Office 365 Security and Compliance

March 20, 2018

Agenda
Sparkhound Overview
Speaker Introduction
Office 365 Security and Compliance Overview
Office 365 Security and Compliance Features
Enterprise Mobility + Security
Q&A

2
Who is Sparkhound
IT Solution Integrator, founded in 1998
Physical Offices in Baton Rouge, Dallas, Houston, and Birmingham
Microsoft Cloud Infrastructure Partner of the Year FY16
200+ Employees
One of Kind Name
• Spark symbolizes an idea
• Hound comes from “bloodhound,” aggressively seeks solutions
Major industries served: Energy/Oil & Gas, Manufacturing,
Healthcare, Retail, Real Estate, other Professional Services

3
 Project Management Process Optimization

IT Strategy Change Management & UX

Cloud
Managed Service Desk
Infrastructure
Managed SharePoint
Collaboration & Portals
Managed Infrastructure
Apps
Managed Cloud
Data & Analytics
Managed SQL
ServiceNow

4
 STRATEGY

Situation / Complications
Measurements / Metrics

PROCESS Business CHANGE

Integration MANAGEMENT
Business Process Design End User Experience
Business Re-engineering End User Adoption
Process Modeling Branding
Project Management Organization Design
5 “Whys” Communication Planning
Training
Digital Content Management
TECHNOLOGY

5
Partners

6
7
8
 Cloud Solution Architect
o Overview
▪ 21 years of professional experience with Enterprise Mobility +
Security suite, Azure, Exchange, Skype, SharePoint, BI, SQL
Server, Identify Management, and core infrastructure
▪ Microsoft Certified Systems Engineer (MCSE)
▪ Sparkhound’s lead Cloud consultant
Ron Henderson
o Previous Titles and Education
Principal Cloud Infrastructure ▪ Cloud Solution Architect
Consultant ▪ Core Infrastructure Lead Consultant
▪ IBM Sr. Infrastructure Consultant
▪ U.S. Army Veteran
Office 365 Security and
Compliance Overview

10
 COMPLIANCE
Common Questions
SECURITY

RELIABILITY & SERVICE CONTINUITY

PRIVACY

11
Certification
• ISO 27001
Services • SAS 70 Type ISAS 70 Type II

• ISO 27001
Data Centers • SAS 70 Type II

Microsoft • Safe Harbor

12
Office 365 Security
Physical Security
Logical Security
Data Security
User Controls
Admin Controls

13
Physical Security
24-hour monitoring of datacenters
Multi-factor authentication, including biometric scanning for datacenter
access
Internal datacenter network is segregated from the external network
Role separation renders location of specific customer data unintelligible to
the personnel that have physical access
Faulty drives and hardware are demagnetized and destroyed

14
Logical Security
Lockbox processes for a strictly supervised escalation process greatly limit
human access to your data
Servers run only processes that are whitelisted, minimizing risk from
malicious code
Dedicated threat management teams proactively anticipate, prevent, and
mitigate malicious access
Port scanning, perimeter vulnerability scanning, and intrusion detection
prevent or detect any malicious access

15
Data Security
Encryption at rest protects your data on our servers
Encryption in transit with SSL/TLS protects your data when it’s transmitted
between you and Microsoft
Threat management, security monitoring, and file/data integrity prevent
or detect any tampering of data
Exchange Online Protection provides advanced security and reliability
against spam and malware to help protect your information and access to
email

16
User Controls
Office 365 Message Encryption allows users to send encrypted email to
anyone, whatever email service recipients may use
Data loss prevention can be combined with Rights Management and Office
365 Message Encryption to give greater controls to your admins to apply
appropriate policies to protect sensitive data
S/MIME provides message security with certificate-based email access
Azure Rights Management prevents file-level access without the right user
credentials

17
Admin Controls
Multi-factor authentication protects access to the service with a second factor such as
phone
Data loss prevention prevents sensitive data from leaking either inside or outside the
organization while providing user education and empowerment
Built-in mobile device management capabilities allow you to manage access to corporate
data
Mobile application management within Office mobile apps powered by Intune provides
granular controls to secure data contained in these apps
Built in antivirus and antispam protection along with advanced threat protection
safeguard against external threats
Office 365 Cloud App Security provides enhanced visibility and control into your Office
365 environment

18
Office 365 Security and
Compliance Features

19
Data Loss Prevention
Data loss prevention (DLP) protect sensitive information and prevent its inadvertent
disclosure
Prevent sensitive information from leaking outside your organization include financial
data or personally identifiable information (PII) such as credit card numbers, social
security numbers, or health records
Identify, monitor, and automatically protect sensitive information across Office 365

20
Threat Management
Anti-Spam
Anti-Malware
ATP Safe-Attachments
ATP Safe-Links

21
Threat Management

22
Multi-Factor Authentication
Multiple Secondary Authentication Methods
Secures Mobile and Remote Access
Complex Policy Enforcement via Conditional Access Rules
Can be extended to any On-Premise application / Service via ADFS 2016
Can be used as both First Factor and Second Factor authentication via ADFS 2016
Note: Azure MFA Server has been deprecated.

23
Archiving, Hold, and eDiscovery
O365 includes archives mailboxes and retention policies
O365 automatically Archives older/infrequently accessed content
Includes Audit functionality for Exchange Online, SPO, OneDrive, etc. and view Audit
Reports
Use eDiscovery to search across all of O365 to identify, hold, and export content
Hold allows you to preserve or archive content for compliance and eDiscovery.

24
Advanced eDiscovery
Predictive machine learning matching of documents by taking small collections of
documents as a “training set” and tagging them as relevant or non-relevant
Office365 then uses these training sets to better match future documents
Fuzzy duplicate detection provides the ability to find documents that are similar to other
documents
Email threading organizes emails into conversations to make it easier to read through
thousands of found emails
Themes allow you to tag content based on different topics

25
Information Management
An information management policy is a set of rules for a type of content. In SharePoint
Online, information management policies enable organizations to control and track
things like how long content is retained or what actions users can take with that content
Predefined policies include retention policies, expiring out-of-date content, and auditing
of document usage
You can use site policies to help control site proliferation.
A site policy defines the lifecycle of a site by specifying when the site will be closed and
when it will be deleted
Information Rights Management (IRM) helps prevent sensitive information from being
printed, forwarded, saved, edited, or copied by unauthorized people

26
Mobile Device Management
You can use Office 365 to secure and manage most devices
Manage Mobile access to Exchange Online, SharePoint Online, Teams &
more
Using the Office 365 and Exchange admin centers, you can perform
common mobile device management tasks like setting device access
rules, viewing device reports, and remotely wiping devices that are lost
or stolen.
Publish & Push Corporate Applications
Enforce Device Compliance for access to corporate data
Enforce MFA
Restrict mobile e-mail clients

27
Enterprise Mobility + Security suite

28
Enterprise Mobility + Security
Intune
Azure AD Premium
▪ Multi-Factor Authentication (replacement for RSA or Duo MFA)
▪ Self-Service Password Reset
▪ Microsoft Identity Manager
Azure Information Protection (replacement for Zix and other various encryption tools)
Advanced Threat Analytics

29
Microsoft Trust Center
https://www.microsoft.com/en-us/trustcenter/default.aspx

30
Microsoft Compliance Manager
https://servicetrust.microsoft.com/ComplianceManager

31
Sources
https://products.office.com/en-us/business/office-365-trust-center-security

https://technet.microsoft.com/en-us/library/dn532171.aspx

32