Sergey Nivens - Fotolia


How DLP, MFA and other features influence Office 2016 security

Data loss prevention, multifactor authentication and document sharing all get a security boost in Office 2016, but you might want to consider holding off on upgrading.

Microsoft's long-awaited Office 2016 is finally here. Promising to reinvent productivity and business processes, Microsoft is aiming to make a splash with this new Office suite.

Enhancements to Office 2016 security take center stage, with general feature improvements also of interest to IT organizations. I know it seems a bit odd to discuss security functions that are presumed to be handled elsewhere in the operating system, on the network or in the cloud. However, Microsoft is pushing the security enhancements in Office 2016, much of which work in hybrid scenarios with Office 365.

Here are the major Office 2016 security improvements and how they can impact your organization:

Data loss prevention (DLP) controls for granular filtering or blocking ensures sensitive information isn't sent to unauthorized sources. In Office 2016, the Outlook/Exchange-centric DLP controls that are available in Office 2013 will extend to Word, Excel and PowerPoint. When used properly, DLP can prevent a large percentage of data breaches. The problem is a lot of organizations don't actually use data loss prevention. Perhaps Office 2016 will help DLP become more mainstream.

Multifactor authentication for password-protected files. One of the greatest vulnerabilities related to password-protected Office documents is that passwords can be cracked quickly using readily available tools. Multifactor authentication can help with that risk, with Outlook in Office 2016.

Additional MDM-specific controls via Microsoft Intune or Enterprise Mobility Suite are for mobile devices. Similar to DLP, a well-functioning mobile device management tool is rare to find. Perhaps, with Microsoft baking such security controls into Office 2016, this too will help critical security technology become more commonplace in the enterprise.

Document sharing and version history enhancements ensure the proper users are accessing documents, with fallback versions in the event of a glitch. I have experienced the latter on many occasions. Anything that Microsoft can do to extract such features that have long been embedded in complicated options settings will benefit the average enterprise user.

The new Office 2016 Deployment Tool will give network admins greater control over installation options. In IT, you don't want users making security-related decisions. Why allow users to install all of the Office apps if they're unnecessary to the organization? Why allow them to tweak Office settings that can introduce risks?

Developers will also be able to create extensions that run in conjunction with Office 2016 apps. This sounds great for productivity, but how quickly will criminals use this as yet another malware platform?

Microsoft's take on Office 2016 security

Microsoft claims Office 2016 is the most secure Office ever. Likewise, Windows XP and Windows NT were the most secure operating systems that Microsoft had ever released at the time. We've seen how those turned out.

I wouldn't recommend jumping on the Office 2016 bandwagon just yet. Study it first. Seek out the business value. If it makes sense, integrate these Office 2016 security features in your environment based on your business needs. You might find that you already have such controls at your disposal or may be better served going with third-party products. It's not the security features, but rather their implementation that counts in the long run.

Next Steps

Microsoft Office 2016 tools promote collaboration

After major Skype outage, is Office 2016 dependable for business?

Dig Deeper on Exchange Server setup and troubleshooting