Office 365 provides customers with a continuous stream of innovative features that provide significant productivity improvements while keeping information highly secure. We are working on resources and tools to help you leverage Office 365 information security features and controls, so you can manage security in your Office 365 tenant. The Office 365 Service Trust Portal (STP), launched earlier this year, is an example of a feature that provides deep insights into how Office 365 services are operated and independently audited.
Now we are pleased to present the customer security considerations (CSC) workbook that can be used to facilitate a quick review and implementation of the security controls available in Office 365. The CSC workbook is designed to provide you with information on key security and compliance features to consider when adopting, deploying and managing Office 365.
The CSC workbook, which currently is implemented as a Microsoft Excel workbook, is in preview. Your feedback will allow us to improve the CSC workbook for your business needs, and we hope to receive your feedback. Over time, the number of pivots will increase and additional compliance scenarios will be incorporated.
The CSC workbook contains two security-based pivots on the same set of features and information. One pivot is the Office 365 Customer Control Considerations section. Information in this section is organized into five scenarios listing the features that can be used to manage information security risks:
- Data Resiliency—Considerations for protecting and recovering information from potential data corruption.
- Access Control—Things to consider around managing identity and access control using Office 365 and Azure features.
- Data Leakage—Considerations around using encryption and controlling forwarding.
- Security and Compliance Investigations—Considerations for conducting compliance searches and forensics investigations, as well as logging and hold actions in Office 365.
- Incident Response and Recovery—Things to consider around security incident response and recovery.
In addition to these five scenarios, an all-up list of considerations is provided.
The second pivot is the Office 365 Risk Assessment Scenarios section. Information in this section is organized by risks/threats and how you will implement various controls to manage these risks:
- Malicious Customer Administrator
- Former Employee
- Credential Theft
- Trusted Device Compromised
- Attacker Foothold
- Microsoft Operator
We hope that the CSC workbook provides you with quick information on how to help secure your Office 365 service with features/configurations that you manage. Based on the usage of this tool and your valuable feedback, we hope to expand the scope of considerations as appropriate and make it even more user friendly in the future.
To get the CSC workbook, sign in to or onboard the Service Trust Portal (STP)—onboarding instructions to STP are here. For more information and feedback, please contact us at firstname.lastname@example.org; we look forward to hearing from you!
—Jon Nordstrom, senior solutions architect, Office 365 customer experience; and Om Vaiti, senior program manager, Office 365 Trust Engineering