Presentation is loading. Please wait.

Presentation is loading. Please wait.

Keep your OneDrive and SharePoint Content Safe

Published byShanon Cannon Modified over 6 years ago

Similar presentations

Presentation on theme: "Keep your OneDrive and SharePoint Content Safe"— Presentation transcript:

1 Keep your OneDrive and SharePoint Content Safe
Microsoft Ignite 2016 9/11/2018 8:57 PM BRK2258 Keep your OneDrive and SharePoint Content Safe Navjot Virk Principal Group Program Manager © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Enterprise Grade Trust
200K+ Organizations 2X usage growth +5X content growth in SharePoint Online 190M+ Paid seats >40% of all seats and >60% of new seats are SharePoint Online

3 Guiding principles Your data remains yours
9/11/2018 8:57 PM Guiding principles Your data remains yours Secure and compliant cloud platform No security without usability Customizable for your needs © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Core tenets Platform security Secure access and sharing
Awareness and insights Information governance Compliance and trust

5 PLATFORM SECURITY Physical and logical security
9/11/2018 Physical and logical security Encryption at rest and in transit Customer lockbox Bring your own key PLATFORM SECURITY Putting the customer at ease and in control © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Physical security Limited datacenter access
Microsoft Ignite 2016 9/11/2018 8:57 PM Physical security Limited datacenter access Restricted to essential personnel only Multiple factors of authentication including smart cards and biometrics On-premise security officers, motion sensors, video surveillance Intrusion detection alerts include anomalous activity by datacenter engineers Fault-tolerant and highly-available Data is stored in at least two datacenters within your region Mitigates the impact of a natural disaster or service-impacting outage Protects data integrity and availability while respecting regional data locality © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Logical security Built in protection Operational Security
Built in antivirus and antispam protection Advanced threat protection to safeguard against external threats Operational Security Automation of configuration, operations, and deployment Administrator access to your files is strictly controlled. A combination of port scanning, perimeter vulnerability scanning, and intrusion detection prevent or detect any malicious access. Customer Lockbox Cyber Crime Prevention Unit Dedicated threat management teams to anticipate, prevent, and mitigate malicious access.

8 Encryption at rest and in transit
Microsoft Ignite 2016 9/11/2018 8:57 PM Encryption at rest and in transit Encryption in transit Encrypted in transit between client and service and within service data centers Volume encryption at rest BitLocker encryption protects drives where content is stored Per-file encryption at rest Contents of each file encrypted with a unique key Large files are stored in parts with a unique key per par File contents and encryption key are stored separately © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Customer encryption Azure Rights Management (Azure RMS)
Microsoft Ignite 2016 9/11/2018 8:57 PM Customer encryption Azure Rights Management (Azure RMS) Use Azure RMS to encrypt your secret data before uploading Works across phones, tablets, and PCs Information protected both within and outside organization Key management options By default, Azure RMS generates and manages key Coming soon – you have complete control over your tenant key © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Customer lockbox No standing access to customer content
Engineer accounts have no access to content Engineers do not use service account credentials to perform tasks Intrusion detection monitors content access and service account use Customer approval for any access to their content Access granted only after approval Time bound access only All activity logged and available for auditing

11 Customer lockbox Microsoft Ignite 2016 9/11/2018 8:57 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Demo – Lockbox Microsoft Ignite 2016 9/11/2018 8:57 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Bring your own key Customer-managed “master key”
Master key is used to encrypt/decrypt per-file encryption keys If it is removed or access is revoked, SharePoint Online can no longer decrypt your content Does not limit/restrict SharePoint Online functionality when enabled You control the master key You upload it to Azure Key Vault and grant access to the Office 365 service You can remove it or revoke access to it at any time

14 SECURE ACCESS AND SHARING
9/11/2018 Conditional access policies Sharing controls SECURE ACCESS AND SHARING Access to the right data by the right people under right conditions © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Balancing end user and IT expectations
Store anything Share with anyone Access from anywhere Use all my devices End user IT pro Full auditing transparency Control external access Protect sensitive data Control unmanaged devices Consumer-level ease of use vs. IT compliance and security +

16 Security, usability, and data sensitivity
Low Data sensitivity High

17 Security, usability, and data sensitivity
Low Data sensitivity High

18 Security, usability, and data sensitivity
Low Data sensitivity High

19 Conditional access pivots
5 Key Pivots of Control USER DEVICE APPLICATION LOCATION DATA SENSITIVITY

20 Users, device and applications
9/11/2018 8:57 PM Users, device and applications Manage Users AAD to manage users and groups Enforce strong passwords Multi factor authentication Conditional access based on users and groups Revoke suspicious user sessions Manage device and application access Integrated device and app management through Microsoft InTune Prevent or downgrade access on unmanaged and non-compliant devices Control apps and their level of access on both managed and unmanaged devices Integration with other EMM providers such as MobileIron, AirWatch etc. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Location and data sensitivity
9/11/2018 8:57 PM Location and data sensitivity Manage location of access Restrict access to specific IP ranges Automatically revoke access when user moves to untrusted location Manage access to sensitive data Office 365 Data Loss Prevention (DLP) policies protect sensitive data Prevent sharing of sensitive data with external users or within the organization © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Sharing controls Manage external sharing in your organization
9/11/2018 8:57 PM Sharing controls Manage external sharing in your organization Restrict who can share with whom Control what data can be shared with external users Restrict what external users can do © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Demo – Secure Access and Sharing
Microsoft Ignite 2016 9/11/2018 8:57 PM Demo – Secure Access and Sharing © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 AWARENESS AND INSIGHTS
9/11/2018 Auditing Reporting Alerting AWARENESS AND INSIGHTS Full transparency and insight into your users and data © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Auditing and reporting
9/11/2018 8:57 PM Auditing and reporting Auditing Every user action recorded for full audit trail Custom alerts to get notified when a specific event occurs Office 365 Management Activity API to export audit logs Reporting Full usage dashboard to monitor all Office 365 services Tenant level and per user reporting © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Demo – Auditing and Reporting
Microsoft Ignite 2016 9/11/2018 8:57 PM Demo – Auditing and Reporting © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Demo – Session Revocation
Microsoft Ignite 2016 9/11/2018 8:57 PM Demo – Session Revocation © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 INFORMATION GOVERNANCE
9/11/2018 Data retention policies eDiscovery and legal hold INFORMATION GOVERNANCE Ensuring you can manage your data lifecycle and discovery © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 9/11/2018 8:57 PM Data retention Meet your organizational or industry compliance requirements Set global retention policies on all content in Office 365 or granular policies on specific users or content Granular content policies based on custom tags, last modified date, or created date Preserve and delete content on customized schedule © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Demo – Retention Policies
Microsoft Ignite 2016 9/11/2018 8:57 PM Demo – Retention Policies © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 eDiscovery and legal hold
9/11/2018 8:57 PM eDiscovery and legal hold Find, preserve, analyze, and package data for legal investigation Delegate control to specialists such as a compliance officers or HR Single experience for searching and preserving across Office 365 No user action is required, all process performed in the background. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 9/11/2018 8:57 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 COMPLIANCE AND TRUST Proactive continuous compliance
9/11/2018 Proactive continuous compliance Privacy and transparency COMPLIANCE AND TRUST © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Proactive and continuous compliance
Independent validation of security practices Assessment of whether Office 365 complies with regulatory and security standards Dedicated engineering team for compliance and standards within Office 365 Internal compliance framework includes over 900 controls that map to external standards Product teams leverage internal controls to build functionality that respects regulatory constraints Compliance is a fundamental service offering We pursue accreditation as part of our holistic approach to security and privacy We implement features that help your organization remain compliant Largest compliance portfolio in the industry

35 Compliance Certifications
9/11/2018 8:57 PM Compliance Certifications © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Transparency Office 365 Protection Center Admin Center
Microsoft Ignite 2016 9/11/2018 8:57 PM Transparency Office 365 Protection Center protection.office.com Audit reports for Office 365, Azure, and more including ISO, SOC 1 and 2 White papers and reports including pen-test summary, CSA Cloud Control Matrix Admin Center Where is my data stored? Who has access to my data? Monitor the state of your service, issues, and availability Office 365 Trust Center aka.ms/o365trustcenter What security controls are in place to protect my data? What guarantees does Office 365 make about the privacy of my data? © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Privacy Custody, not ownership Security for the sake of privacy
Microsoft Ignite 2016 9/11/2018 8:57 PM Privacy Custody, not ownership You are the owner; Microsoft is the “custodian” or “processor” of your data If you leave the service, you can take your data with you We do not mine your data for advertising purposes Security for the sake of privacy The privacy of your data is the driving force behind our security measures SharePoint sites and libraries are set to “private” by default OneDrive are not shared until the user explicitly takes a sharing action Transparency about law enforcement requests Redirect government requests to customer whenever possible © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 9/11/2018 8:57 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 Summary

40 Core tenets Platform security Secure access and sharing
Awareness and insights Information governance Compliance and trust Layered encryption and putting the customer in control of access and key management Manage access and sharing settings to ensure sensitive data doesn’t leak Track account and file activity with full transparency with reports and alerts Govern your data retention, discovery, and deletion policies Continuous compliance, privacy, and transparency

41 Roadmap SAFEST CLOUD PLATFORM SECURE ACCESS AND SHARING
TechReady 23 9/11/2018 8:57 PM Roadmap SAFEST CLOUD PLATFORM SECURE ACCESS AND SHARING AWARENESS AND INSIGHTS INFORMATION GOVERNANCE COMPLIANCE AND TRUST Windows 10 WIP Bring your own key Block sharing of sensitive documents Location based conditional access Block or restrict access from unmanaged devices Time bound share expiration Re-sharing controls Custom alerts for file and sign in activity Reports on account provisioning, admin activity, and sign in Activity log for activity by location, IP External Sharing Reports Revoke sessions remotely Unified audit logs Tenant wide retention policies Tag based retention policies German Data Center CY2016 ODB Unlimited IRM sync support for next gen sync client H1CY17 © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Related sessions at Ignite
Tuesday BRK3032 – Learn how SharePoint safeguards your data in the cloud BRK2008 – Understand your users: What’s new in Office 365 Usage Reporting Thursday BRK1010 – Explore the mobile options for OneDrive for Business and SharePoint files BRK3036 – Get started with data security and compliance in SharePoint Server 2016 BRK3038 – Explore new SharePoint hybrid scenarios: Hybrid Auditing, Hybrid Taxonomy and Hybrid App Launcher Wednesday BRK3021 – Protect your sensitive information with Office 365 Data Loss Prevention BRK3228 – Protect your OneDrive and SharePoint files on mobile devices

43 Deploy, ramp-up on new services and onboard new users with Microsoft FastTrack:

44 Join the Microsoft Tech Community to collaborate, share, and learn from the experts:

45 Please evaluate this session
9/11/2018 8:57 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

46 9/11/2018 8:57 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Keep your OneDrive and SharePoint Content Safe"

Similar presentations

Deployment Planning Services

Deployment Planning Services
Azure Information Protection

Azure Information Protection
Deployment Planning Services

Deployment Planning Services
Manage Office 365 more effectively: what’s new in Office 365 admin?

Manage Office 365 more effectively: what’s new in Office 365 admin?
Microsoft Ignite 2016 5/16/2018 3:12 PM BRK2119

Microsoft Ignite /16/2018 3:12 PM BRK2119
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Enterprise Security in Practice

Enterprise Security in Practice
Microsoft Virtual Academy

Microsoft Virtual Academy
Data governance in Office 365

Data governance in Office 365
Deployment Planning Services

Deployment Planning Services
Azure File Sync Setup, configuration and management

Azure File Sync Setup, configuration and management
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Deployment Planning Services

Deployment Planning Services
Microsoft Ignite 2016 6/17/2018 4:41 AM BRK4016

Microsoft Ignite /17/2018 4:41 AM BRK4016
Build Connected Productivity Apps for SharePoint and Office

Build Connected Productivity Apps for SharePoint and Office
Firstline Workforce and Office 365: Microsoft StaffHub

Firstline Workforce and Office 365: Microsoft StaffHub

Similar presentations

Ads by Google