This slide deck provides an overview on the options administrators have to secure the applications that are part of Office 365. This slide deck also include recommendations and best-practices.
1. Office365 App Security
Overview on options to secure Office365 applications
Presented By: Oliver Wirkus (MVP)
September, 7th 2017
2. About me
• Sr. Consultant with 2toLead
• Microsoft Office Servers and Services MVP
• Published Author and Speaker
• Member of the Board of Vancouver Office365 user group
Email: oliver@2tolead.com
Twitter: @OWirkus
LinkedIn: https://www.linkedin.com/in/owirkus/
Oliver Wirkus
3. What are common threads that
organizations face?
How to secure the Office 365 applications?
Summary and Best Practices
12. Configure external sharing according to corporate policies
SharePoint online
Configure external sharing
in the Office365 Admin
Center.}
} Limit external sharing to
selected security groups
13. Configure blocked and allowed domains as an additional layer
of security
SharePoint Online
Configure domains users are
allowed to share with.}
14. Create DLP rules according to corporate policies and keep in
mind that DLP rules are not in effect immediately
SharePoint online
Data Loss Prevention
Configure external sharing
in the Office365 Security
and Compliance Center.
Rules might take a long time
to become active!
16. Configure external sharing according to corporate policies
OneDrive for Business
Configure sharing with
external users}
Configure defaults for
sharing links}
17. Configure blocked and allowed domains as an additional layer
of security
OneDrive for Business
Limit external sharing by
domain. Domains can be
blocked or allowed}
18. Create DLP rules according to corporate policies and keep in
mind that DLP rules are not in effect immediately
OneDrive for Business
OneDrive for Business is
using the same DLP rules as
SharePoint Online
19. Limit sync’ing to PCs joined to a corporate domain
OneDrive for Business
List domains that devices
need to join to be included
into synchronization}
21. Only allow connectors which are safe to handle corporate data.
Content transferred by connectors is not checked!
PowerApps / Flow
Data Loss Prevention is handled
by allowing specific connectors
to be used with Business Data}
Redmond Magazine: How to Secure
SharePoint Online Workflows with
Microsoft Flow
23. Configure external access based on corporate policies
Skype for Business
Control how users can access
Skype for Business users in other
organizations}
Configure blocked and allowed
domains}
25. Configure who is allowed to share externally and who is allowed
to publish to the web
Power BI
Control how users can share
dashboards with external users}
Control who can share
dashboards with external users}
Control who is allowed to
publish reports to the web}
26. Control who is allowed to export data or to print dashboards
and reports
Power BI
27. Configure carefully who is allowed to use integrations services,
audits and usage metrics
Power BI
Control who is allowed to use
integration services
}
Control who is allowed to create
audits and usage metrics
}
29. Configure privacy settings according to governance policies
Office Groups
Office Groups can be either
‘Public’ or ‘Private’} Configure if the group can
receive external email}
31. Add only trusted network domains to Yammer
Yammer
Access list of allowed domains
}
Add domains as ‘allowed’
domains}
32. Configure who is allowed to create External Networks
Yammer
Configure who is allowed to
create ‘External Networks’}
Configure additional options for
‘External Networks’}
33. Configure IP ranges for Office network or VPN access
Yammer
Define a range of allowed IP
addresses}
Define how logins from outside
are handled}
35. Configure options for external sharing and what viewers are
allowed to do with a Sway they receive.
Sway
Select with whom the Sway
should be shared}
Configure additional options
regarding what Viewers are
allowed to do}
37. Assign roles and permissions according to tasks. Don’t assign all
roles to just a few admins.
Office 365
Assign roles and permissions to
employees who need to perform
specific tasks}
38. Create alerts based on various
predefined activities
}
Set alerts and know what is happing to your data.
Office 365
39. Only use Supervision with permission of your corporation
Office 365
Configure who’s communication
should be supervised, how often
it should supervised and define
supervisors
}
40. Fine-tune the communication that should be supervised
Office 365
“The conditions you choose will apply to communications from both
email and 3rd-party sources in your organization (like from Facebook
or DropBox).”
https://support.office.com/en-us/article/Configure-supervision-policies-for-your-organization-d14ae7c3-fcb0-4a03-967b-cbed861bb086
42. Best practice
guidance Security restricts employees in their day-to-day business!
Too much security restrictions might constrict users in a
disproportionate manner.
On the other hand, too less security will definitely have a negative
impact on the business and jeopardize the enterprise.
My personal best practices:
Develop governance rules and security guidelines with business
owners and external experts.
Apply the necessary amount of security rules based on these
governance rules.
Log each applied security setting thoroughly and utilize the “Four-
eye principle”.
Review governance rules and security settings at least twice per year.
Be transparent and train users