How Microsoft Office 365 can help you with The General Data Protection Regulation (GDPR)

In May 2018, the General Data Protection Regulation (GDPR), will impose new rules on companies, government agencies, non-profits, and other organisations that offer goods and services to people in the European Union, or that collect and analyse data tied to EU residents. The GDPR applies no matter where you are located.

Whilst the Information Commissioner’s Office (ICO), the UK’s data protection regulator, has already taken noticeable steps in assisting businesses to prepare for the GDPR, by publishing its Guidance Roadmap.  We thought it would be useful to highlight how some of Microsoft products and services available today that can help you meet the GDPR requirements.

One essential step to meeting the GDPR obligations is discovering and controlling what personal data you hold and where it resides. There are a number of Office 365 solutions that can help you identify or manage access to personal data.

Data Loss Prevention (DLP) in Office and Office 365 can identify over 80 common sensitive data types including financial, medical, and personally identifiable information. In addition, DLP allows organisations to configure actions to be taken upon identification to protect sensitive information and prevent its accidental disclosure.

Advanced Data Governance uses intelligence and machine-assisted insights to help you find, classify, set policies on, and take action to manage the lifecycle of the data that is most important to your organisation.

Office 365 eDiscovery search can be used to find text and metadata in content across your Office 365 assets—SharePoint Online, OneDrive for Business, Skype for Business Online, and Exchange Online. In addition, powered by machine learning technologies, Office 365 Advanced eDiscovery can help you identify documents that are relevant to a particular subject (for example, a compliance investigation) quickly and with better precision than traditional keyword searches or manual reviews of vast quantities of documents.

Customer Lockbox for Office 365 can help you meet compliance obligations for explicit data access authorisation during service operations. When a Microsoft service engineer needs access to your data, access control is extended to you so that you can grant final approval for access. Actions taken are logged and accessible to you so that they can be audited.

Another core requirement of the GDPR is protecting personal data against security threats. Office 365 provide features that safeguard data and identify when a data breach occurs;

Advanced Threat Protection in Exchange Online Protection helps protect your email against new, sophisticated malware attacks in real time. It also allows you to create policies that help prevent your users from accessing malicious attachments or malicious websites linked through email.

Threat Intelligence helps you proactively uncover and protect against advanced threats in Office 365. Deep insights into threats—provided by Microsoft’s global presence, the Intelligent Security Graph, and input from cyber threat hunters—help you quickly and effectively enable alerts, dynamic policies, and security solutions.

Advanced Security Management enables you to identify high-risk and abnormal usage, alerting you to potential breaches. In addition, it allows you to set up activity policies to track and respond to high risk actions.

• Finally, Office 365 audit logs allow you to monitor and track user and administrator activities across workloads in Office 365, which help with early detection and investigation of security and compliance issues.

If you would like to discuss how Microsoft Office 365 or Azure resources can help you meet your GDPR requirements, please contact us using the form below.

Send us mail

What is Microsoft Office 365?

In spite of Microsoft’s considerable marketing efforts surrounding Office 365, we still get a lot of people asking us to explain in detail exactly what Office 365 is all about. As much as we love waxing lyrical about one of our most favourite Microsoft services, I thought it might be useful to put together a comprehensive guide.

Introduction

Office 365 provides hosted services such as Email (Microsoft Exchange), Unified Collaboration (Microsoft SharePoint, OneDrive for Business, and Skype for Business), and on-premises software such as the Office productivity suite through subscription licensing.

This allows organisations to reduce their operating costs, avoid capital costs, and add or remove capacity at a moment’s notice. For most organisations moving to a hosted SaaS (Software as a Service) model also improves uptime and security/compliance, whilst at the same time reducing licensing costs and mitigating license compliance risks.

Office 365 services and software are delivered by the Office 365 E1, E3 and E5 subscription plans: –

Office 365 Subscription Features

Office 365 allows organisations to consume services such as email, collaboration, and other functions directly from Microsoft, freeing up their internal IT resources and avoiding costs associated with IT infrastructure, staffing, software and license management, and facilities management (data centre related).

Office 365 is updated multiple times per year with updates delivering new features as well as bug fixes. Microsoft reserve the right to retire or replace any of the hosted services or any of the Office 365 Pro Plus (on-premise productivity suite) features at any time.

Note: Microsoft used to provide 12 months’ notice for disruptive changes but dropped this commitment in 2015.

All Microsoft hosted Office 365 services are eligible for product support, but only when using specific versions of client software (i.e. browser or Office productivity suite). Although they don’t block unsupported versions of client software from accessing Office 365 services, Microsoft will reserve the right to refuse any break/fix support services and the end user may find that some features are not available to them.

Microsoft publishes an Office 365 roadmap online (https://fasttrack.microsoft.com/roadmap) listing the status of planned service improvements. Furthermore, a First Release preview program (known as Fast Track) allows Office 365 subscribers early access to upcoming changes.

Office

Office Online: This feature was formerly known as Office Web Apps and provides hosted applications (Word, Excel, PowerPoint, and OneNote) enabling users to create and edit Office documents via a web browser without the need for the equivalent Office applications being installed on the client device.

Office 365 ProPlus: This is the latest Office suite (currently Office 2016) for local installation on either Windows or Mac personal computers.

Office Mobile Applications: This feature allows users to create and edit Office documents on Apple iOS and Android devices, using Office apps for those platforms.

Exchange

Exchange Online: This service offers email, calendars, contacts, and tasks all based on Microsoft Exchange Server (currently Exchange 2016).

Exchange Online Premium: This service offers the same features as Exchange Online but with enhanced tools for archiving, retention, and eDiscovery.

Exchange Online Protection: This service filters out malware, spam, and other unwanted content for Exchange Online. This service can also be used with on-premise Exchange Server installations to filter messages before they are delivered to the on-premise Exchange Server.

Exchange Online Archiving: This service archives emails for Exchange Online, but can also be used to archive emails for Exchange Servers running in Azure. This feature helps enforce comms and record retention policies. It has recently been extended to archive other types of messages such as social network traffic.

Exchange Advanced Threat Protection: This service extends Exchange Online Protection to protect e-mail users against previously unknown malware as well as malicious URLs and other types of threats.

SharePoint, Power BI, and OneDrive for Business

SharePoint Online: This service delivers functions such as file sharing, team collaboration, enterprise search, content management, and portal hosting to name just a few. Based on SharePoint Server (SharePoint Server 2016) this service is the platform where improvements are delivered first before they are migrated to the on-premise version of SharePoint Server.

SharePoint Online Premium: This service delivers all of the features of SharePoint Online, but in addition delivers enhancements in eDiscovery, Business Intelligence, and Web Content Management.

Power BI: Microsoft’s Business Intelligence service enables users to share reports (that are refreshable as opposed to static) that includes access to refreshable on-premise data, complete with interactive features for self-service analysis. Power BI Pro is the premium product that is included in higher levels of Office 365 subscriptions (currently E5), or you can buy it separately as a standalone online subscription.

OneDrive for Business: This service provides unstructured storage for users, enabling them to store and share their files both within, and outside, their organisations.

Skype for Business

Skype for Business Online: This service provides unified communications with presence status, instant messaging (IM), voice and video calls, application sharing, web conferencing, and Skype Meeting Broadcast web conferences for up to 10,000 internal attendees.

Skype for Business Online Premium: The premium version of Skype for Business Online included with higher levels of Office 365 subscriptions (currently E5) provides a hosted Cloud PBX service that provides advanced telephone calling and management. Further add-ons to the premium service offer hosted PSTN dial-in conferencing so remote attendees can dial into meetings.

Collaboration & Search

Yammer: This service offers collaboration spaces with groups, conversations, and data sharing that are similar to social networking services such as Facebook and Twitter.

Groups: This feature offers collaboration spaces with a shared mailbox, calendar, and file library across several Office 365 products such as Outlook 2016 and SharePoint Server.

Delve: This feature provides a set of Office 365 functions to help users discover people and documents in Office 365. Delve feeds targeted search results and views of content to users based on their user activity and other information collected by the Office Graph service.

Delve Analytics: This is a premium feature and provides reports that show analytics of employees (for example how many emails are sent outside business hours) to help track things such as organisational health and efficiency indicators.

Video: This feature offers a portal for securely viewing, sharing, discussing, and discovery of an organisation’s video content.

Planner: This feature provides task and project management that is integrated with Groups and other Office 365 collaboration services. Planner offers a simple alternative to Project Online (the Microsoft hosted version of Project Server), competing with products such as Asana, Smartsheet, and Trello.

Security & Compliance

Security & Compliance Centre: This feature offers a single web-based console for managing, archiving, mobile device management, basic eDiscovery, hold and retention, and other compliance tasks including data loss prevention (enabling organisations to limit leakage of sensitive data). The Security & Compliance Centre manages content across Exchange Online, OneDrive for Business, SharePoint Online, and Skype for Business.

Advanced eDiscovery: This feature provides filtering and detailed search capabilities using Equivio (software acquired by Microsoft). Equivio’s text analysis technology helps locate and organise documents that are relevant to legal cases ready for archiving, allowing organisations to use machine learning technology to train the system for specific cases or purposes.

Management & Security

Office 365 offers a complete administrative platform for managing and securing its services, including important management and security services.

Azure Active Directory (AAD): This service provides identity and access management for Office 365, along with other online services (both by Microsoft and other 3rd party vendors).

Office 365 Mobile Device Management: This feature protects Office 365 content on mobile devices, along with the devices themselves, enforcing device policies (such as password complexity) and enabling selective remote wipe of Office 365 documents and emails on a specific device.

Office 365 Advanced Security Management: This feature provides organisations with threat detection, application control, and usage discovery for user of Office 365.

Azure Rights Management: This service allows organisations to encrypt and control access to sensitive content to enable them to comply with privacy and disclosure regulations. Rights management protection is part of, and travels with, the content allowing controlled access even if the content moves to a device that is outside an organisation’s control. This feature includes Office 365 Message Encryption, which enables encryption of messages in Exchange Online.

Customer Lockbox: This feature enables organisations to individually approve or deny requests for access to their Office 365 data by Microsoft administrators.

Compliance

Office 365 provides a plethora of compliance from ISO27001, PCI DSS, FIPS 140-2, right through to CESG OFFICIAL.

If you’re a Public Sector organisation here in the UK and you’re concerned about data residency, or PSN compliance, you can rest assured that moving to Office 365 will most likely enhance the security of your data/users. There are plenty of resources available to ensure that when adopting Office 365 you ensure that you remain fully compliant – just take a look at some of these: –

CESG Cloud Security Guidance

CESG Microsoft Office 365 Security Guidance: Email

CESG Microsoft Office 365 Security Guidance: Administrator good practice

Meeting the UK Government’s 14 Cloud Security Principles

And with the announcement of 3 new UK Microsoft Data Centres brought online (7th September 2016), you can rest assured that your data stays in the UK: –

http://www.bbc.co.uk/news/technology-37285667

If you are a Public Sector organisation then we believe it is imperative that when working with a Microsoft Partner you ensure they fully understand your compliancy requirements, and more importantly the impact of non-compliance. Here at CoreAzure we have a dedicated Architecture & Security Practice headed up by Gareth Jones – Gareth just happens to be one of the first in the Country to become a CESG Certified Professional (CCP), so we have both the experience and the credentials to ensure our Public Sector customers remain fully compliant.

I hope this has given you a reasonable insight into what Microsoft Office 365 is all about. If you have any questions, or wish to discuss your Office 365 requirements with a Microsoft Gold Partner that has both the experience and expertise in all Microsoft Cloud technologies then feel free to contact me directly: mark.briggs@coreazure.com

In my next few blogs I’ll take a deep dive into some of the individual products & features of Microsoft Office 365.

Microsoft Azure Active Directory: Preview

For customers who are struggling with federating Active Directory and other directory stores with Microsoft Online Services (Windows Azure and Office 365), Microsoft has made a confession: “integrating your on premises identities with Azure AD is harder than it should be” and requires “too many pages of documentation to read, too many different tools to download and configure, and far too much on premises hardware required.

The good news? It has done (and is continuing to do) something about it, in the form of a new, “four-clicks-and-you’re-done” tool: Azure Active Directory Preview.

The tool is currently in Beta and is billed as “a single wizard that performs all of the steps you would otherwise have to do manually for connecting Active Directory and local directories to Azure Active Directory.

That means it installs all the required bits of .NET Framework, the Azure Active Directory Powershell Module and the Microsoft Online Services Sign-In Assistant, then gets Dirsync up and running between your on-premise environment and Microsoft Azure.

For now, the tool only allows a single Active Directory forest with Windows Azure Active Directory, but Microsoft promises to bring more forests into the cloud in future.

Customers wishing to join the program will find the following information useful:

To join the program through Microsoft Connect: http://go.microsoft.com/fwlink/?LinkID=396558

For more information about AADSync: http://go.microsoft.com/fwlink/?LinkID=393942

OneDrive for Business

It seems that one of the hot topics of the moment is OneDrive for Business. I’ve been asked a lot lately to explain what OneDrive for Business is, and how it fits into the overall Office 365 offering with SharePoint Online (in particular Team Sites and Personal Sites), and how OneDrive for Business differs from OneDrive.

Well… rather than me write a lengthy blog about it – how about a simple video: –

Here at CoreAzure we are big fans (and avid users) of OneDrive for Business – so if you’d like to know more, feel free to send an email mark.briggs@coreazure.com