spsnl15 - how to secure your data in office 365

How to secure your data in Office 365

Maarten Eekels

Maarten Eekels

CTO Portiva / P-TSP Microsoft

Speaker, blogger

Top 25 European SharePoint Influencers 2014

Contact

meekels@portiva.nlwww.eekels.net

Agenda• Data encryption• Message encryption• Rights management• Data loss prevention• Mobile device management• … and more

Data encryption• Data at rest• BitLocker drive encryption• Per-file encryption (for SharePoint Online and

OneDrive for Business)• Files are spread across multiple Azure Storage containers• Map with file locations is also encrypted• Encryptions keys are physically located somewhere else

• Data in transit• TLS/SSL across all workloads

Message encryption

• Encrypted message never leaves server

• Recipient receives message with link and is required to login to read and reply to the message

Configuration of message encryption1. Activate Rights Management in Azure/Office

3652. Configure RMS Online key sharing location in

Exchange OnlineSet-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc"

3. Import the Trusted Publishing Domain (TPD) from RMS Online

Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"

4. Enable IRM in Exchange OnlineSet-IRMConfiguration -InternalLicensingEnabled $true

https://technet.microsoft.com/library/dn151475(v=exchg.150).aspx

Message Encryption DEMO

Rights management• Protect your company’s sensitive

information based on encryption, identity, and authorization policies

• Documents can only be used by the intended recipients for the intended purpose

• Coming soon: Document tracking (Currently in preview, and in North America only)

Configuration of rights management1. Active Rights Management in your

Office 365 tenantOptional:2. Configure Rights Management

templates3. Enable Information Rights

Management in SharePoint Online4. Download and install Rights

Management sharing application http://go.microsoft.com/fwlink/?LinkId=303970

Rights Management DEMO

Data loss prevention• Identify and protect

content of personal or confidential nature

• Based on policies / Use policy tips to notify users about policy matches

• Already available in Exchange Online and coming to SharePoint Online

• Supports fingerprinting

Data Loss Prevention DEMO

Mobile device management• Protect data on

end user devices

• Conditional access

• Device management

• Selective wipe

Configuration of mobile device management • Install Apple Push Notification

Certificate

Mobile device management DEMO

And there is more…• Password policies• Multi-Factor authentication• Exchange Online Advanced Threat

Protection• Protection against unknown malware and viruses• Real time, time-of-click protection against malicious

URLs• Rich reporting and URL trace capabilities

THANK YOU