Announcing Office 365 customer security considerations preview

Body:

Office 365 provides customers with a continuous stream of innovative features that provide significant productivity improvements while keeping information highly secure. We are working on resources and tools to help you leverage Office 365 information security features and controls, so you can manage security in your Office 365 tenant. The Office 365 Service Trust Portal (STP), launched earlier this year, is an example of a feature that provides deep insights into how Office 365 services are operated and independently audited.

Now we are pleased to present the customer security considerations (CSC) workbook that can be used to facilitate a quick review and implementation of the security controls available in Office 365. The CSC workbook is designed to provide you with information on key security and compliance features to consider when adopting, deploying and managing Office 365.

The CSC workbook, which currently is implemented as a Microsoft Excel workbook, is in preview. Your feedback will allow us to improve the CSC workbook for your business needs, and we hope to receive your feedback. Over time, the number of pivots will increase and additional compliance scenarios will be incorporated.

The CSC workbook contains two security-based pivots on the same set of features and information. One pivot is the Office 365 Customer Control Considerations section. Information in this section is organized into five scenarios listing the features that can be used to manage information security risks:

Data Resiliency—Considerations for protecting and recovering information from potential data corruption.
Access Control—Things to consider around managing identity and access control using Office 365 and Azure features.
Data Leakage—Considerations around using encryption and controlling forwarding.
Security and Compliance Investigations—Considerations for conducting compliance searches and forensics investigations, as well as logging and hold actions in Office 365.
Incident Response and Recovery—Things to consider around security incident response and recovery.

In addition to these five scenarios, an all-up list of considerations is provided.

The second pivot is the Office 365 Risk Assessment Scenarios section. Information in this section is organized by risks/threats and how you will implement various controls to manage these risks:

Malicious Customer Administrator
Former Employee
Credential Theft
Malware
Trusted Device Compromised
Attacker Foothold
Microsoft Operator

We hope that the CSC workbook provides you with quick information on how to help secure your Office 365 service with features/configurations that you manage. Based on the usage of this tool and your valuable feedback, we hope to expand the scope of considerations as appropriate and make it even more user friendly in the future.

To get the CSC workbook, sign in to or onboard the Service Trust Portal (STP)—onboarding instructions to STP are here. For more information and feedback, please contact us at cxprad@microsoft.com; we look forward to hearing from you!

—Jon Nordstrom, senior solutions architect, Office 365 customer experience; and Om Vaiti, senior program manager, Office 365 Trust Engineering

Source: https://blogs.office.com/2015/11/23/announcing-office-365-customer-security-considerations-preview/

Cookie	Duration	Description
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser''s Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user''s pageviews into a single session recording.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site''s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website''s performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
ai_session	1 hour	This is a unique anonymous session identifier cookie set by Microsoft Application Insights software to gather statistical usage and telemetry data for apps built on the Azure cloud platform.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.

Cookie	Duration	Description
ai_user	1 year	Microsoft Azure sets this cookie as a unique user identifier cookie, enabling counting of the number of users accessing the application over time.
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user''s session ID and verify ads'' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.

Announcing Office 365 customer security considerations preview

Leave a Comment Cancel reply

Office 365 Essentials Book

Nuno Árias Silva Website

Categories

Office 365 Essentials Book

Facebook