Respond to customer feedback through agile development Deliver new features and valueTrust and compliance Cloud value Continuous innovation with confidence.

Slides:



Advertisements
Similar presentations
/Calendar Collaboration Document Management Messaging Web Conferencing Best experience across devices.
Advertisements

Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
How do I handle major objections to Office 365?
Provide a platform built on security, privacy, and trust Maintain an evergreen service Offer highly configurable and scalable services.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
Private Cloud (on & off premises) Hybrid CloudPublic Cloud SaaS PaaS IaaS Microsoft’s Online service portfolio Office 365 Microsoft‘s communication.
“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
Security Controls – What Works
Microsoft Ignite /17/2017 2:11 PM
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Why Compliance Legal and Regulatory requirements Organizational governance requests Internal and external threats Today’s Challenges Duplicate solutions.
$5 user/month Competitively priced/featured for entry-level cloud services Evolution of Small Business $8.25 user/month For customers who want just the.
Office 365 Trust Center Answer key questions of Security Compliance Officers Dynamic engaging content that is refreshed every two weeks
PreserveDiscover In-Place Archive with secondary quota Available on-prem, online, or EOA Lync Archives into Exchange Search across Primary & Archive –
Agenda: Compliance Vision Archive Preserve (Hold) Delete (Messaging Records Management) Q&A.
OSP214. SECURITY PRIVACY RELIABILITY & SERVICE CONTINUITY COMPLIANCE.
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.
EXL302-R. Storage Management Balance mailbox size demands with available storage resources Reduce the proliferation of.PST files stored outside of IT.
What are your questions and feedback? How can you best manage change or if there’s a service incident? What tools do you have at your disposal? What’s.
What are your questions and feedback? What happens when there is change or a service incident? What is the Service Health Dashboard? What is our communications.
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Version 2.0 for Office 365 Wave 15. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureAdministering.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
@jseghers – Jethro Seghers.
OUC207. Identity-centric environment Targeted attacks Cloud computing Regulatory/compliance issues Consumerisation of IT Key trends affecting security.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Module 9 Configuring Messaging Policy and Compliance.
Security Best-in-class security with over a decade of experience building Enterprise software & Online services Physical and data security with access.
Storage Management Balance mailbox size demands with available storage resources Reduce the proliferation of PST files stored outside of IT control.
Empower the User Outlook, Word, PowerPoint, SharePoint, Mobile Apps, etc. Exchange, SharePoint, Lync, AD, File Server, third parties, etc. Exchange/
Paul Andrew. Identity-centric environment Targeted attacks Cloud computing Regulatory/compliance issues Consumerization of IT Key trends affecting security.
Run State DeployPurchase Service Management Excellence Operate & Optimize.
Sessions about to start – Get your RIG on! Microsoft Office 365 Security, Privacy, and Compliance Overview Aaron Dinnage Ben Fletcher OSS203.
Module 9 Configuring Messaging Policy and Compliance.
Ankur Kothari Microsoft Corporation. In-Place Archive with secondary quota Access documents with SkyDrive Pro Site Mailboxes enable better collaboration.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Introducing Microsoft Azure Government Steve Read Barbara Brucker.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Offer highly configurable and scalable services Maintain an evergreen service Provide a platform built on security, privacy, and trust.
Module 1Introduction Module 2Office 365 for IT Pros Module 3Getting started with Office 365 Module 4Deploying Office 365 Module 5Office 365 Service.
Module 7 Planning and Deploying Messaging Compliance.
Microsoft Hosting. Simplified admin experience Small Business (1-25)Midsize Business (1-300) Enterprise (unlimited) Full Enterprise admin experience.
The New Exchange - Archiving and Compliance Steve Chew Senior Technical Product Manager Microsoft Corporation EXL333.
“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.
Employees use multiple devices Employees use both corporate and personal applications Data is stored in various locations Cybersecurity is a top concern.
James Lewis and Simon Waight Office 365 security: everywhere you need it to be PRD33 1.
Local Touch—Global Reach Microsoft SharePoint 2013 Overview Stacy Simpkins, Sr. Consultant, Sogeti Florida.
Why Trust Office 365? Office 365 Security, Privacy and Compliance.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
The VERSO Product Returns Portal Incorporates Office 365 Outlook and Excel Add-Ins to Create Seamless Workflow for All Participating Users OFFICE 365 APP.
One Drive for Business: More Than a File Share Erica Toelle
Microsoft Exchange Server 2013 Security Mick Tomlinson– Technical Instructor New Horizons.
Information explosion 1.4X 44X Protect communications.
Trusting Office 365 Privacy Transparency Compliance Security.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
9/4/2018 6:45 PM Secure your Office 365 environment with best practices recommended for political campaigns Ethan Chumley Campaign Technology Advisor Civic.
CLM USE GUIDE FOR MICROSOFT TRUSTED CLOUD
How do I handle major objections to Office 365?
Christophe Fiessinger
Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.
11/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
IN THE PAST, THE FIREWALL WAS THE SECURITY PERIMETER devicesdata users apps On-premises.
Microsoft Data Insights Summit
03 | Basic Admin Capabilities
Cloud Computing for Wireless Networks
Presentation transcript:

Respond to customer feedback through agile development Deliver new features and valueTrust and compliance Cloud value Continuous innovation with confidence and control Continuous release cadence Minor & major updates Up-to-date, no patching Security comes first Evolving standards Direct feedback Real-time information Common support issues

Office Mix Simplified Admin Center experience The New Office New Partner Admin Center Office 365 Adapter Embedded Images OWA Policy Tips Updated Lync mobile clients Office 365 SSO with SAML 2.0 Identity Providers Multi-factor authentication Service Pack 1 for Office 365 ProPlus SAP and Power BI and Power Query support Windows Azure Active Authentication DirSync Scoping and Filtering Exchange Online Inactive Mailboxes PDF support for SharePoint Online Lync Online Integrated Reporting Office Online real-time co- authoring OneNote for Mac, Android, iPhone, and iPad updates Office 365 operated by 21Vianet Admin App for iOS, Android, and WP OWA Calendar Search OneDrive for Business Storage increase Power Map for Excel SharePoint Newsfeed App for Windows 8 Lync meeting scheduling from OWA Office Mobile for iPhone & Android phones Rights Management Services OneNote for iPad What we’ve delivered Exchange Online Address Book Policies Message Center EXO: 50 GB Mailboxes Exchange group naming policy OWA for iPhone & OWA for iPad New SharePoint Workflows Simplified Yammer login Office Lens Power Map GA for all Excel 2013 users OneDrive for Business Improvements 90 Day message trace OneDrive for Business Sync for Windows Lync Online Remote PowerShell Lync mobile client updates Office 365 Switch Plans OneNote for iPhone and Android phones Azure AD Password Sync Lync and SharePoint Service Reporting Connecting Skype & Lync OneDrive for Business apps for Windows 8 & iOS People View in OWA 1 TB for OneDrive for Business Office 365 Developer APIs S/MIME Encryption Office for iPad update Project Lite released

Recent & upcoming capabilities Office for iPad Delve & Office Graph Create, manage, and subscribe to various channels Capture, share, and discover videos from any device Secure cloud based video upload, storage and optimized playback

Exchange Hosted Services (part of Office 365) Hotmail SSAE-16 U.S.-EU Safe Harbor European Union Model Clauses (EUMC) Health Insurance Portability and Accountability Act Business Associate Agreement (HIPAA BAA) Data Processing Agreement (DPA) Active Directory Microsoft Security Response Center (MSRC) Global Foundation Services (GFS) ISO Certification Microsoft Security Essentials 1 st Microsoft Data Center Trustworthy Computing Initiative (TwC) Microsoft Security Engineering Center - Security Development Lifecycle (SDL) Microsoft experience and credentials Xbox Live MSN Bill Gates Memo Windows Azure FISMA Windows Update Malware Protection Center SAS-70 Microsoft Online Services (MOS) One of the world’s largest cloud providers & datacenter/network operators CJIS Security Policy Agreement Bing/MSN Search Outlook.com

Principles of Trust for Office 365 It’s your data You own it, you control it We run the service for you We are accountable to you Transparent service operation Privacy by design Continuous Compliance Built in Security

Independent verification Third party validation Regulatory compliance Confidence in the results

Compliance We support industry standards and organizational compliance Built-in capabilities for global compliance Enable customers to meet global compliance standards in ISO 27001, EUMC, HIPAA, FISMA Contractually commit to privacy, security and handling of customer data Customer controls for compliance with internal policies Admin Controls like Data Loss Prevention, Archiving, E-Discovery to enable organizational compliance

Physical Security Security Best Practices Secure Network Layer Data Encryption Office 365 Services | Master Control Set | Standards DLP OME SMIME RBAC RMS New Cert’s and more… Account Mgmt. Incident Monitoring Data Encryption Encryption of stored data and more… Data Minimization & Retention Access Control Office 365 has over 900 controls today! Service Capabilities Customer Controls

Based on NIST Special Publication Internationally recognized security and privacy controls Specific and adaptable

NIST provides a mapping to ISO27001 We map other standards like SOC 1, SOC 2 and EU Model Clauses

How the example control appears in our Control Set

Standards & Certifications SSAE/SOC ISO27001 EUMC FERPA FISMA/FedRAMP HIPAA HITECH ITAR HMG IL2 CJIS IRS 1075 Article 29 SOC 2 Global Europe U.S. UK U.S. US Europe Global Finance Global Europe Education Government Healthcare Defense Government Law Enforcement Government Europe Global Standards Certifications MarketRegion

Ever Evolving Approach to Compliance Market & Competitive Intelligence Compliance Management Framework Regulatory Impact Analysis (RSIA) Define Security, and Privacy controls Determine Implementation Requirements Implement Controls Document Implementation Continuous Monitoring Independent verification (Audits) Remediation Prioritize

Independent Testing

How Office 365 Controls Meet Compliance Physical Security Security Best Practices Secure Network Layer Data Encryption DLP OME SMIME RBAC RMS New Cert’s and more… Account Mgmt. Incident Monitoring Data Encryption Encryption of stored data and more… Data Minimization & Retention Access Control Audits Office 365 has over 900 controls Today! Service Capabilities Customer Controls Office 365 Services | Master Control Set | Standards

Control Effectiveness Assessment (Audit) Schedule Nov 2014 Dec 2015 Jan 2015 Feb 2015 Mar 2015 Apr 2015 May 2015 Jun 2015 Jul 2015 Aug 2015 Sep 2015 Oct 2015 Nov 2015 ISOFedRAMP MTISAE3402/SOCITARISO Control Effectiveness Assessment (Audit) Schedule Nov 2014 Dec 2015 Jan 2015 Feb 2015 Mar 2015 Apr 2015 May 2015 Jun 2015 Jul 2015 Aug 2015 Sep 2015 Oct 2015 Nov 2015 ISOFedRAMP MTISAE3402/SOCISO Audit cadence We audit control effectiveness using 3 rd party independent auditors.

Third-Party Auditors For ISO audits, Microsoft uses BSI. For ISAE3402/SOC audits, Microsoft uses Deloitte LLP. For other audits, Microsoft uses SecureInfo and Veris Group. We use well known or government certified auditors

ISO Audit report – sample

Audit Reports Right to Examine Customers can request a copy of the latest audit reports Compliance Program

Controls, compliance, and audits exist to help mitigate risk. Organizations face risk constantly: competitors, external events, and bad actors. What can you do about a risk? Mitigate, transfer, accept, and avoid. With Office 365, a number of risks can be mitigated by Microsoft. Risk Management

Risk Management framework

 Part of the responsibility for the secure management of the service lies with each customer. Managing Risk Office 365 supports a high degree of customer configuration Account Management Access control Segregation of duties Awareness and training Support requests Use flexible customer controls in Office 365 Customers must put the following controls in place to ensure the security of their data

Summary Comprehensive controls Engineering investments Extensive experience in Enterprise software Privacy core component of Microsoft’s DNA

Compliance controls Overview of Security and Compliance controls in Office

Data Loss Prevention Helps to Identify monitor protect Sensitive data through deep content analysis Identify Protect Monitor End user education

ALERT CLASSIFY ENCRYPT APPENDOVERRIDE REVIEW REDIRECT BLOCK Flexible tools for policy enforcement that provide the right level of control Transport Rules Rights Management Data Loss Prevention DLP Policy Enforcement

Data Loss Prevention (DLP) Prevents Sensitive Data From Leaving Organization Provides an Alert when data such as Social Security & Credit Card Number is ed. Alerts can be customized by Admin to catch Intellectual Property from being ed out. Empower users to manage their compliance Contextual policy education Doesn’t disrupt user workflow Works even when disconnected Configurable and customizable Admin customizable text and actions Built-in templates based on common regulations Import DLP policy templates from security partners or build your own

Protect sensitive documents from being accidently shared outside your organization No coding required; simply upload sample documents to create fingerprints Scan and attachments to look for patterns that match document templates

archiving and retention Preserve Search Secondary mailbox with separate quota Managed through EAC or PowerShell Available on-premises, online, or through EOA Automated and time- based criteria Set policies at item or folder level Expiration date shown in message Capture deleted and edited messages Time-Based In-Place Hold Granular Query-Based In-Place Hold Optional notification Web-based eDiscovery Center and multi-mailbox search Search primary, In-Place Archive, and recoverable items Delegate through roles-based administration De-duplication after discovery Auditing to ensure controls are met In-Place ArchiveGovernance Hold eDiscovery

Article 29 Working Party - collection of data protection authorities in Europe regulating world’s toughest privacy laws Validation by EU Data Protection Authorities for Microsoft’s commercial commitments for DPA/EU Model Clauses. (covering Office 365, Azure, CRM Online, and Intune) Microsoft is the only provider to have received this validation Standard part of contracts as of July 1st

Why Model Clauses Matter History of Privacy in Europe Microsoft was the first major CSP to offer EUMC Set standards for data protection Subprocessors

Privacy Privacy by design means that we do not use your information for anything other than providing you services No Advertising TransparencyPrivacy controls No advertising products out of Customer Data No scanning of or documents to build analytics or mine data Various customer controls at admin and user level to enable or regulate sharing If the customer decides to leave the service, they get to take to take their data and delete it in the service Access to information about geographical location of data, who has access and when Notification to customers about changes in security, privacy and audit information

To be clear, here’s what we do, and what we don’t do: We don’t provide any government with direct, unfettered access to your data. We don’t assist any government’s efforts to break our encryption or provide any government with encryption keys. We don’t engineer back doors into our products and we take steps to ensure governments can independently verify this. If as reports suggest there is a bigger surveillance program we aren’t involved

Transparency Microsoft notifies you of changes in data center locations and any changes to compliance. Core Customer Data accessed only for troubleshooting and malware prevention purposes Core Customer Data access limited to key personnel on an exception basis. How to get notified? Who has access to your data? Data Maps and Geographic boundary information provided Where is Data Stored? We have a high bar for privacy practices that support global standards for data handling and transfer

 1+ million servers  100+ datacenters

Privacy of your data We use customer data for just what they pay us for - to maintain and provide Office 365 Service Microsoft Online Services Customer Data 1 Usage Data Account and Address Book Data Customer Data (excluding Core Customer data) Core Customer Data Operating and Troubleshooting the ServiceYes Security, Spam and Malware PreventionYes Improving the Purchased Service, AnalyticsYes No Personalization, User Profile, PromotionsNoYesNo Communications (Tips, Advice, Surveys, Promotions) NoNo/YesNo Voluntary Disclosure to Law EnforcementNo Advertising 5 No Usage DataAddress Book Data Customer Data (excluding Core Customer Data * ) Core Customer Data Operations Response Team (limited to key personnel only) Yes.Yes, as needed. Yes, by exception. Support Organization Yes, only as required in response to Support Inquiry. No. Engineering Yes. No Direct Access. May Be Transferred During Trouble-shooting. No. Partners With customer permission. See Partner for more information. Others in Microsoft No. No (Yes for Office 365 for small business Customers for marketing purposes). No.

Customer dashboard for complianceAccess to O365 compliance controls View customer-relevant reports – ISO, SOC Audit reports Notifications about updates, regulatory changes, etc. Vision for transparency in Compliance

Earning Trust Independent Testing Compliance Benefits Customer controls Privacy Summary

Trust Center Answer key questions of Security Compliance Officers Dynamic engaging content that is refreshed every two weeks

END OF DECK

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.