Today, at TechEd Europe, we are pleased to announce the next set of innovations in security, privacy and compliance capabilities of Office 365, including mobile device management capabilities for Office 365, expansion of data loss prevention (DLP) technologies and the availability of per-file encryption in our productivity services.
As a global provider of productivity services that includes Office, the most familiar productivity suite in the world, we understand that the security of your data is imperative to continually earn and maintain your trust. We are committed to driving rapid innovation in how we operate the service, how we protect your data and the controls we provide you to manage and protect information.
Mobile device management for Office 365
As more and more people use multiple devices to get things done at work, keeping corporate data secure is becoming a top challenge. We’re excited to announce new mobile device management (MDM) capabilities built right in to Office 365, which will help you address this challenge. These new capabilities, set to roll out in the first quarter of 2015, enable you to manage Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices.
As IT administrators, you will be able to set and manage mobile device policies—such as device pin lock and jailbreak detection—directly from within the Office 365 administration portal. MDM for Office 365 will also enable you to perform a selective wipe to remove Office 365 corporate data from a device when an employee leaves your organization, while leaving personal data intact. And unlike MDM solutions that replace productivity apps with restrictive all-in-one apps for corporate email, calendars and documents, MDM for Office 365 is built directly into the productivity apps your employees know and love, so you can apply policies to help secure company data without sacrificing experience and productivity.
You can learn more about MDM for Office 365 in this blog post and video.
Expanding DLP across Office 365 and beyond
Office 365 has had DLP capabilities in email for quite some time, with powerful controls to help protect sensitive information and ensure your employees operate within your IT policies. Today, we are announcing the expansion of DLP capabilities to additional Office 365 services and other Office applications so you can protect your content no matter where it is stored and shared within Office 365, whether in email, OneDrive for Business, SharePoint Online, and Windows File Server or within the file itself.
Starting first quarter of 2015, as IT administrators, you will be able to centrally enforce and manage DLP policies across the services and applications from the Office 365 compliance center, so that your end users always understand what is happening through real time policy tips. You will have the ability to enforce the first set of policy actions and education for SharePoint online and OneDrive for Business this year and a richer set of controls coming early next year.
You can learn more about our vision for the expansion of DLP across Office and the broader Microsoft ecosystem in this blog post and video.
Advanced encryption at rest with per-file encryption
Last spring we announced our intent to include even more file encryption capabilities in our SharePoint and OneDrive for Business. Today we are excited to announce that we have rolled out advanced encryption at rest for SharePoint Online and OneDrive for Business called per-file encryption. Per-file encryption technology encrypts every individual file stored in SharePoint Online and OneDrive for Business with its own unique key, and also encrypts each subsequent update to the file with an additional unique key. This granular level of encryption vastly reduces the risk of unauthorized access to the content.
Trust and compliance with industry standards and regulations
Beyond delivering security enhancements and greater control through MDM and DLP, we are continually investing to ensure Office 365 meets the most stringent industry standards and regulations. Office 365 meets key international standards and certifications like ISO 27001, goes through periodic SSAE 16 audits with SOC 1 and SOC 2 reports and offers EU Model clauses. We also support compliance with specific industry standards and regulations such as CJIS, and more recently, IRS 1075 compliance for government customers.
Commitment to protect privacy
And we continue to advance our commitment to privacy. Office 365 is the first and only cloud service provider so far to be recognized by the Article 29 Working Party to contractually meet the European Union Data Protection Authorities’ stringent standards for international transfer of data. Today, we are pleased to announce that we are working to meet ISO 27018, an international standard that establishes controls to protect privacy.
The Office 365 Trust Center
Security and compliance shouldn’t be a checkbox or an afterthought. They should be built right into the services and solutions your organization uses every day. Security and compliance are fundamental to Office 365, so as we innovate to bring you new apps and experiences that make your organization more productive, we are focused on providing industry leading service capabilities and built-in, configurable controls to meet your organization’s specific security and compliance needs.
And we share information about these important topics in the Office 365 Trust Center.
Our work here is not done. True to our culture, we will continue to innovate and add security, privacy and compliance capabilities to Office 365, and we’ll continue to be transparent about our approach through content in the Office 365 Trust Center and “From Inside the Cloud” videos.
Vijay Kumar is the senior product manager for the Office 365 team.