There are so many benefits of switching over to cloud-based information infrastructure and productivity tools in your business. However, trying to suitably assess different suites can throw up a million different questions. Is Office 365 going to adequately cover your business’s security and privacy concerns?
In this article, we take a deep dive into Microsoft’s Office 365 security features and privacy features. This is Part 3 in our series – you can head to Part 1, Office 365 vs G Suite Security & Privacy: An Introduction, or Part 2, G Suite Security Features, from here.
User management for office 365
User management for is done through Azure AD, the cloud equivalent to Microsoft’s traditional Active Directory.
Functional domain access management
Office’s SharePoint Online is the easiest way to organise and manage information, access, and files, within and across groups, as well as provide an avenue for collaboration and communication. You can use SharePoint to create intranets within your organisation. SharePoint allows for a secure external sharing of files, too. The service has built in data-loss prevention, options for automated workflows, the ability to create security policies, do auditing and more. The scope of SharePoint is huge, but you can start here for more info. We see SharePoint as essential within an Office 365 enabled business.
Security management tools for admin in office 365
Office 365 comes with a Security & Compliance Center, which gives you a comprehensive management dashboard where you can oversee and configure areas such as permissions, data loss prevention, data governance, threat management and reports.
Microsoft has introduced the handy Office 365 Secure Score, which gives you a score not unlike your credit score showing how well your organisation is doing with your Office 365 security. It then provides tips to help boost security where it’s lacking.
You can opt to download Microsoft’s Office 365 Auditing Report Tool which provides a smart dashboard where you can generate and view over 200 reports on reports on “Azure AD, Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Power BI, and Security & Compliance.”
As part of Azure, you can switch on multi-factor authentication for access to any Microsoft cloud services, with 2FA recommended at the minimum for security.
Extra Office 365 security features in user management with Azure AD Premium
You also have the ability to upgrade to Azure AD Premium, via the Premium P1 (at $7.643 user/month) and Premium P2 ($11.47 user/month) Plans.
Azure AD Premium P1 comes with many added security features:
- Advanced group features like dynamic groups, permissions delegation, group expiration
- Cloud App Discovery, to monitor use of cloud apps within your company
- Connect Health, which helps ensure on-premise directories are working correctly with cloud directories
- Conditional access based on geo-location and group
- SharePoint limited access
On top of these, Azure AD Premium P2 includes:
- Privileged identity management
- Identity protection
- Access reviews
- And more…
We recommend at least the Premium P1 option for the best security overview and controls for user management with Office 365.
Microsoft Office 365 has a Mobile Device Management capability to help manage all mobile devices on your organisational network – including employees BYODs. This include access controls, policy settings, and remote device wiping.
For advanced capabilities, you can switch to Microsoft Intune which offers VPN access, more secure app management, desktop configuration, and more.
Microsoft offers encryption at rest and in transit by default, but that doesn’t mean that they don’t have access to the content of your files. For more control in encryption, you can use Azure Rights Management with Office 365.
End-to-end encryption of files is only offered in email (see section below), however you can use a third party tool (or your own tool) to accomplish this task if necessary.
As with G Suite, email is encrypted in Office 365 by default while at rest, as well as encrypted over the wire while sending – however Microsoft can read emails by default. You can enable end-to-end encryption via Office 365 Message Encryption (OME) if you have an Enterprise E2 or higher plan. This can be configured to only be applicable on various rules.
There are various ways to configure email security via Office 365, such as setting up spam filters, IP blocking, and bulk mail blocking. You can feel comfortable in knowing you have “protection from 100% of known viruses and 99% of spam”, and 99.9% uptime.
Manage email security configuration from the Exchange Administration Center.
The Microsoft Service Trust Portal is your gateway to all things compliance, including management and information about ISO standards, the GDPR, and more. Some of the things you can view here include audit reports, trust documents, and security and compliance blueprints. Within the portal you have access to a handy Compliance Manager tool for use with their cloud services which helps to give you an overview of assessments, compliance scores, and more.
Documentation and support for security
Office 365 Enterprise offers users a neat, comprehensive set of documentation in their Security and Compliance section of their knowledge base. This includes a very handy Security roadmap for businesses to implement if rolling over to Office 365. 24/7 phone and web support is provided for all Business and Enterprise Plans.
Best plans for tight security
Office 365 for Business Plans (Business, Business Premium, or Business Essentials) are designed specifically for small businesses only. For medium to enterprise companies, you’ll require an enterprise plan.
Unlike G Suite, there are a range of Enterprise plans to choose from, depending on your requirements. For granular security, you have the Enterprise E2 and Enterprise E5 Plans to choose from – Enterprise E1 doesn’t include these tools as standard. Enterprise E3 starts at $29.59 per user per month (with annual payment) and Enterprise E5 starts at $51.70 per user per month with annual payment and offers extended security capabilities including Exchange Online Advanced Threat Protection for email, Customer Lockbox, where you can provide access levels to support for mailboxes, Office 365 Cloud App Security, and more. You can also choose to add on security extras like Advanced Threat Protection to lower plans for an additional cost.
Office 365 gives businesses a comprehensive offering, both in terms of security controls as well as in terms of the productivity tools included in the suite itself. To compare with G Suite, make sure to check out part 2 of our series. If you would like an assessment to determine the best Office 365 security configuration for your business and a deployment & management plan, make sure to get in contact with us.
Subscribe to our newsletter
Enter your email and stay in touch with the latest updates from A1.
You might also like…
- Remote desktop access is a seriously handy tool to have – for just about anybody! It means users the ability to log in...
- It’s time for another round up of the latest and greatest in AWS, and how new and improved services from the world’s most...
- What’s new in AWS? The Amazon Web Services suite of products is a literal behemoth, which can make it very difficult to keep...