Microsoft 365 Business: Part 3

Aug 26, 2019

Microsoft 365 Business Part 3: Security & Compliance Features

Many small and medium-sized businesses (SMBs) are concerned about their ability to protect their business from cyberattacks and keep their data safe—but lack basic protection against the most common threats. (Microsoft Security Blog) Part 3 of this blog series will highlight some of the core security features that Microsoft 365 Business offers.

Office 365 Advanced Threat Protection Plan 1

Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust zero-day protection, and includes features to safeguard your organization from harmful links in real time. ATP has rich reporting and URL trace capabilities that give administrators insight into the kind of attacks happening in your organization.

The following are the primary ways you can use ATP for message protection:

  • In an Office 365 ATP filtering-only scenario, ATP provides cloud-based email protection for your on-premises Exchange Server environment or any other on-premises SMTP email solution.
  • Office 365 ATP can be enabled to protect Exchange Online cloud-hosted mailboxes.
  • In a hybrid deployment, ATP can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud mailboxes with Exchange Online Protection for inbound email filtering.

Data Loss Prevention

To comply with business standards and industry regulations, organizations must protect sensitive information and prevent its inadvertent disclosure. Sensitive information can include personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy in the Office 365 Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.

For many firms, these policies are sufficient and help build a culture sensitive to the sharing of PII. DLP is applied to files and messages in SharePoint sites, Exchange, OneDrive, and Teams (including chat and channel messages). Solutions include setup the Locations, Rules including Conditions (i.e., triggers based on information type, labels, and internal/external sharing), Actions (i.e., restrict access, block), Notifications (i.e., warn, send tip), Overrides (i.e., justification), Incident Reports (i.e., copy firm administrator), along with Priority (i.e., order of rule operation) and Match accuracy.

Windows Autopilot

Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a simple process.

These devices are sent directly to the end-user, still shrink wrapped. After unboxing, end-users simply power the device on, connect to wifi, and login via their corporate Microsoft account. These devices do not even require Windows updates before being able to be used. Once logged in, everything is there for the user, waiting for them. Their enterprise apps, Office 2016, rights and privileges, SharePoint Online/Azure Files network shares, VPN, wi-fi, device compliance policy, etc. – are all setup and ready to go.
This enables a zero-touch deployment for end-users. Simply call Accellis or a certified partner, buy the device, get the device, log in, and you’ve taken a complex employee onboard or refresh process and simplified it to the time to ship and unbox a new device.

See the following diagram:

Azure Information Protection

Azure Information Protection (sometimes referred to as AIP) is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.

The following picture shows an example of Azure Information Protection in action on a user’s computer. The administrator has configured a label with rules that detect sensitive data and in our example, this is credit card information. When a user saves a Word document that contains a credit card number, she sees a custom tooltip that recommends the label that the administrator has configured. This label classifies the document and protects it.

Azure Information Protection includes a scannig tool called the Azure Information Protection Scanner. A significant amount of on-premise repositories such as file and SharePoint servers can house data that needs protection. It can be hard to discover, classify, label and protect this data without the right tool. The Azure Information Protection Scanner allows you to quickly scan your data against dozens of existing frameworks instead of using manual techniques or relying on users.

It’s also critical to have this insight if you’re planning to migrate this data to cloud or working towards compliance with regulations such as EU-GDPR. Once the AIP scannner is deployed, use it to report on information you’re looking for and when discovery is complete, run the AIP scanner and apply classification with or without protection across those files.

For a full list of Microsoft Office 365 security and compliance features, click here.

With a subscription to Microsoft 365 Business, you can run your organization in the cloud and let Microsoft take care of the IT for you. It can manage devices, protect against real-world threats, and provide the latest in business software.

Looking for more info?

Read Microsoft 365 Business Part 1; Microsoft 365 Business Overview here

Read Microsoft 365 Business Part 2: Azure Active Directory here