Office 365 Best Practices That You Are Not Thinking About
•Download as PPTX, PDF•
1 like•1,874 views
This document discusses best practices for managing security and compliance in Office 365. It covers what security and compliance means for Office 365, considerations for different data types like locations and archives, and 5 best practices. The best practices include working with legal to understand applicable regulations, implementing modern security technologies like MFA and AIP, educating users, categorizing data, and being mindful of PST files during migration. The document also lists tools from Microsoft and third parties that can help with security, compliance, eDiscovery and migration.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Office 365 Best Practices That You Are Not Thinking About
Similar to Office 365 Best Practices That You Are Not Thinking About (20)
More from Quest
More from Quest (20)
Recently uploaded
Recently uploaded (20)
Office 365 Best Practices That You Are Not Thinking About
- 1. • Managing Security and Compliance Office 365 Best PracticesThatYou Are NotThinking About
- 2. Mike Crowley • 16 years IT leadership experience • 7-time Microsoft MVP award recipient • Principal Consultant, Baseline Technologies
- 3. Agenda What does “Security and Compliance” Mean for Office 365? Considerations for Different Data Types 5 Best Practices Tools
- 4. “Security and Compliance” Mean for Office 365? Concepts • Terms: Data at Rest/InTransit, PII,Chain of Custody • Search, eDiscovery, Indexing • Defense in Depth, C.I.A. Tools • Security and Compliance Portal • Retention Policies • Archive Systems / Files • eDiscovery and Migration Software Challenges • Cost • Technical Limitations • Geopolitical Boundaries • Negligence • Malice
- 5. Considerations for Different Data Types On-Premises vs Office 365 vs Elsewhere Structured vs Unstructured Categorized vs un- Categorized In/Out of Scope of Regulation
- 6. Considerations for Different Data Types: Locations User Mailboxes & Online Archives Shared / Resource Mailboxes PST Files SharePointTeam Sites OneDrive File Servers Elsewhere (e.g. Azure)
- 7. Considerations for Different Data Types: Archives Archive = old data. Or is it? Quotas Corporate policies Regulatory requirements Why Archives Exist Personal / Individual Archives •PST, NSF, etc. Dedicated Software •“Stubs”, plugins, etc. •Enterprise Vault, ProofPoint, Barracuda, ZANTAZ EAS, SourceOne, etc. Cloud Services •Similar to dedicated software Archive Concepts
- 8. 5 Best Practices •Microsoft “Trust Center” •Office 365 Mapping of Cloud Security Alliance Cloud Control Matrix Work with Legal and Executive management to understand what regulations apply to YOUR organization •Office 365 Roadmap •Microsoft Mechanics YouTube Channel •Office 365 Blog(s) – Subscribe! *Read* the E1/E3/E5/etc. Service Descriptions *before* you purchase and STAY up to date •MFA •Azure AD Premium & Office 365 E5 •Conditional Access •Azure Information Protection / Rights Management (protect the content, not the device) Implement *modern* security technologies •Office 365 Learning Center •“Brown-bag” Lunch & learns (or Pizza!) •Test your users (and admins!) •Online Assessments •Phishing Audit Educate Users •Classifications / Sensitive Information Types •Azure Information Protection Begin to categorize your data
- 9. Migration Do’s and Don’ts – PST Files • Plan to do immediately after email migration (if migrating) • Communicate completion to end-users • Be mindful of user quotas • PST group policies – PSTDisableGrow – DisablePST – DisableCrossAccountCopy – DisableCopyToFileSystem • Microsoft’s PST import service… • Use dedicated software if possible
- 10. Tools Microsoft Offerings • Security and Compliance Portal • DLP & Retention Policies • “Higher-end” SKUs • Azure AD Premium • Multi-FactorAuthentication • Azure RMS • P2: Identity Protection & PAM • Office 365 E5 (or a la carte) • AdvancedThreat Protection • Office 365 Advanced Security Management • Advanced-Threat-Analytics (ATA) • PST Import Service Potentially 3rd Party • eDiscovery • Monitoring • Migration
- 11. Additional Resources: Archives Office 365 Service Descriptions – Storage Limits: https://technet.microsoft.com/en-us/library/exchange-online- limits.aspx#StorageLimits Office 365’s PST Import Service https://blogs.office.com/2015/05/07/making-email-archive-migration-easier- with-the-office-365-import-service/ PST Group Policy settings https://mikecrowley.us/2012/01/30/dealing-with-pst-files/ PST Migration with Enterprise Vault - Part 3: Planning Tech Tips & Best Practice http://www.veritas.com/community/sites/default/files/PST%20Migration%20with%20EV%208%200 %20-%20Part%203%20-%20Planning%20Tech%20Tips%20and%20Best%20Practice.pdf
- 12. Office 365 Best Practices That You Are Not Thinking About: Managing Security and Compliance April 4, 2017
- 13. Confidential13 Global Product Manager, Quest Software Exchange & Active Directory Migration Expert with more than 15 years experience Ron.Robbins@quest.com Speaker: Ron Robbins
- 14. Confidential14 Quest Software Migration Methodology • 59M mailboxes migrated is DOUBLE our competition • 72M AD accounts migrated • 24x7, award-winning global support Validation Customer success • Cut migration time by 83% (4 yrs 8 mos) • 50% reduction in IT migration support staff • Consolidated 27 AD forests for 10k users in 8 months Prepare Assess, clean up, plan Migrate Reduce time, cost, risk Coexist Keep users working Manage Maximize ROI
- 15. Confidential15 Migration Manager for PSTS ZeroIMPACT PST migration
- 16. Confidential16 Key features and benefits Migrate PST files faster than other solutions with a next generation transfer technology into Office 365 and Exchange Search Workstations, Server, and removable media for PST files that need to be migrated. Determine PST file owner ship precisely using Outlook profile, NTFS permissions, content examination, and last used data. Migrate only the data you need to migrate and avoid migrating the same data twice shortening time to project completion. Ensure continued access to PST data while the file is being migrated. Avoid user downtime and costly business disruption. Fast migrations Comprehensive Search Intelligent Ownership Smart Filtering and De-duplication ZeroIMPACT Migration
- 17. Confidential17 Migration Manager for Email Archives Quest Archive Manager
- 18. Confidential18 Key features and benefits Migrate email archives to Office 365 and Exchange up to 5X faster than other solutions. Preserve chain-of-custody content with full audit trails and security logs to mitigate risk. Ensure ZeroIMPACT on end users by providing anytime access to archives. Move only what’s needed with intelligent filtering to slash migration time and costs. Easily manage the migration from a single console & automate repetitive tasks such as user mapping. Turbo-powered migrations Chain-of-custody compliance ZeroIMPACT transitions Intelligent filters Advanced automation
- 19. • On-prem and Hybrid AD Security Solutions IT Security Search & Recovery Manager FE • Investigate AD security Incidents • Continuously test AD business continuity plan • Recover from a security incident • Improve your RTO following a disaster • Secure access to AD DC data Enterprise Reporter • Report on elevated permission in AD • Visibility of open shares across servers • Understand which servers have vulnerable security settings Active Roles & GPOADmin • Enforce permission blacklisting / whitelisting in AD • Implement AD least-privilege access model • Prevent unauthorized access to sensitive resources • Auto-Remediate unauthorized activities Change Auditor for AD • Detect suspicious privileged AD activities • Alert on potential AD insider threats • Notify in real time of unauthorized intrusions against AD • Detect and alert on brute-force attacks
- 20. • Want to learn more… Download ebook: Top Five Reasons to Eliminate PST Files in Your Organization
- 21. Thank you! Watch the On-demand Webcast: http://ow.ly/pFFj30aXF9y
Editor's Notes
- Mike Crowley is a 7-time Microsoft MVP award recipient. Mike has more than 16 years of leadership experience with business technologies which have reached millions of end users and is the Principle Consultant at Baseline Technologies.
- PST Challenges: Discovery Accessibility File Locking Ownership Duplicate content Compliance Enterprise Software Challenges Dedicated software / service Multiple interfaces (user & admin) Higher training requirements (user & admin) Stubs cause high message counts “Lop-sided” disk performance Topology limitations
- Microsoft Mechanics: https://www.youtube.com/user/OfficeGarageSeries Azure Information Protection: https://blogs.technet.microsoft.com/enterprisemobility/2017/02/21/azure-information-protection-ready-set-protect/
- 3 mins Let’s start with our value proposition for ZeroIMPACT Migration. Migrations are labor intensive and fraught with risk. If not done correctly, they can be a real drain on time, resources and budget. But Dell ZeroIMPACT migration solutions help minimize the associated risk, cost, time and complexity. To say it another way, we ensure ZeroIMPACT! That means zero impact on: Users – enabling them to continue working Help desk – avoiding a flood of calls and tickets IT – helping them get this project done quickly and easily Above all, zeroimpact on the bottom line – ensuring that the overall business is without disruption We have a vast portfolio of migration products that address many of the scenarios you see here in this diagram, including AD Migration, Exchange migration, SharePoint migration and Lotus Notes migration. But in our many years of experience helping customers, we know that successful migrations are more than just the tools moving stuff from A to B. We know that migration success must include proper planning, a coexistence strategy and a vision toward the future environment. So we've built a value proposition—our ZeroIMPACT methodology – around 4 key pillars that help customers be more successful and differentiate us in the market. Dell Software can help: Prepare for the transition – assess what they have, clean up what they don’t need and plan – this is where we first introduce attaching management tools like UCCS, Enterprise Reporter and Administrator for Office 365. Identify and address potential challenges Restructure AD to properly prepare for Azure AD & O365 Migrate with ZeroIMPACT on the entire organization. Dell can help customers Coexist to keep users on multiple messaging platforms working together seamlessly. Synchronizing free/busy and also the directories, but also rich application coexistence in the case of Lotus Notes migrations. Finally, Dell can help customers centrally MANAGE the environment to get the most out of their new platform from day 1. The same tools you used to help prepare can now be used to manage your environment to further reduce complexity and risk. Again, we’re including our management tools as part of our migration story. What further differentiates us is our unmatched experience (72 M AD users migrated, twice as many mailboxes migrated) but also our world-class services award-winning 24x7 support And customer evidence proving the value of our 4 pillar methodology I’ll share a recent anecdote. I spoke with two of Jerry Glannert’s ISRs who work in Round Rock about recent migration wins they’ve had where they added tools like Enterprise Reporter and UCCS. They told me they NEVER lead with the migration product. They lead with our entire suite and say “This is how we do migrations.” And I think it gives the reps more credibility when they are talking about our methodology based on years of experience, versus talking about product features and benefits. It elevates the reps to more of a consultative, trusted advisor. That’s the exact behavior that we will continue to work toward with sales enablement. Backup: AD Modernization 124% ROI in 23 months (Forrester Research TEI)[Daniel Gauntner] this is the report Michelle Fallon sent over Cut migration time by 83%, from 4 yrs to 8 mos[Daniel Gauntner] This is Johnson Matthey, but NOT FY16. Reduce local admin support by 98%[Daniel Gauntner] This is Johnson Matthey, but NOT FY16. Improve security and enable compliance ZeroIMPACT Migrations 50% reduction in IT migration support staff[Daniel Gauntner] Wiltshire Council, but NOT FY16 27% ROI over 4 years[Daniel Gauntner] Wiltshire Council, but NOT FY16 Consolidated 27 AD Forrest for 10,000 users in 8 months[Daniel Gauntner] Don’t know, Lacy Gruen might know though. Doubt it’s FY16 either L 72M AD, 59M EX and 100s TBs of SharePoint data migrated
- Typically, when I talk to customers like you, they tell me they are: Admin/Manager Frustrated with Migration process - The technical PST process, lack of filtering, and the time it takes to manually migrate PSTs with native tools. Concerned about Liability and compliance issues - because they are unable to enforce an email retention policy or complete eDiscovery requests Anxious about PST identification – IT has a very difficult time determining who is using a PST file and how, if at all it is being secured. Core Value Prop: Migration Manager is the ZeroIMPACT solution to automate the identification, migration and elimination of PSTs. Quickly and reliably migrate data to targets such as Exchange, Office 365, third-party archive solutions and hybrid configurations. Our unparalleled speed and advanced project management capabilities ensure you minimize risk and disruption to the business.. Unique Differentiators Speed – We are faster in ingesting into Office 365 and Exchange than any other solution on the market. Our unique ingestion protocols are optimized for speed. Project Management – Assign roles to various members fo the project team that can manage the project at their level. Provide the helpdesk with an interface to troubleshoot and resolve user issues. Complete Item tracking including what items were successful and what items failed. Complete discovery and collection including PST files attached to Outlook and identifying when they were last accessed and who they were accessed by.
- So lets review just some of the key features and benefits of this new release. Fast Migrations – When you do a migration, you don’t want it taking a long time and interfering with business and user productivity. We are faster in ingesting into Office 365 and Exchange than any other solution on the market. Our unique ingestion protocols are optimized for speed. Comprehensive, intelligent search — You can discover files on devices and locations that other solutions tend to exclude. Intelligent scanning helps you accurately determine ownership to reduce administrative effort when preparing for migration. Intelligent ownership detection — With our intelligent scanning you can determine PST ownership more accurately than similar tools via Outlook profile, NTFS permissions and file marking mechanism. Smart de-duplication and filtering — Filter old or irrelevant data and automatically remove duplicated emails. This saves storage space, prevents redundant data in the target and reduces license cost for archives. ZeroIMPACT on users — Ensure user access to PSTs while Outlook uploads the data to the closest server to ensure users don’t experience any disruption.
- Typically, when I talk to customers like you, they tell me they are: Admin Frustrated with Limited resources and experience — With limited budget to hire additional staff, Admins are often tasked with managing the migration in addition to a full plate of duties. Admins rarely have much (if any) migration experience, but must become experts quickly. Concerned about Project complexity — Archive migrations are incredibly complex, but unfortunately there are no native tools to help. Copy and paste is a time-consuming, manual process that increases the risk of data loss and lacks the auditing needed to preserve chain-of-custody. Anxious about Time and network bandwidth constraints — Archive mailboxes are enormous, often 10-20x larger than live mailboxes. Moving large volumes of data is a lengthy process that consumes significant infrastructure bandwidth, which can negatively affect the performance of other applications. IT Manager/Director Frustrated with Limited budget and resources — Migrations are expensive projects that require considerable expertise and resources. Concerned about Risk of business disruption — Data loss or interrupted access to archives during migration can disrupt user productivity and swamp the help desk with support calls. If something goes wrong, all fingers will point back to IT. Anxious about Legal and compliance risk — Archived email must remain discoverable and retrievable. Loss of regulated data can trigger investigations, lawsuits, fines and negative publicity. Also, migrating email archives without strict audit trails can compromise chain-of-custody. Core Value Prop: Migrate email archives to Exchange, Office 365 and other cloud systems up to 5x faster. Ensure ZeroIMPACT on end users by providing anytime access to archives. Preserve chain-of-custody with full audit trails and security logs to mitigate risk. Move only what’s needed with intelligent filtering to slash migration time and costs. Unique Differentiators Migrate email archive data to Office 365 up to 5x faster than other solutions that rely on Exchange Web Services (EWS). Migration Manager moves data in large batches (instead of single items) directly to the target archive mailbox, bypassing the initial client access server where EWS sits. This enables you to push more data through the Office 365 throttling limits. Run multiple migration consoles to further increase scalability and avoid network bottlenecks. Migrate email archives with superior fidelity, compared to traditional EWS methods that other tools use. Preserve all folder structures and keep metadata (authors, recipients, dates and other properties) fully intact during the migration. This makes Chain of Custody easier to validate. Automate user mapping to save time and reduce the risk of manual errors. Easily manage legacy archive data from former employees who have left the company. Orphaned Archives, (leavers without mailbox and/or AD account), can be easily identified and a different migration workflow can be applied to those archives. This results in a smooth and automated approach to migrate leaver data without additional licensing costs in Office 365. Quest provides a complete email migration solution with Migration Manager for Exchange, Migration Manager for PSTs and Migration Manager for Email Archives. Quest solutions have helped migrate 59+ million mailboxes to Exchange and Office 365; that’s nearly double any other migration vendor.
- Turbo-powered migrations — Most other email archive migration solutions on the market migrate data – meaning they extract data from the source and move it to the target – using something called Exchange Web Service (or EWS). We do it differently. Migration Manager includes an advanced, multi-threaded migration engine that enables you to move email archive data to Office 365 and Exchange up to five times faster than other solutions that use EWS. You can also install multiple migration consoles to further increase scalability and avoid network bottlenecks. Chain-of-custody compliance — Mitigate legal and regulatory risk by migrating email archives with air-tight security. You can automatically create and store a unique digital fingerprint of every migrated item. This enables you to capture full audit trails and security logs during every step of the migration, while validating that migrated data has not been corrupted or tampered with in any way. You’ll also ensure superior fidelity compared to traditional EWS methods, and preserve all folder structures and metadata (authors, recipients, dates and other properties) during the migration . This makes chain of custody easier to validate. ZeroIMPACT transitions — Eliminate downtime by providing end users with continuous access to their archives throughout the project, regardless of migration status. Migration Manager synchronizes user emails to the target environment in the background and then recognizes and syncs daily deltas, giving users access to both the new and original source data. This seamless approach will free your help desk from added stress and user support calls. Intelligent filters — Control what is and isn’t moved with granular filtering to reduce migration risk, time and cost. Select by date or retention category to comply with email retention policies. You can also filter by message type to eliminate unneeded items, such as Notes, Tasks and Drafts. Advanced automation — Simplify the migration and reduce the risk of manual error by automating core repetitive tasks, such as bulk user mapping, deleting legacy archives, and updating shortcuts in Outlook to the correct location of the new email archive. Get real-time status reports so you can keep users and management informed of migration progress and troubleshoot issues as they arise. Migrate multiple sources and targets with a single solution to meet a wide range of business requirements.
- Realize the implied benefits of Office 365 by taking control of security in your onpremises Active Directory. Dell Software’s unique end to end solution helps you assess, detect, mitigate, remediate and recover to stay more productive, more secure and more aligned to your business. Continuously Assess - Understand who has access to what – permissions, privileged groups, sensitive business groups, GPOs and data. Conduct a thorough assessment and know your security configuration baseline to easily identify your surface attack area, vulnerabilities and risk profile. Provides clear visibility and reporting to stay ‘in the know’ of your directory, windows computers and file shares. (Enterprise Reporter, GPOAdmin) Detect and Alert - Know when suspicious/anomalous activities occur. Real-time monitoring will quickly detect and alert you to potential insider attacks. Proactive measures allow you to take immediate action and reduce the risk of exposure caused by insider attacks or data breaches. (InTrust, Change Auditor) Remediate and Mitigate - Remediate unauthorized actions immediately across AD and your Windows environment. Respond to alerts quickly to minimize damage from unsanctioned changes. Automate security policy enforcement across AD to reduce human errors and mitigate the risk of recurrence. Improve operational efficiency and give IT Staff more time to focus on innovation. (ARS, InTrust, Change Auditor, GPOAdmin) Investigate and Recover - Reduce incident response time investigations across your Windows environment. Correlate security baseline information with fine grained auditing. Get a cradle to grave 360-degree contextual view of how a security incident materialized and reveal the most likely path(s) that led to a security breach. Automate your Active Directory BCP (Business Continuity Process) to minimize your RTO (Recovery Time Objective) in the event of a security incident that causes partial or total damage across your Active Directory infrastructure. - (RMAD/RMADFE/IT Search)
- 1 minutes (total: 32 min) Go over slide and wrap up