Beruflich Dokumente
Kultur Dokumente
2
Who is Sparkhound
IT Solution Integrator, founded in 1998
Physical Offices in Baton Rouge, Dallas, Houston, and Birmingham
Microsoft Cloud Infrastructure Partner of the Year FY16
200+ Employees
One of Kind Name
• Spark symbolizes an idea
• Hound comes from “bloodhound,” aggressively seeks solutions
Major industries served: Energy/Oil & Gas, Manufacturing,
Healthcare, Retail, Real Estate, other Professional Services
3
Project Management Process Optimization
Cloud
Managed Service Desk
Infrastructure
Managed SharePoint
Collaboration & Portals
Managed Infrastructure
Apps
Managed Cloud
Data & Analytics
Managed SQL
ServiceNow
4
STRATEGY
Situation / Complications
Measurements / Metrics
5
Partners
6
7
8
Cloud Solution Architect
o Overview
▪ 21 years of professional experience with Enterprise Mobility +
Security suite, Azure, Exchange, Skype, SharePoint, BI, SQL
Server, Identify Management, and core infrastructure
▪ Microsoft Certified Systems Engineer (MCSE)
▪ Sparkhound’s lead Cloud consultant
Ron Henderson
o Previous Titles and Education
Principal Cloud Infrastructure ▪ Cloud Solution Architect
Consultant ▪ Core Infrastructure Lead Consultant
▪ IBM Sr. Infrastructure Consultant
▪ U.S. Army Veteran
Office 365 Security and
Compliance Overview
10
COMPLIANCE
Common Questions
SECURITY
PRIVACY
11
Certification
• ISO 27001
Services • SAS 70 Type ISAS 70 Type II
• ISO 27001
Data Centers • SAS 70 Type II
12
Office 365 Security
Physical Security
Logical Security
Data Security
User Controls
Admin Controls
13
Physical Security
24-hour monitoring of datacenters
Multi-factor authentication, including biometric scanning for datacenter
access
Internal datacenter network is segregated from the external network
Role separation renders location of specific customer data unintelligible to
the personnel that have physical access
Faulty drives and hardware are demagnetized and destroyed
14
Logical Security
Lockbox processes for a strictly supervised escalation process greatly limit
human access to your data
Servers run only processes that are whitelisted, minimizing risk from
malicious code
Dedicated threat management teams proactively anticipate, prevent, and
mitigate malicious access
Port scanning, perimeter vulnerability scanning, and intrusion detection
prevent or detect any malicious access
15
Data Security
Encryption at rest protects your data on our servers
Encryption in transit with SSL/TLS protects your data when it’s transmitted
between you and Microsoft
Threat management, security monitoring, and file/data integrity prevent
or detect any tampering of data
Exchange Online Protection provides advanced security and reliability
against spam and malware to help protect your information and access to
email
16
User Controls
Office 365 Message Encryption allows users to send encrypted email to
anyone, whatever email service recipients may use
Data loss prevention can be combined with Rights Management and Office
365 Message Encryption to give greater controls to your admins to apply
appropriate policies to protect sensitive data
S/MIME provides message security with certificate-based email access
Azure Rights Management prevents file-level access without the right user
credentials
17
Admin Controls
Multi-factor authentication protects access to the service with a second factor such as
phone
Data loss prevention prevents sensitive data from leaking either inside or outside the
organization while providing user education and empowerment
Built-in mobile device management capabilities allow you to manage access to corporate
data
Mobile application management within Office mobile apps powered by Intune provides
granular controls to secure data contained in these apps
Built in antivirus and antispam protection along with advanced threat protection
safeguard against external threats
Office 365 Cloud App Security provides enhanced visibility and control into your Office
365 environment
18
Office 365 Security and
Compliance Features
19
Data Loss Prevention
Data loss prevention (DLP) protect sensitive information and prevent its inadvertent
disclosure
Prevent sensitive information from leaking outside your organization include financial
data or personally identifiable information (PII) such as credit card numbers, social
security numbers, or health records
Identify, monitor, and automatically protect sensitive information across Office 365
20
Threat Management
Anti-Spam
Anti-Malware
ATP Safe-Attachments
ATP Safe-Links
21
Threat Management
22
Multi-Factor Authentication
Multiple Secondary Authentication Methods
Secures Mobile and Remote Access
Complex Policy Enforcement via Conditional Access Rules
Can be extended to any On-Premise application / Service via ADFS 2016
Can be used as both First Factor and Second Factor authentication via ADFS 2016
Note: Azure MFA Server has been deprecated.
23
Archiving, Hold, and eDiscovery
O365 includes archives mailboxes and retention policies
O365 automatically Archives older/infrequently accessed content
Includes Audit functionality for Exchange Online, SPO, OneDrive, etc. and view Audit
Reports
Use eDiscovery to search across all of O365 to identify, hold, and export content
Hold allows you to preserve or archive content for compliance and eDiscovery.
24
Advanced eDiscovery
Predictive machine learning matching of documents by taking small collections of
documents as a “training set” and tagging them as relevant or non-relevant
Office365 then uses these training sets to better match future documents
Fuzzy duplicate detection provides the ability to find documents that are similar to other
documents
Email threading organizes emails into conversations to make it easier to read through
thousands of found emails
Themes allow you to tag content based on different topics
25
Information Management
An information management policy is a set of rules for a type of content. In SharePoint
Online, information management policies enable organizations to control and track
things like how long content is retained or what actions users can take with that content
Predefined policies include retention policies, expiring out-of-date content, and auditing
of document usage
You can use site policies to help control site proliferation.
A site policy defines the lifecycle of a site by specifying when the site will be closed and
when it will be deleted
Information Rights Management (IRM) helps prevent sensitive information from being
printed, forwarded, saved, edited, or copied by unauthorized people
26
Mobile Device Management
You can use Office 365 to secure and manage most devices
Manage Mobile access to Exchange Online, SharePoint Online, Teams &
more
Using the Office 365 and Exchange admin centers, you can perform
common mobile device management tasks like setting device access
rules, viewing device reports, and remotely wiping devices that are lost
or stolen.
Publish & Push Corporate Applications
Enforce Device Compliance for access to corporate data
Enforce MFA
Restrict mobile e-mail clients
27
Enterprise Mobility + Security suite
28
Enterprise Mobility + Security
Intune
Azure AD Premium
▪ Multi-Factor Authentication (replacement for RSA or Duo MFA)
▪ Self-Service Password Reset
▪ Microsoft Identity Manager
Azure Information Protection (replacement for Zix and other various encryption tools)
Advanced Threat Analytics
29
Microsoft Trust Center
https://www.microsoft.com/en-us/trustcenter/default.aspx
30
Microsoft Compliance Manager
https://servicetrust.microsoft.com/ComplianceManager
31
Sources
https://products.office.com/en-us/business/office-365-trust-center-security
https://technet.microsoft.com/en-us/library/dn532171.aspx
32