Most of the companies including small to large business organisations can’t deny the fact that there can be some risk of cyber-attack which can’t be ignored. The majority of the time it’s hard to determine how vulnerable they are exactly and what measures can be taken to prevent those situations. Here is why Microsoft has come up with Office 365 Security and Compliance Policies as per your organisation’s needs. You might like to establish secured policies and services for your business to cover the majority of the security concerns.
Please find below the available Office 365 features to ensure your organisation’s security and compliance necessity.
Office 365 Security and Compliance Center:
You can set up compliance for Office 365, Exchange Online and SharePoint Online under this feature. This section has several options. First, you can avail mail archive policy where your emails will automatically be moved from primary mailbox to archive mailbox after a particular period of time.
Second, you can automatically manage and secure your organisation’s sensitive information with DLP (Data Loss Prevention) policies which you can create by yourself.
Third, you can grant and deny access to compliance managers in your organisation to permit access of some or all of the compliance features.
Apart from that, you can manage eDiscovery cases, auditing reports, retention and deletion policies in SharePoint and Exchange Online which are discussed in the next points.
Archive Policy in Office 365
This policy helps to automatically remove older and not so frequently accessed information when they are no longer needed. This includes archiving mailboxes which have been discussed earlier.
Next is Retention policy which comes under this section. With Retention policy, admin can allow, assign and apply certain policy tags to particular mailbox folders as per requirement. These tags help to decide how long a particular item should be retained. Also, this feature can be used to delete less important items like newsletters and notifications after a small period of time.
Another feature falls under this category is Document Deletion Policies. Saving some important items longer than they require might increase legal risks. With Document Deletion Policies, certain items will automatically be deleted after the necessary period of time.
Next is Information Management Policy which comes up with the benefits where one can create a set of rules as per the type of content. You can control how long an item should be retained or what accessibility features should be provided to maintain legal regulations.
The last feature that comes under this category is Records Management in SharePoint Online. This policy helps you store all your critical files in one centralised place called Records Center Site. A proper plan is required before creating a records centre where you can rightly configure and manage your records.
Anti-spam and Anti-malware protection policy
Office 365 has inbuilt spam and malware protection capabilities for Exchange Online platform. The main advantage of this is admin don’t need to set up any separate filtering feature as it is enabled by default. But in Exchange Admin Center (EAC), admin can create business specific filtering customization. Under this policy feature, one can create a safe senders list and blocked senders list by utilising IP addresses. You can also create a custom filter where you have the control to give access to specific users or admins. Admin can even send spam and non-spam messages to Microsoft for security analysis.
Data Loss Prevention (DLP) policy
Needless to say that every organisation?s first and foremost priority is to protect their critical information from malware or cyber-attack. Office 365’s DLP policy helps to meet security compliances by preventing unforeseen disclosure of data. It helps you to identify delicate information across Exchange Online, SharePoint Online and OneDrive for business. Also, monitors and restricts the accidental sharing of critical information. Now, if your users need to share some sensitive items then DLP will send them email notifications about the applicable policies allowing them to revoke the policies if they have a business justification. Thus, DLP makes it easier to automatically identify and prevent security threats.
eDiscovery which is known as Electronic Discovery is used to search specific contents in Office 365 groups, Exchange Online mailboxes, SharePoint Online and Skype for business interactions. Basically, this feature is used to identify electronic information which can be used as a source and evidence for legal cases. You can create, report and delete multiple content searches. With this feature, admin can grant permissions to its eDiscovery manager to only search a subset of mailboxes. Also, this policy has several properties to search for any third party data imported in Office 365.
Auditing feature in Office 365
This feature allows you to keep an Integrated audit log section where you can keep a track of the user and admin activity. You can monitor the user activity in Exchange Online, SharePoint Online and OneDrive for business to make sure proper business security and compliance followed in the organisation.
Inactive mailbox management
What an employee leaves the organisation, you need to delete his/her Office 365 account. But what happens if you need to retain their mailbox items for a specific period of time or may be indefinite. In this case, you should convert the employee’s mailbox into an Inactive mailbox and then remove related Office 365 account. Usually, the employee’s mailbox is retained for 30 days after the removal of Office 365 account. Otherwise, the inactive mailbox can be retained until the retention policy is removed.
Device management policies
Office 365 is all about making business simple by accomplishing your work anytime, anywhere on any devices like laptop, Smartphone, iPhone, Windows phone etc. So it’s utmost critical to set up device management policies to comply with security features. Office 365 provides Mobile Device Management policies where you have the liberty to create your own policy rules so that only authorised mobile devices and apps can have access to your company’s sensitive information. Also, in a case of any loss of the device, organisational information can be remotely wiped out.
Transport rules policy
If your mailboxes are hosted in Exchange Online platform, then this feature can be used to identify mail items which are in transit and actions can be taken accordingly. Admin can prevent unsuitable contents from being sent or received. Also, a disclaimer can be added to messages. One can filter sensitive information with this feature and inbound or outbound emails can be redirected before delivery.
Information Rights Management (IRM) policies
IRM feature limits user actions on particular files in SharePoint Online. It prevents crucial information from being copied, saved or forwarded by unauthorised users. In Exchange Online platform, IRM provides online and offline protection to email items and prevents from getting leaked.
This feature keeps your data and communication secure by creating encrypted data during its transmission through the web. Admin can opt for what type of encryption should be used to protect email communication.
The Internet is all about websites. We create websites but never delete them. If we don’t delete when sites are not needed then they use storage space and sometimes become inconvenient as well for compliance reasons. To control this situation site policy can be used. These policies will ensure the life cycle of the website mentioning when the site will be closed. A closed site doesn’t appear in other places but users can still modify a closed site simply by searching it using the URL. There are three options under this feature.
First, the site owner must delete the website manually as it’s not deleted automatically. Second, under this policy, there is another feature where the site owner can choose to delete the site automatically but he has to close it manually first. Third, websites can be chosen to get closed and deleted automatically. You can create a workflow to close the website. After the workflow completes, SharePoint automatically closes the item.
A site owner can choose to open the closed or deleted the website from the Site Closure and Deletion page under Office 365 Security and Compliance Center.
These are the mainly categorised compliant policies of Microsoft Office 365 suite which will help you to get an overview of Office 365’s security and compliance policies. Office 365 Security and Compliance Center is the one-stop portal which will manage all your business compliance and regulations across entire Office 365 suite.