Announcing Office 365 customer security considerations preview
Office 365 provides customers with a continuous stream of innovative features that provide significant productivity improvements while keeping information highly secure. Microsoft is working on resources and tools to help you leverage Office 365 information security features and controls, so you can manage security in your Office 365 tenant. The Office 365 Service Trust Portal (STP), launched earlier this year, is an example of a feature that provides deep insights into how Office 365 services are operated and independently audited.
Microsoft presents the customer security considerations (CSC) workbook that can be used to facilitate a quick review and implementation of the security controls available in Office 365. The CSC workbook is designed to provide you with information on key security and compliance features to consider when adopting, deploying, and managing Office 365.
The CSC workbook, which currently is implemented as a Microsoft Excel workbook, is in preview.
The CSC workbook contains two security-based pivots on the same set of features and information. One pivot is the Office 365 Customer Control Considerations section. Information in this section is organized into five scenarios listing the features that can be used to manage information security risks:
- Data Resiliency—Considerations for protecting and recovering information from potential data corruption.
- Access Control—Things to consider managing identity and access control using Office 365 and Azure features.
- Data Leakage—Considerations around using encryption and controlling forwarding.
- Security and Compliance Investigations—Considerations for conducting compliance searches and forensics investigations, as well as logging and hold actions in Office 365.
- Incident Response and Recovery—Things to consider security incident response and recovery.
In addition to these five scenarios, an all-up list of considerations is provided.
The second pivot is the Office 365 Risk Assessment Scenarios section. Information in this section is organized by risks/threats and how you will implement various controls to manage these risks:
- Malicious Customer Administrator
- Former Employee
- Credential Theft
- Trusted Device Compromised
- Attacker Foothold
- Microsoft Operator
We hope that the CSC workbook provides you with quick information on how to help secure your Office 365 service with features/configurations that you manage. Based on the usage of this tool and your valuable feedback, we hope to expand the scope of considerations as appropriate and make it, even more, user-friendly in the future.
To get the CSC workbook, sign in to the STP and download the “Office 365 Customer Security Considerations Preview” and “Office 365 Customer Security Considerations Preview Reference Guide” from the Trust Documents area.
If you have not yet signed up for access to the STP, you can find instructions for doing so here.