that have retention periods which are associated with specific events, e.g. employee termination, contract expiration, tax audit, etc., can be challenging. Event based retention in Office 365 Advanced Data Governance allows customers to create events which will trigger the retention period of data in Office 365 to consistently comply with industry regulations or internal business requirements. This feature is currently in the standard Office 365 Universal Preview Program and available to try.
- Disposition review – Many organisations keep almost all their data because they don’t necessarily have a consistent and defensible process showing why they deleted something. Disposing of data in a defensible manner allows organizations to effectively reduce their security and compliance risks. Disposition review in Office 365 Advanced Data Governance allows organizations trigger a disposition review at the end of a data retention period and decide whether the data can be safely deleted (“disposed”). This feature is now available for data in both SharePoint Online and OneDrive for Business; Exchange Online will be available in preview soon.
Announcing general availability of Customer Key
O365 customers have been asking for the option to use customer-managed encryption keys within Office 365 to meet their compliance needs. Microsoft have announced ‘Customer Key’ which enables organisations to provide and control their own encryption keys used to encrypt mailboxes and files in Office 365. Customer Key can help organizations meet compliance obligations that specify key management arrangements with their cloud service providers.
Due to the risk of data deletion, Customer Key also offers increased protection from lost or destroyed keys and provides added data integrity and availability. Customers can verify activity related to Customer Key within their tenant, and the feature will be included in an upcoming SOC audit
New in Office 365 Message Encryption
Making it easier for end user to send encrypted emails – As part of our integrated information protection investments, Microsoft are introducing rich new email encryption and rights protection capabilities in Office 365 Message Encryption that’s built on top of Azure Information Protection. The new Office 365 Message Encryption capabilities make it easier to share protected emails with anybody – inside or outside your organization. For example, can now apply encryption to emails using Do Not Forward or other custom templates.
Secure collaboration outside the organization – Users can also apply rights management templates to emails sent outside the organization, enabling secure collaboration for B2B and B2C scenarios. The recipient experience has been improved and it’s now easier to read a protected message. Office 365 users can now read and reply to encrypted messages natively within their Outlook clients (desktop, Mac, web, iOS or Android mobile). Additionally, non-Office 365 users can authenticate and read protected messages using their Google or Yahoo identities, in addition to other options that’s been previously available – a One-Time Passcode or a Microsoft Account.
Additional encryption key options – Lastly, for customers who need to provide their own encryption keys, Office 365 Message Encryption also provides the option for customer-managed keys which encrypts your email while in-transit. This is complementary to Customer Key which uses customer-managed keys for Office 365 data-at rest.
Contact Transparity to find out more……
Contact Tim Hannibal or David Jobbins at:
Tel: 01202 800000