How to secure your data in Office 365MAARTEN EEKELS

CTO PORTIVA – MICROSOFT MVP

SPONSORS

About me

20 yrs in IT, 12 yrs in SharePointCTO Portiva / P-TSP MicrosoftDIWUG board memberSpeaker, blogger

Contact

meekels@portiva.nlwww.eekels.net

Agenda• Data encryption• Message encryption• Rights management• Data loss prevention• Mobile device management• … and more

DATA ENCRYPTION

Data encryption• Data at rest

• BitLocker drive encryption• Per-file encryption (for SharePoint Online and OneDrive for

Business)• Files are spread across multiple Azure Storage containers• Map with file locations is also encrypted• Encryptions keys are physically located somewhere else

• Data in transit• TLS across all workloads• TLS 1.2 support• SSL 3.0 support withdrawn

MESSAGE ENCRYPTION

Message encryption• Encrypted message

never leaves server

• Recipient receives message with link and is required to login to read and reply to the message

Configuration of message encryption1. Activate Rights Management in Azure/Office 3652. Configure RMS Online key sharing location in Exchange Online

Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc"3. Import the Trusted Publishing Domain (TPD) from RMS Online

Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"4. Enable IRM in Exchange Online

Set-IRMConfiguration -InternalLicensingEnabled $true

https://technet.microsoft.com/library/dn151475(v=exchg.150).aspx

MESSAGE ENCRYPTION DEMO

RIGHTS MANAGEMENT

Rights management• Protect your company’s sensitive information based on

encryption, identity, and authorization policies• Documents can only be used by the intended recipients

for the intended purpose• Document tracking: https://portal.azurerms.com

Configuration of rights management1. Active Rights Management in your Office 365 tenant

Optional:2. Configure Rights Management templates3. Enable Information Rights Management in SharePoint

Online4. Download and install Rights Management sharing

application http://go.microsoft.com/fwlink/?LinkId=303970

RIGHTS MANAGEMENT DEMO

DATA LOSS PREVENTION

Data loss prevention• Identify and protect content of

personal or confidential nature• Based on policies / Use policy tips

to notify users about policy matches• Available both in Exchange Online

and SharePoint Online• Supports fingerprinting

DATA LOSS PREVENTION DEMO

MOBILE DEVICE MANAGEMENT

Mobile device management• Protect data on end

user devices• Conditional access• Device management• Selective wipe

Configuration of mobile device management1. Enable the service2. Install Apple Push Notification Certificate

MOBILE DEVICE MANAGEMENT DEMO

And there is more…• Password policies• Multi-Factor authentication• Exchange Online Advanced Threat Protection• Protection against unknown malware and viruses• Real time, time-of-click protection against malicious URLs• Rich reporting and URL trace capabilities

thank youquestions?

live ratingsWWW.EEKELS.NET@MAARTENEEKEL

S

spca.biz/LDPP