Get answers to your Office 365 security and compliance questions

TheSupe87 - Fotolia

Office 365 compliance issues deserve your attention

Businesses have more data than ever before, and Office 365 stores that information in more than email messages. Make sure that data retention is in compliance with regulations.

It's no longer enough to evaluate email servers on just the basic features. Cyberattacks and data leaks are on the rise, and the explosive growth of data means IT admins must reconsider security protections and compliance concerns in their email servers.

Those worries are acute for a business considering a move from an on-premises platform to Microsoft Office 365. Admins should be aware of the potential challenges that await once their company's data migrates to the cloud, such as Office 365 compliance.

Businesses routinely accumulate vast quantities of data, and that increases regulatory pressures to protect digital assets. Exchange admins were accustomed to managing the security and compliance of just one workload on premises; in the cloud, the number of workloads mushrooms, and the list of Office 365 services that contain company data includes SharePoint, Skype and OneDrive. With Office 365, IT admins are responsible for data governance, and they need to consider new areas of security and compliance.

Microsoft invests $1 billion annually in cybersecurity research and development. The company regularly introduces new features and enhancements for Office 365 security. IT admins can use these modern accoutrements as ammunition to convince their business that it is worth the investment. But before making the move, administrators must address important questions about Office 365 compliance and security.

Navigate Office 365 compliance aspects

With Office 365, IT administrators have one common information protection layer.

Microsoft moved away from a decentralized administration model for on-premises Exchange, where each workload in the platform had its own security and compliance management console. There is now one centralized portal where admins can see all aspects of Office 365 compliance and security.

This portal offers admins a single place to set up and configure the policies related to Office 365 areas, such as SharePoint, OneDrive and email messages. Admins can also use the Office 365 Admin mobile app to access the management console and make adjustments on the go.

Make a data governance plan

As an important preliminary step, many early Office 365 adopters advise IT admins to put together a data governance plan. You'll want all the policies needed to meet the business requirements in place before the data migrates. The Microsoft FastTrack team or third-party vendors can assist.

With on-premises Exchange, admins' only compliance concern is with email messages. But for Office 365 compliance, admins must consider data elsewhere, such as Skype for Business, files and SharePoint content, that Microsoft's data centers manage and store. IT administrators need to expand the scope of their compliance and security policies beyond Exchange and set policies for other workloads. Office 365 offers flexibility and enables some policies to be applied to multiple workloads; this eliminates the duplication of work when creating specific compliance policies.

IT admins are used to digging through troves of user activities and system logs to identify compliance and security issues. Office 365 eases that burden and offers incident and auditing capabilities, such as searchable audit logs, that are easy to use and navigate. IT administrators can now receive alerts on data deletions, departure of sensitive content to external users, or when a user signs in from a risky IP address.

Know what else is covered

In addition to features that protect and monitor compliance in services such as SharePoint, OneDrive and Skype for Business, Microsoft announced in 2017 it will extend that ability to some external data as well. The Advanced Data Governance feature in Office 365 enables administrators to ingest external data from places such as Facebook, Bloomberg, Twitter and LinkedIn; store it within Office 365 cloud storage; perform searches; and apply compliance policies to it.

Intelligence-infused services are nothing new to Microsoft, which seems to recognize the importance of artificial intelligence and how it enables administrators to perform smarter searches and detect abnormal activities. Advanced Threat Protection, Advanced eDiscovery, automatic data classification, and Advanced Security Management use AI to assist with early detection, discovery and prevention.

Manage security needs quickly

An on-premises environment typically requires admins to spend time managing multiple security and compliance platforms. With Office 365, IT administrators have one common information protection layer; a centralized administration portal manages all security and compliance needs for cloud workloads.

Surprisingly, these security components don't require much from IT, as the tools and intelligence services automate, detect and remedy many issues that admins traditionally handled manually. Not only is there a more comprehensive security layer, but IT admins have more time to efficiently adapt to external threats.

The base Office 365 packages do not include every security and compliance feature. Determine which features your business needs and whether they require licenses to enable advanced capabilities. While Office 365 E5 includes several advanced security and compliance features, there are others -- such as advanced threat analytics and Azure Active Directory premium services -- that Microsoft considers add-ons, which will cost extra.

As more businesses move their email servers to the cloud and adopt cloud-based workloads within Office 365, there is demand for better visibility and improved security. IT administrators recognize they must adjust their security and compliance practices. But that brings the challenge of relying on one vendor and trusting it with the data. So far Microsoft has taken appropriate steps to invest in its Office 365 compliance and security capabilities, and all IT administrators can do is implement the recommended services based on best practices and recommendations.

Next Steps

Advantages and weaknesses in Office 365

Prevent data loss in Office 365

Add-ons to secure against advanced attacks

Dig Deeper on Exchange Server setup and troubleshooting