3. J-Solutions.be
Located in Belgium
Provides IT Business Consultancy - Evangelism
SharePoint 2010/2013 and Online
Cloud Services – Office 365, Windows Intune & Azure
IT as a service – MOF and ITIL v3
@jseghers – http://www.j-solutions.be/blog
8. Compliance is either a state of being in
accordance with established
guidelines, specifications, or legislation
or the process of becoming so
9. BRINGING TOGETHER CLOUD VERSIONS OF OUR MOST TRUSTED COMMUNICATIONS
AND COLLABORATION PRODUCTS WITH THE LATEST VERSION OF OUR DESKTOP SUITE
FOR BUSINESSES OF ALL SIZES.
12. Microsoft Datacenters .
Physical Security
Secure physical access for authorized personnel only
State of the Art datacenters
Hosted Applications Security
Anti SPAM
Encryption Mail
Security Development Lifecycle
Potential threats while running a service
Exposed aspects of the service that are open to attack
@jseghers – http://www.j-solutions.be/blog
13. Microsoft Datacenters ..
Secured Office 365 Services Infrastructure
Server Monitoring via System Center
Secure Remote Access via RDS
Intrusion Detection
Network-level Security Measures
Customer Access via SSL
Uptime 99,9 %
Identity & Access Management
Access control follows the separation of duties principle and
granting least privilege.
@jseghers – http://www.j-solutions.be/blog
14. Where is our data stored: Example: EMEA
A primary data center is where the application software
and the customer data running on the application
software are hosted.
A backup data center is used for failover purposes
Data center Dublin: Primary for F.O.P.E.
Data center The Netherlands: SharePoint Online
Dublin + The Netherlands: interchangeably Exchange
Online + Lync Online
@jseghers – http://www.j-solutions.be/blog
15. What is stored in the US: EMEA
Customer Information
Microsoft Online Portal
Routing Lync Online Communications
Office 365 Authentication
Additionally, Microsoft abides by the Safe Harbor
Framework for transfer of data between the European
Union and the United States.
@jseghers – http://www.j-solutions.be/blog
16. Privacy .
Microsoft Online Usage Data Account and Customer Data Core
Services Customer Address Book (excluding Core Customer Data
Data Data Customer Data)
Operating and Yes Yes Yes Yes
Troubleshooting the
Service
Security, Spam and Yes Yes Yes Yes
Malware Prevention
Improving the Yes Yes Yes No
Purchased Service,
Analytics
Personalization, No Yes No No
User Profile
Promotions
Communications No Yes No No
(Tips, Advice,
Surveys,
Promotions) – http://www.j-solutions.be/blog
@jseghers
17. Privacy ..
Microsoft Online Usage Data Account and Customer Data Core
Services Customer Address Book (excluding Core Customer Data
Data Data Customer Data)
Voluntary No No No No
Disclosure to Law
Enforcement
Advertising No No No No
@jseghers – http://www.j-solutions.be/blog
18. Encryption
HTTPS Communication with portal.microsoftonline.com
HTTPS Communication between clients and Exchange
Online for all protocols
PGP: Transportation and storage of Exchange Online
Messages
Lync Online: Instant Messaging, IM Federation
SharePoint Online: HTTPS Connection (only for
Enterprise & Academic)
@jseghers – http://www.j-solutions.be/blog
19. Identity Protection
Identity stored in Microsoft Online
Identity federation via SSO
Granular Licenses
Different Administrator Roles
@jseghers – http://www.j-solutions.be/blog
20. Identity options comparison
1. MS Online IDs 2. Federated IDs + Dir Sync
• Authentication is done by Microsoft • Authentication is done by Corporate Infrastructure
• Larger enterprise organizations with AD on-premise
Pros
• Bound to the SLA of 99,9% of MSFT. Pros
• Users and groups mastered on-premise • SSO with corporate cred
• Users and groups mastered on-premise
Cons • Password policy controlled on-premise
• 2 sets of credentials that need to be • Enables co-existence scenarios
maintained
• Different Password policies Cons
• High availability server deployments required
21. Password Policy
Password Restriction: 8 characters minimum and 16
characters maximum
Values allowed:
A-Z
a-z
0-9
!@#$%^&*-_+=[]{}|:‘,.?/`~“<>();
No UNICODE
Cannot contain the username alias (part before @ symbol)
Password expiry duration:
This is set to 90 days and is not configurable
@jseghers – http://www.j-solutions.be/blog
22. Password Policy
Password expiry:
Can be enabled/disable via powershell at user level
Password strength
Strong passwords require 3 out of 4 of the following:
Lowercase characters
Uppercase characters
Numbers (0-9)
Symbols (see password restrictions above)
Password history
Last password cannot be used again
@jseghers – http://www.j-solutions.be/blog
23. Password Policy
Account Lockout
After 10 unsuccessful logon attempts (wrong password), the user will
need to solve a CAPTCHA dialog as part of logon.
@jseghers – http://www.j-solutions.be/blog
25. MS Online Certification and Compliance Finder
Certified for ISO 27001
EU Safe Harbor
HIPAA-Business Associate Agreement
Data Processing Agreement
FISMA
@jseghers – http://www.j-solutions.be/blog
28. Exchange Online ..
Journaling
F.O.P.E in Current Version, Built-In in EXO Wave 15
Auditing
Retention Hold
Litigation Hold
Mobile Device
@jseghers – http://www.j-solutions.be/blog
31. Lync Online
Privacy Settings
External Communications
User Defined Settings
Sending files via IM
Make audio and video calls
Record Call and conferences
Federation with Lync users in other organizations
Federation with Users of public IM service providers
Dial-in Conferencing
@jseghers – http://www.j-solutions.be/blog
34. SharePoint Online .
Information Management Policy – Records
Use Of Term Store & Required Fields – Content Types
Drop Off Library
Audit
Blocked File Types
Security
Versioning
Recycle Bin
Backup: 14 days
@jseghers – http://www.j-solutions.be/blog
36. Sources Of Information
Office 365 Trust Center : http://www.microsoft.com/en-
us/office365/trust-center.aspx
Service Description
Office 365 Password Policy
Security White Paper
Data Boundaries
@jseghers – http://www.j-solutions.be/blog