How to secure your data in Office 365

Maarten EekelsCTOPortiva

Maarten Eekels

CTO Portiva / P-TSP Microsoft

Speaker, blogger

Top 25 European SharePoint Influencers 2014

Contact

meekels@portiva.nlwww.eekels.net

Agenda• Data encryption• Message encryption• Rights management• Data loss prevention• Mobile device management• … and more

And we only have 45 minutes!!

Data encryption• Data at rest• BitLocker drive encryption• Per-file encryption (for SharePoint Online and OneDrive for Business)• Files are spread across multiple Azure Storage containers• Map with file locations is also encrypted• Encryptions keys are physically located somewhere else

• Data in transit• TLS/SSL across all workloads

Message encryption

Encrypted message never leaves server

Recipient receives message with link and is required to login to read and reply to the message

Configuration of message encryption1. Activate Rights Management in Azure/Office 3652. Configure RMS Online key sharing location in

Exchange OnlineSet-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-

rms.eu.aadrm.com/TenantManagement/ServicePartner.svc"

3. Import the Trusted Publishing Domain (TPD) from RMS OnlineImport-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"

4. Enable IRM in Exchange OnlineSet-IRMConfiguration -InternalLicensingEnabled $true

https://technet.microsoft.com/library/dn151475(v=exchg.150).aspx

Message EncryptionDEMO

Rights management• Protect your company’s sensitive

information based on encryption, identity, and authorization policies

• Documents can only be used by the intended recipients for the intended purpose

• Coming soon: Document tracking (Currently in preview, and in North America only)

Configuration of rights management1. Active Rights Management in your Office

365 tenantOptional:2. Configure Rights Management templates3. Enable Information Rights Management in

SharePoint Online4. Download and install Rights Management

sharing application http://go.microsoft.com/fwlink/?LinkId=303970

Rights ManagementDEMO

Data loss prevention• Identify and protect content

of personal or confidential nature

• Based on policies / Use policy tips to notify users about policy matches

• Already available in Exchange Online and coming to SharePoint Online

• Supports fingerprinting

Data Loss PreventionDEMO

Mobile device management

• Protect data on end user devices

• Conditional access

• Device management

• Selective wipe

Configuration of mobile device management • Install Apple Push Notification Certificate

Mobile device managementDEMO

And there is more…• Password policies• Multi-Factor authentication• Exchange Online Advanced Threat

Protection• Protection against unknown malware and viruses• Real time, time-of-click protection against malicious URLs• Rich reporting and URL trace capabilities

Thanks!

@maarteneekelswww.eekels.net