The Security Features in Office 365

By Rosemarie Withee, Ken Withee, Jennifer Reed

Part of Office 365 For Dummies Cheat Sheet

The current threat landscape affects all of us. Knowingly or unknowingly, we are targeted by hackers every day. This guide provides a quick overview of built-in security features in Office 365 that allow users to stay productive while minimizing security risks.

Topic What You Need to Know
The anatomy of a modern attack Understand that social engineering comes in many forms: phishing, spear phishing, scareware, and more. They all attempt to psychologically manipulate a user into divulging information or influencing an individual to perform a specific action. The end game is usually to gain access to the computing environment to do harm.

Plan your defense against breaches by stepping through the mindset of hackers as they use social engineering to gain access to your environment in five key stages: the reconnaissance (recon), the initial breach, the elevation of privileges, the entrenchment, and ultimately, the exfiltration of data.

Security as a shared responsibility Security in a cloud computing environment is a partnership between the tenant organization and the cloud service provider. Both parties have responsibilities which, if carried out, will enhance the security posture of an organization.

In Office 365, Microsoft, as the cloud service provider, takes care of the physical security of its datacenters where all of its customers’ data are stored.

On the customer side, there are tasks a tenant admin can do, such as implementing multi-factor authentication, and actions end users can perform such as email encryption to enhance security.

Securing email In Office 365, you can continue to do the things you do to be productive while at the same time stay secure. In Exchange Online (the technology driving your email), for example, you can encrypt your email so that only the intended recipients of the message will be able to read it. You can apply protection to your email so if it’s confidential, the email can only be read by people within your organization. If someone accidentally forwards or copies a recipient outside of the organization on email marked confidential, that recipient will get the email but he or she won’t be able to read it. These security features for protecting email are available through the Office 365 Message Encryption (OME) service which is included in most Office 365 subscriptions or as an add-on service.