Identity— Help protect against identity compromise and identify potential breaches before they cause damage
Devices—Enhance device security while enabling mobile work and BYOD
Apps and Data—Boost productivity with cloud access while keeping information protected
Infrastructure—Take a new approach to security across your hybrid environment
3. Customer challenges
4 billion records exposed in the last year
140+ days between infiltration and detection
52% of large organizations reported a date breach in the last 12
months
45% of organizations lack data governance which leaves them
open to litigation and data security risks
Ever-evolving industry standards across geographies
7. User log-ins
Unauthorized data access
Data encryption
Malware
System updates
Enterprise security
Attacks
Phishing Denial of service
User accounts
Device log-ins
Multi-factor authentication
12. Enterprise reliability via 100+ data centers
and Microsoft’s global network edge
Compliance leadership with standards including
ISO 27001, FISMA, and EU Model Clauses
No standing access to data, transparent
operational model, and financial-backed 99.9% SLA
Secure by design, operationalized at the physical,
logical, and data layers
Global, hyper-scale, enterprise-grade infrastructure
13. Over 1000 controls in the Office 365 compliance
framework enable us to stay up to date with the
ever-evolving industry standards across
geographies.
Trust Microsoft’s verified services. Microsoft is
regularly audited, submits self-assessments to
independent 3rd party auditors, and holds key
certifications.
Key certifications
United States
CJIS
CSA CCM
DISA
FDA CFR Title 21 Part 11
FEDRAMP
FERPA
FIPS 140-2
FISMA
HIPPA/HITECH
HITRUST
IRS 1075
ISO/IEC 27001, 27018
MARS-E
NIST 800-171
Section 508 VPATs
SOC 1, 2
Argentina
Argentina PDPA
CSA CCM
IRAP (CCSL)
ISO/IEC 27001, 27018
SOC 1, 2
Spain
CSA CCM
ENISA IAF
EU Model Clauses
EU-U.S. Privacy Shield
ISO/IEC 27001, 27018
SOC 1, 2
Spain ENS
LOPD
United Kingdom
CSA CCM
ENISA IAF
EU Model Clauses
ISO/IEC 27001, 27018
NIST 800-171
SOC 1, 2, 3
UK G-Cloud
Japan
CSA CCM
CS Mark (Gold)
FISC
ISO/IEC 27001, 27018
Japan My Number Act
SOC 1, 2
Singapore
CSA CCM
ISO/IEC 27001, 27018
MTCS
SOC 1, 2
New Zealand
CSA CCM
ISO/IEC 27001, 27018
NZCC Framework
SOC 1, 2
Australia
CSA CCM
IRAP (CCSL)
ISO/IEC 27001, 27018
SOC 1, 2
European Union
CSA CCM
ENISA IAF
EU Model Clauses
EU-U.S. Privacy Shield
ISO/IEC 27001, 27018
SOC 1, 2,
China
China GB 18030
China MLPS
China TRUCS
14. Transparency
Know where your data is stored.
Understand who has access your data and under what circumstances.
Monitor the state of your service, get historic view of uptime.
Integrate security events’ feeds into your company security dashboard.
Gain insight with access to service dashboards & operational reporting.
15. Privacy
Customer is the owner of their data.
We do not mine customer data for advertising purposes.
Privacy controls enable you to configure your company privacy policies.
Microsoft advocates for data privacy on behalf of customers.
Microsoft safeguards customer data with strong contractual commitments.
16. Operational security
Physical security with 24-hour monitoring and multi-factor authentication
Admin background checks
Zero-standing access to data
Data encryption at-rest and in-transit
Red team / Blue team penetration testing and incident response practice
Product development using Security Development Lifecycle
Bug bounty program to identify vulnerabilities
17. Safeguarding your data
Identify, label, classify, set policies to help protect information.
Encrypt your data and restrict access using Azure Information Protection.
Safeguard information with Data Loss Prevention.
Get visibility into and improve your security position with Secure Score
Restrict unauthorized data sharing across apps with MAM.
Prevent data leaks with support for Windows Information Protection.
Manage data on devices through built-in MDM.
Securely communicate with customers using Message Encryption.
18. Detect and protect against external threats
Block 100% of known malware and 99% of spam with Exchange Online
Protection.
Provide zero-day protection against unknown malware in attachments and
links with Advanced Threat Protection.
Providing actionable insights to global attack trends with Threat
Intelligence.
Get alerts of suspicious behavior using Advanced Security Management.
Secure user accounts with Conditional Access and multi-factor
authentication.
19. Compliance
Meet compliance obligations for data access with Customer Lockbox.
Monitor and investigate events related to your data with full audit tracking.
Reduced cost and risk with in-place intelligent Advanced eDiscovery.
Efficiently perform risk assessment with Service Assurance.
Manage data retention with Advanced Data Governance.
20. Next steps and resources
Security Blogs on Office Blogs
Compliance Blogs on Office Blogs
Take a guided tour of Office 365
FastTrack for Office 365
Office 365 E5 Trial
Office 365 Trust Center
Microsoft Trust Center
Microsoft Secure
Office 365 Roadmap
24. Time-of-click protection against malicious URLs
URL reputation checks along with detonation of
attachments at destination URLs.
Zero-day protection against malicious attachments
Attachments with unknown virus signatures are
assessed using behavioral analysis.
Critical insights into external threats
Rich reporting and tracking features provide critical
insights into the targets and categories of attacks.
Integrated across apps & services
Protection across Exchange Online, SharePoint
Online, OneDrive for Business, and Office apps.
Intelligence sharing with devices
Integration with Windows Advanced Threat
Protection to correlate data across users and devices.
Advanced Threat Protection
25. Advanced Security Management
Threat detection
Identify high-risk and abnormal usage, security
incidents, and threats.
Enhanced control
Shape your Office 365 environment with granular
security controls and policies.
Discovery and insights
Gain enhanced visibility and context into your
Office 365 usage and shadow IT.
26. Customer Lockbox
Meet Compliance Needs
Customer Lockbox can help customers meet
compliance obligations by demonstrating that they
have procedures in place for explicit data access
authorization.
Extended access Control
Use Customer Lockbox to control access to
customer content for service operations.
Visibility into actions
Actions taken by Microsoft engineers in response
to Customer Lockbox requests are logged and
accessible via the Management Activity API and
the Security and Compliance Center.
27. Advanced eDiscovery
Identify relevant documents
Predictive coding enables you to train the system
to automatically distinguish between likely relevant
and non-relevant documents.
Identify data relationships
Use clustering technology to look at documents in
context and identify relationships between them.
Organize and reduce the data prior to review
Use near duplicate detection to organize the data
and reconstruct email threads from unstructured
data to reduce what’s sent to review.
28. Threat Intelligence
Broad visibility into attack trends
Billions of data points from Office, Windows, and
Azure
Integrated data from external cyber threat hunters
Proactive security policy management
Intuitive dashboards with drill-down capabilities
30. Secure Score
Insights into your security position
One place to understand your security position and what
features you have enabled.
Guidance to increase your security level
Learn what security features are available to reduce risk
while helping you balance productivity and security.
31. Time-of-click protection against malicious URLs
Zero-day protection against malicious attachments
Critical insights into external threats
Integrated across apps & services
Intelligence sharing across Windows devices
Advanced Threat Protection
33. Global Data Protection Regulation (GDPR)
We have many customer controls already available within Office that will help you stay GDPR
compliant including controlling access and protecting personal data features.
GDPR is a global regulation that you will have to abide by starting May 2018
Customer outreach Engineering Government affairs
Microsoft is doing 3 different things to prepare for GDPR
What it is and how Microsoft is preparing for GDPR
34. How Microsoft responds to requests for data
• We do not offer direct access to
customer data.
• We redirect law enforcement and other
third-party requests to the customer.
• We do not give access to platform
encryption keys.
• We protect intellectual property.
Our data privacy standards
When governments or law enforcement make a lawful request for customer data from Microsoft, we are committed to the transparency
and limit what we disclose. Because Microsoft believes that customers should control their own data, we will not disclose customer data
housed in the Microsoft Cloud to a government or law enforcement except as you direct or where required by law.
Microsoft provides a number of disclosures to help stakeholders evaluate
how we are meeting our commitments to corporate social responsibility.
Microsoft Transparency Hub