SharePoint & OneDrive Security & Compliance Updates from Microsoft IgniteEvents OneDrive for Business Security & Compliance Security and Compliance SharePoint
Last week at Microsoft Ignite we shared our investments, our vision, and strategy for addressing today’s most challenging business and technology trends that are ever broadening the threat landscape. From meeting complex corporate and governmental regulatory compliance, to addressing a more mobile and connected workforce, SharePoint and OneDrive and uniquely positioned to address your business needs.
Stay ahead of data residency requirements with Multi-Geo capabilities in Microsoft 365
Governments around the world are strengthening laws and regulations to protect citizens’ data, preserve national security, and protect business interests. New Multi-Geo Capabilities in Microsoft 365 with SharePoint and OneDrive provide global organizations a solution to maximizing the value of Office 365, including SharePoint and OneDrive, while meeting data residency and compliance requirements. Multi-geo capabilities provide you with a choice of geographical locations in which to store, manage, and secure your data by allowing a single Office 365 tenant to span multiple regions, storing data on a per-user or per-site basis. So whether you’re adding a new user to your organization or need to move an existing user, as well as their data, seamlessly and transparently to that user, to a new region, new multi-geo capabilities are designed to address those needs. Read more about Multi-Geo capabilities in Office 365 at https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Introducing-Multi-Geo-in-Office-365/ba-p/107016. Watch and download Multi-Geo Capabilities in OneDrive and SharePoint Online at https://myignite.microsoft.com/videos/53873 from Microsoft Ignite. Multi-Geo capabilities for OneDrive and SharePoint are in private preview today. If you’re interested and want to learn more visit the links below. OneDrive http://aka.ms/OneDriveMultiGeo SharePoint http://aka.ms/SharePointMultiGeo
Manage your service-level encryption key with Customer Key in Office 365
_Gain greater trust from your own clients, with service-level encryption with customer key so that Microsoft does not see or extract any encryption keys. _ Customer key with Office 365 allows you to take control of your information, providing an additional layer of security and data privacy above which is already supplied by Microsoft with SharePoint and OneDrive in Office 365. Customer key can be used to encrypt and/or decrypt the individual encryption keys used to encrypt your cloud storage service for SharePoint Online and OneDrive for Business. Additionally, you can decide when to change and/or revoke access to these keys limiting Microsoft’s ability to access encrypted content. Microsoft encrypts your content at rest and in transit throughout SharePoint, OneDrive and Office 365. In fact, we use multiple keys to encrypt your data, and distribute those keys across multiple data centers. At the service level, we encrypt those keys that are used to encrypt your data. With customer lockbox, even our administrators have no ability to access your data without your explicit, time-bounded consent. Learn more about our encryption features here. Service-level encryption with customer key goes one step further. You can manage the service-level key(s) that is used to encrypt the SharePoint and OneDrive data encryption keys. You can decide when to change this key(s) and, if your business requires, you can revoke the service-level key(s) and thereby deny the service access to your content. Read more about Controlling your data in Office 365 using Customer Key at https://support.office.com/en-us/article/Controlling-your-data-in-Office-365-using-Customer-Key-f2cd475a-e592-46cf-80a3-1bfb0fa17697. Watch and download Manage and control your data to help meet compliance needs with Customer Key https://myignite.microsoft.com/videos/53748 from Microsoft Ignite and read the FaQ at https://support.office.com/en-us/article/Customer-Key-for-Office-365-FAQ-41ae293a-bd5c-4083-acd8-e1a2b4329da6.
Limit information overexposure with sharing and access policies
The risk of information exposure has increased because users don’t always work on desktop computers connected to the corporate network. Access controls now need to account for users connecting their mobile devices to non-secure networks or using their own unmanaged devices. These new access controls start with conditional access policies. Conditional access allows you to keep your corporate data safe while providing your users a secure environment in which they can work from any device. Conditional access in SharePoint Online and OneDrive for Business offers security that goes beyond user permissions. It considers the identity of the user, the devices and applications being used, the network that the user has connected to, and the sensitivity of the data being accessed. Watch and download Create and manage sharing and access policies for SharePoint https://myignite.microsoft.com/videos/53875 from Microsoft Ignite.
Site-level device access policies
In March 2017, we introduced device access policies at the tenant level so you can control access from unmanaged or non-compliant devices to content stored in SharePoint and OneDrive. At Microsoft Ignite 2017, we announced and demonstrated new support for bringing these device access policies to the site collection level, so you can limit access from these devices on a site by site basis, based on the classification of the content. In addition, an administrator can also allow these devices access to collaborate using the Web browser to provide a seamless user experience for instances where unmanaged devices still need the ability to access and use content stored in one or more sites.
Session timeout policies
Unmanaged and non-compliant devices represent just one of many risks of information overexposure. The use of shared systems has also increased—from shared computers in the workplace, to kiosks at hotels and airports, devices and networks often change, but the one constant is the corporate data they access. Also at Microsoft Ignite we shared our investments in idle-timeout scenarios that allow you to configure policy to automatically sign-out sessions at a specified interval on these shared systems after a period of inactivity.
Secure external sharing
Secure external sharing in SharePoint and OneDrive provides a seamless external sharing experience enabling sending of secure links to recipients outside of your organization, those recipients will be sent an email message with a time-limited, single-use verification code when they open the link. By entering the verification code, the user proves ownership of the email account to which the secure link was sent. Read more about secure external sharing at https://support.office.com/article/cc78357c-6d48-499c-9cc7-dae447d0d391.
In today’s volatile economic climate, organizations require collaboration, communication, and productivity solutions to be both cost-effective and flexible. SharePoint and OneDrive can help businesses achieve new levels of reliability and performance, delivering features and capabilities that simplify administration, protect communications and information, and empower users while meeting their demands for greater business mobility. However, data loss is non-negotiable, and overexposure to information can have legal and compliance implications. In SharePoint and OneDrive, we’re providing a broad array of features and capabilities designed to make certain that sensitive information remains that way, and to ensure that the right people have access to the right information at the right time – whether challenged by an increasingly distributed and remote workforce, ubiquities connectivity, or rapid changes in corporate and regulatory compliance, we’ll be there each step of the way, evolving our protection in parallel to your risk. After all, the security landscape has changed. Ubiquitous connectivity has led to users to expect data mobility, across networks, across devices, and more often, personal devices and shared systems, like kiosks. These challenges and more complex corporate and regulatory compliance requirements have only made it more challenging to stay ahead of the trends. The video below demonstrates a subset of the latest controls we’ve built and announced at Microsoft Ignite, and how we’ll continue to evolve our capabilities with more fine-grained controls – from the tenant and site level all the way down to the file level. Office 365 is designed to help every company’s needs for business productivity, content security and compliance with technical, legal and regulatory standards. We’ve been hard at work in lighting up new productivity scenarios in OneDrive and SharePoint and architecting the service to support advanced features to help customers meet their regulatory security and compliance needs. [embed]https://youtu.be/Tuh6fnMv6CM[/embed]
We understand that there is no security without usability. If security gets in the way of productivity, users will find a different, less secure way to do their work. Learn more about how we address our customers security and compliance concerns with the resources here. eBook – http://www.microsoft.com/en-us/download/details.aspx?id=55242 Visual Interactive – http://sharepoint-infographic.azurewebsites.net/
Microsoft Ignite Recording - Security you can trust, control you can count on with SharePoint and OneDrive https://myignite.microsoft.com/videos/55100
Microsoft Ignite Recording - Learn how SharePoint Online safeguards your data in the cloud https://myignite.microsoft.com/videos/53874
Microsoft Ignite Recording - Quickly find what’s relevant and reduce risk with intelligent eDiscovery in Office 365 https://myignite.microsoft.com/videos/53650
| Bill Baer |