Online On Premises

Hybrid

Cloud on your terms

Messaging Voice

& Video

Content

Management

Enterprise

Social

Data

& Analytics

Best experience across devices

Integrated best-of-breed solutions

Tom Daemen - Assistant General Counsel

Latest productivity services in Microsoft’s public cloud + the latest apps

Many of the world’s largest and most recognizable

global brands run on Microsoft’s cloud productivity

services.

41 of the

Interbrand Top 100

Each year customers of Microsoft’s cloud

productivity services…

Fly 222 million passengers

Build

6 million automobiles in the United States alone

Serve 27 billion meals

Sell

16 billion cans of soda

Make billion cups of coffee 4

True

New

More

→

→ https://twitter.com/Office365

→

www.microsoft.com/garage

→ http://www.linkedin.com/groups/Microsoft-Office-365-3724282

→

Security Model Stephen Costigan – New York Metro Corporate Accounts Manager

MCTS – SharePoint / Windows / Server / MDOP

Office 365 Built-in Security

Office 365 Customer Controls

Office 365 Independent Verification

and Compliance

Office 365 Security

13

24 Hour

Monitored

Physical

Hardware

Isolated

Customer Data

Secure

Network Encrypted Data

Automated

operations

Microsoft

security best

practices

24 hour monitored physical hardware

14

Seismic bracing

24x7 onsite security staff

Days of backup power

Tens of thousands of servers

Perimeter security

Extensive monitoring

Multi-factor authentication

Fire suppression

Secure network

15

Internal Network External Network

Network

Separated

Data

Encrypted

Networks within the Office 365 data centers are segmented.

Physical separation of critical, back-end servers & storage devices from public-facing interfaces.

Edge router security allows ability to detect intrusions and signs of vulnerability.

Prevent Breach

Port scanning and remediation

Perimeter vulnerability scanning

OS Patching

Network level DDOS detection and prevention

MFA for service access

Auditing of all operator access and actions

Automated tooling for routine activities

• Deployment, Debugging, Diagnostic collection, Restarting services

Passwords encrypted in password store

Isolation between mail environment and production access environment for all employees

Zero standing permissions in the service

• Just in time elevations

• Automatic rejection of non-background check employees to high privilege access

• Scrutinized manual approval for background checked employees

Automatic account deletion

• When employee leaves

• When employee moves groups

• Lack of use

16

Advanced Encryption Encryption of data at rest using

Rights Management Services • Flexibility to select items customers want to encrypt.

• Can also enable encryption of emails sent outside

the organization.

• Integrated offsite Encryption at Rest Appliances (partner

owned)

• Azure Rights Management Connector for Self-Hosted RMS

Integration

Office 365 ProPlus supports Cryptographic Agility • Integrates Cryptographic Next Generation (CNG) interfaces

for Windows.

• Administrators can specify cryptographic algorithms

for encrypting and signing documents

Security Risk

Rogue Admin

Risk Mitigation Technology

RMS, BitLocker, LockBox, Physical Facility monitoring

Data Loss Prevention (DLP)

RMS; Exchange 2013 DLP Policies

Stolen/Lost Laptop BitLocker

BitLocker Stolen/Lost Mobile Device

17

Data protection at rest

Data protection at rest

Data protection at rest

Data Protection in motion Data Protection in motion

Information can

be protected

with RMS at rest

or in motion

Data protection at rest

Functionality RMS in

Office 365 S/MIME

ACLs

(Access Control

Lists)

BitLocker

Cloud

Encryption

Gateways (CEGs)

Data is encrypted in the cloud

Encryption persists with content

Protection tied to user identity

Protection tied to Policy (edit, print, do not forward, expire after 30 days)

Secure collaboration with teams and individuals

Native integration with my services (Content Indexing, eDiscovery, BI, Virus/Malware scanning)

Lost or stolen hard disk

RMS can be applied to Emails

Apply RMS to content

RMS can be applied to SharePoint libraries

Files are protected if they are viewed using Webapps or downloaded to a local machine

RMS can be applied to SharePoint libraries

Files are protected if they are downloaded to a local machine and opened using rich clients

RMS can be applied to any Office documents

User Access

Integrated with Active Directory, Azure Active Directory and Active Directory Federation Services

Enables additional authentication mechanisms: • Two-Factor Authentication – including phone-based 2FA

• Client-Based Access Control based on devices/locations

• Role-Based Access Control

21

Prevents Sensitive Data From Leaving Organization

Provides an Alert when data such as Social Security & Credit Card Number is emailed.

Alerts can be customized by Admin to catch Intellectual Property from being emailed out.

Compliance: Data Loss Prevention (DLP)

Empower users to manage their compliance • Contextual policy education

• Doesn’t disrupt user workflow

• Works even when disconnected

• Configurable and customizable

• Admin customizable text and actions

• Built-in templates based on common regulations

• Import DLP policy templates from security partners or

build your own

22

Compliance: Email archiving and retention

Preserve Search

Secondary mailbox with

separate quota

Managed through EAC

or PowerShell

Available on-premises,

online, or through EOA

Automated and time-

based criteria

Set policies at item or

folder level

Expiration date shown

in email message

Capture deleted and

edited email messages

Time-Based In-Place

Hold

Granular Query-Based

In-Place Hold

Optional notification

Web-based eDiscovery Center

and multi-mailbox search

Search primary, In-Place

Archive, and recoverable items

Delegate through roles-based

administration

De-duplication after discovery

Auditing to ensure controls

are met

In-Place Archive Governance Hold eDiscovery

23

Anti Spam/ Anti Virus

Comprehensive protection • Multi-engine antimalware protects against 100% of known viruses

• Continuously updated anti-spam protection captures 98%+ of all inbound spam

• Advanced fingerprinting technologies that identify and stop new spam and

phishing vectors in real time

Easy to use

• Preconfigured for ease of use

• Integrated administration console

Granular control

• Mark all bulk messages as spam

• Block unwanted email based on language or geographic origin

24

Certification Status

CERT MARKET REGION

Resources Office 365 Trust Center (http://trust.office365.com) • Office 365 Privacy Whitepaper (New!)

• Office 365 Security Whitepaper and Service Description

• Office 365 Standard Responses to Request for Information

• Office 365 Information Security Management Framework

26

Business Process | Improving Efficiency in LCA

Joanna Elazrak, Business Solutions Manager

Lean Six Sigma Black Belt

Partner with the Legal &

Corporate Affairs (LCA)

groups to produce better

performance through the

delivery of process

improvement leveraging

Microsoft’s latest technology

and

development of standard

policies and procedures.

Mission

To become BEST in class

Legal Department

Tools and Technology Existing Processes

Utilize Lean Six Sigma Methodology to drive business value

• Understand current state processes and end to end impacts and dependencies

• Collect data to enable data driven decisions (Voice of customer, Compliance, volume, cycle times, etc.)

• Perform root cause analysis to understand what is causing and driving the pain points

• Remove non-value added activities

• Improve process

• Apply technology as needed

• Monitor and control the process

Define

Measure

Analyze Improve

Control

Improve Eliminate Automate

Microsoft’s latest

technology

End user friendly

“easy”

Reusable solutions

Business Problem: LCA Global Migration team is responsible for processing Business Travel Letters for all Microsoft employees and vendors. The current process is very cumbersome and manual. Over 400 templates are utilized to manually create the letters.

Solution: Leveraging O365 and Azure, design a tool to assist in intake triage, letter generation and reporting capabilities, enabling scalable processing of growing volumes.

Initial Process

Redesigned Process

Traveler Fills out form

Letter is auto generated

Approval neededLetter is forwarded

to traveler

Attorney approves

NO

Yes

Demo

Business Travel Letter Tool

Business Problem: LCA WSG Field is randomized by peer and HQ communications being delivered across different channels. Users receive information that isn’t relevant to them and it is often difficult to distinguish the signal from the noise.

Solution: Provide a WSG Field portal that acts as a hub for information – both peer produced and HQ managed. With personalization capabilities, a user can quickly see the information that is relevant to them.

Business Value:

• Centralized location for all team communications

• Centralized activity calendar

• Visibility to roadmap (one place, one view)

• Ability to personalize what content is most important

• Ability to rate content

Demo

WSG Sales Connect Tool

Azure Case Study Adam Licht, Director of Product Management, Pro Bono Net

AS IS STATE: Hardware Replacement and Service Costs One Time Cost Monthly Cost Annual Cost

Hardware Lease 1 Database Server: HP ProLiant DL980 G7 Server $877 $10,524

Hardware Lease 2 Web Servers: HP ProLiant DL560 Gen8 Server $342 $4,104

Service Lease Rackspace and Pipe $900 $10,800

Upgrades Windows OS, SQL, SharePoint $30,000 $2,500

Service System Administration $192 $2,304

Maintenance Windows OS, SQL, SharePoint $500 $6,000

Total $30,000 $5,311 $63,732

FUTURE STATE: Infrastructure As Service Costs

Service Azure $917 $11,000

Service System Administration $192 $2,304

Upgrades Windows OS, SQL, SharePoint $30,000 $2,500

Mirgation Cost Product Management $10,000

Mirgation Cost Engineer $30,000

Mirgation Cost QA $2,032

Total $72,032 $3,609 $13,304

Savings Per Year (AS IS VERSUS FUTURE STATE) $50,428

Payback Period In Years 1.4

Post Payback Period Savings 79.13%

Return on Invesrment Over 1 YR -30%

Return on Invesrment Over 2 YR 40%

Return on Invesrment Over 3 YR 110%

Return on Invesrment Over 1 4YR 180%

ROI = Gain from Investment - Cost of Investment Divided by Cost of Investment