SlideShare a Scribd company logo

Office365 App Security

Download as PPTX, PDF
Oliver Wirkus, profile picture
Oliver Wirkus

The document provides an overview of options to secure Office 365 applications, presented by Oliver Wirkuss. It covers common security challenges organizations face, such as sharing sensitive information and using unmanaged devices, and outlines best practices for configuring security settings across various Office 365 applications like SharePoint, OneDrive, and Power BI. The summary emphasizes the importance of developing governance rules, applying necessary security measures, and training users to maintain a balance between security and usability.

Technology
1 of 42
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Office365 App Security Overview on options to secure Office365 applications Presented By: Oliver Wirkus (MVP) September, 7th 2017
About me • Sr. Consultant with 2toLead • Microsoft Office Servers and Services MVP • Published Author and Speaker • Member of the Board of Vancouver Office365 user group Email: oliver@2tolead.com Twitter: @OWirkus LinkedIn: https://www.linkedin.com/in/owirkus/ Oliver Wirkus
 What are common threads that organizations face?  How to secure the Office 365 applications?  Summary and Best Practices
What are common threads that organizations face? Agenda
Sharing of sensitive information outside of the organization Common Threads
Sharing of sensitive information with other organizations Common Threads
Using unmanaged (personal) devices Common Threads
Uncontrolled sync’ing of data Common Threads
(Accidentally) sending sensitive information Common Threads
How to secure the Office 365 applications? Agenda
Security settings for SharePoint online
Configure external sharing according to corporate policies SharePoint online Configure external sharing in the Office365 Admin Center.} } Limit external sharing to selected security groups
Configure blocked and allowed domains as an additional layer of security SharePoint Online Configure domains users are allowed to share with.}
Create DLP rules according to corporate policies and keep in mind that DLP rules are not in effect immediately SharePoint online Data Loss Prevention Configure external sharing in the Office365 Security and Compliance Center. Rules might take a long time to become active!
Security settings for OneDrive for Business
Configure external sharing according to corporate policies OneDrive for Business Configure sharing with external users} Configure defaults for sharing links}
Configure blocked and allowed domains as an additional layer of security OneDrive for Business Limit external sharing by domain. Domains can be blocked or allowed}
Create DLP rules according to corporate policies and keep in mind that DLP rules are not in effect immediately OneDrive for Business OneDrive for Business is using the same DLP rules as SharePoint Online
Limit sync’ing to PCs joined to a corporate domain OneDrive for Business List domains that devices need to join to be included into synchronization}
Security settings for PowerApps and Flow
Only allow connectors which are safe to handle corporate data. Content transferred by connectors is not checked! PowerApps / Flow Data Loss Prevention is handled by allowing specific connectors to be used with Business Data} Redmond Magazine: How to Secure SharePoint Online Workflows with Microsoft Flow
Security settings for Skype for Business
Configure external access based on corporate policies Skype for Business Control how users can access Skype for Business users in other organizations} Configure blocked and allowed domains}
Security settings for Power BI
Configure who is allowed to share externally and who is allowed to publish to the web Power BI Control how users can share dashboards with external users} Control who can share dashboards with external users} Control who is allowed to publish reports to the web}
Control who is allowed to export data or to print dashboards and reports Power BI
Configure carefully who is allowed to use integrations services, audits and usage metrics Power BI Control who is allowed to use integration services } Control who is allowed to create audits and usage metrics }
Security settings for Office Groups
Configure privacy settings according to governance policies Office Groups Office Groups can be either ‘Public’ or ‘Private’} Configure if the group can receive external email}
Security settings for Yammer
Add only trusted network domains to Yammer Yammer Access list of allowed domains } Add domains as ‘allowed’ domains}
Configure who is allowed to create External Networks Yammer Configure who is allowed to create ‘External Networks’} Configure additional options for ‘External Networks’}
Configure IP ranges for Office network or VPN access Yammer Define a range of allowed IP addresses} Define how logins from outside are handled}
Security settings for Sway
Configure options for external sharing and what viewers are allowed to do with a Sway they receive. Sway Select with whom the Sway should be shared} Configure additional options regarding what Viewers are allowed to do}
Security & Privacy settings for Office 365
Assign roles and permissions according to tasks. Don’t assign all roles to just a few admins. Office 365 Assign roles and permissions to employees who need to perform specific tasks}
Create alerts based on various predefined activities } Set alerts and know what is happing to your data. Office 365
Only use Supervision with permission of your corporation Office 365 Configure who’s communication should be supervised, how often it should supervised and define supervisors }
Fine-tune the communication that should be supervised Office 365 “The conditions you choose will apply to communications from both email and 3rd-party sources in your organization (like from Facebook or DropBox).” https://support.office.com/en-us/article/Configure-supervision-policies-for-your-organization-d14ae7c3-fcb0-4a03-967b-cbed861bb086
Summary and Best Practices Agenda
Best practice guidance Security restricts employees in their day-to-day business! Too much security restrictions might constrict users in a disproportionate manner. On the other hand, too less security will definitely have a negative impact on the business and jeopardize the enterprise. My personal best practices:  Develop governance rules and security guidelines with business owners and external experts.  Apply the necessary amount of security rules based on these governance rules.  Log each applied security setting thoroughly and utilize the “Four- eye principle”.  Review governance rules and security settings at least twice per year.  Be transparent and train users

More Related Content

What's hot (20)

PDF
Cryptzone SharePoint and Office 365 Security Solutions Guide
David J Rosenthal
 
PDF
Office 365 Security - MacGyver, Ninja or Swat team
AntonioMaio2
 
PPTX
ECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture
European Collaboration Summit
 
PDF
SharePoint Saturday Ottawa - How secure is my data in office 365?
AntonioMaio2
 
PPTX
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore
 
PDF
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
European Collaboration Summit
 
PPTX
Everything you need to know about sharing files in SharePoint and OneDrive
Drew Madelung
 
PDF
What's new in Exchange Online - Microsoft Office 365 - Atidan
David J Rosenthal
 
PDF
Office 365 cloud principles
Motty Ben Atia
 
PDF
Office 365 deployment fast track
Motty Ben Atia
 
PPTX
Real world SharePoint information governance a case study - published
AntonioMaio2
 
PPTX
M365 Virtual Marathon: Retention in Office 365 - the Where What and How
Joanne Klein
 
PPTX
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Drew Madelung
 
PPTX
What's new in Security and Compliance in SharePoint , OneDrive for Business &...
Vignesh Ganesan I Microsoft MVP
 
PPTX
Intro to Shared Channels
Drew Madelung
 
PPTX
Securing SharePoint & OneDrive in Office 365
Drew Madelung
 
PDF
Reducing the Chance of an Office 365 Security Breach
Quest
 
PPTX
Office 365 Security Best Practices
Community IT Innovators
 
PPTX
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
Drew Madelung
 
PPTX
SharePoint Saturday Cambridge: Security & compliance
Albert Hoitingh
 
Cryptzone SharePoint and Office 365 Security Solutions Guide
David J Rosenthal
 
Office 365 Security - MacGyver, Ninja or Swat team
AntonioMaio2
 
ECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture
European Collaboration Summit
 
SharePoint Saturday Ottawa - How secure is my data in office 365?
AntonioMaio2
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore
 
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
European Collaboration Summit
 
Everything you need to know about sharing files in SharePoint and OneDrive
Drew Madelung
 
What's new in Exchange Online - Microsoft Office 365 - Atidan
David J Rosenthal
 
Office 365 cloud principles
Motty Ben Atia
 
Office 365 deployment fast track
Motty Ben Atia
 
Real world SharePoint information governance a case study - published
AntonioMaio2
 
M365 Virtual Marathon: Retention in Office 365 - the Where What and How
Joanne Klein
 
Sensitivity labels for Teams, Microsoft 365 Groups & SharePoint Sites
Drew Madelung
 
What's new in Security and Compliance in SharePoint , OneDrive for Business &...
Vignesh Ganesan I Microsoft MVP
 
Intro to Shared Channels
Drew Madelung
 
Securing SharePoint & OneDrive in Office 365
Drew Madelung
 
Reducing the Chance of an Office 365 Security Breach
Quest
 
Office 365 Security Best Practices
Community IT Innovators
 
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
Drew Madelung
 
SharePoint Saturday Cambridge: Security & compliance
Albert Hoitingh
 

Similar to Office365 App Security (20)

PPTX
Office 365 Saturday - Office 365 Security Best Practices
Benoit HAMET
 
PPTX
Intelligent Security, Compliance and Privacy in Office 365
Miguel Isidoro
 
PPTX
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Drew Madelung
 
PDF
Top Five Security Must-Haves for Office 365
Imperva
 
PPTX
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
PPTX
Office 365 Security - Its 2am do you know whos in your office 365
Jack Nichelson
 
PDF
CIAOPS Need to Know Office 365 Webinar - March 2018
Robert Crane
 
PPTX
Office365 Governance Is Changing!!
Stacy Deere
 
PPTX
Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Alistair Pugin
 
PPTX
Making a real world sharing strategy for SharePoint, OneDrive & Teams
Drew Madelung
 
PPTX
Security and Compliance with SharePoint and Office 365
Richard Harbridge
 
PPTX
Webinar: Office 365 For zombies
WithumSmith+Brown, formerly Portal Solutions
 
PDF
File Security in Microsoft SharePoint and OneDrive
David J Rosenthal
 
PPTX
Office 365 for Business Demystified for the average Technology and Business P...
Noorez Khamis
 
PPTX
Office 365; A Detailed Analysis - SPS Kampala 2017
Michael Noel
 
PPTX
MTX Portland Office 365 Strategic Capabilities Sep2017
Owen Allen
 
PDF
A Secure Journey to Cloud with Microsoft 365
David J Rosenthal
 
PDF
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
PDF
Empowering Teamwork with Mobile and Intelligent Intranet with SharePoint
David J Rosenthal
 
PPTX
Getting started with Microsoft Office 365 by Vignesh Ganesan
Vignesh Ganesan I Microsoft MVP
 
Office 365 Saturday - Office 365 Security Best Practices
Benoit HAMET
 
Intelligent Security, Compliance and Privacy in Office 365
Miguel Isidoro
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Drew Madelung
 
Top Five Security Must-Haves for Office 365
Imperva
 
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
Office 365 Security - Its 2am do you know whos in your office 365
Jack Nichelson
 
CIAOPS Need to Know Office 365 Webinar - March 2018
Robert Crane
 
Office365 Governance Is Changing!!
Stacy Deere
 
Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Alistair Pugin
 
Making a real world sharing strategy for SharePoint, OneDrive & Teams
Drew Madelung
 
Security and Compliance with SharePoint and Office 365
Richard Harbridge
 
Webinar: Office 365 For zombies
WithumSmith+Brown, formerly Portal Solutions
 
File Security in Microsoft SharePoint and OneDrive
David J Rosenthal
 
Office 365 for Business Demystified for the average Technology and Business P...
Noorez Khamis
 
Office 365; A Detailed Analysis - SPS Kampala 2017
Michael Noel
 
MTX Portland Office 365 Strategic Capabilities Sep2017
Owen Allen
 
A Secure Journey to Cloud with Microsoft 365
David J Rosenthal
 
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Empowering Teamwork with Mobile and Intelligent Intranet with SharePoint
David J Rosenthal
 
Getting started with Microsoft Office 365 by Vignesh Ganesan
Vignesh Ganesan I Microsoft MVP
 
Ad

More from Oliver Wirkus (12)

PPTX
UG Victoria - Microsoft Teams rollout lessons learned
Oliver Wirkus
 
PDF
Microsoft 365 governance approach
Oliver Wirkus
 
PPTX
Mastering the Art of SharePoint DMS
Oliver Wirkus
 
PPTX
SharePoint Migration-What you need to know
Oliver Wirkus
 
PPTX
App modernization-What you need to know before planning a migration to office...
Oliver Wirkus
 
PPTX
App Modernization - What you need to know before planning a migration to Offi...
Oliver Wirkus
 
PPTX
Mastering the Art of SharePoint DMS implemenation
Oliver Wirkus
 
PPTX
What you need to know about Enterprise 2.0 before implementing social features
Oliver Wirkus
 
PDF
SharePoint excellence evening - Collaboration mit sharepoint 2013
Oliver Wirkus
 
PPTX
SharePoint 2013 - Enterprise 2.0: Chance oder Risiko
Oliver Wirkus
 
PPTX
Coding against the Office Graph
Oliver Wirkus
 
PPTX
Moving mountains with Sharepoint - Document Management with SharePoint 2013
Oliver Wirkus
 
UG Victoria - Microsoft Teams rollout lessons learned
Oliver Wirkus
 
Microsoft 365 governance approach
Oliver Wirkus
 
Mastering the Art of SharePoint DMS
Oliver Wirkus
 
SharePoint Migration-What you need to know
Oliver Wirkus
 
App modernization-What you need to know before planning a migration to office...
Oliver Wirkus
 
App Modernization - What you need to know before planning a migration to Offi...
Oliver Wirkus
 
Mastering the Art of SharePoint DMS implemenation
Oliver Wirkus
 
What you need to know about Enterprise 2.0 before implementing social features
Oliver Wirkus
 
SharePoint excellence evening - Collaboration mit sharepoint 2013
Oliver Wirkus
 
SharePoint 2013 - Enterprise 2.0: Chance oder Risiko
Oliver Wirkus
 
Coding against the Office Graph
Oliver Wirkus
 
Moving mountains with Sharepoint - Document Management with SharePoint 2013
Oliver Wirkus
 
Ad

Recently uploaded (20)

PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PDF
TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...
TrustArc
 
PPTX
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
PDF
Build with AI and GDG Cloud Bydgoszcz- ADK .pdf
jaroslawgajewski1
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PDF
Generative AI vs Predictive AI-The Ultimate Comparison Guide
Lily Clark
 
PDF
NewMind AI Weekly Chronicles – July’25, Week III
NewMind AI
 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
 
PDF
RAT Builders - How to Catch Them All [DeepSec 2024]
malmoeb
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PDF
Market Insight : ETH Dominance Returns
CIFDAQ
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...
TrustArc
 
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
Build with AI and GDG Cloud Bydgoszcz- ADK .pdf
jaroslawgajewski1
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Generative AI vs Predictive AI-The Ultimate Comparison Guide
Lily Clark
 
NewMind AI Weekly Chronicles – July’25, Week III
NewMind AI
 
The Future of AI & Machine Learning.pptx
pritsen4700
 
RAT Builders - How to Catch Them All [DeepSec 2024]
malmoeb
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
Market Insight : ETH Dominance Returns
CIFDAQ
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 

Office365 App Security

  • 1. Office365 App Security Overview on options to secure Office365 applications Presented By: Oliver Wirkus (MVP) September, 7th 2017
  • 2. About me • Sr. Consultant with 2toLead • Microsoft Office Servers and Services MVP • Published Author and Speaker • Member of the Board of Vancouver Office365 user group Email: [email protected] Twitter: @OWirkus LinkedIn: https://www.linkedin.com/in/owirkus/ Oliver Wirkus
  • 3.  What are common threads that organizations face?  How to secure the Office 365 applications?  Summary and Best Practices
  • 4. What are common threads that organizations face? Agenda
  • 5. Sharing of sensitive information outside of the organization Common Threads
  • 6. Sharing of sensitive information with other organizations Common Threads
  • 7. Using unmanaged (personal) devices Common Threads
  • 8. Uncontrolled sync’ing of data Common Threads
  • 9. (Accidentally) sending sensitive information Common Threads
  • 10. How to secure the Office 365 applications? Agenda
  • 12. Configure external sharing according to corporate policies SharePoint online Configure external sharing in the Office365 Admin Center.} } Limit external sharing to selected security groups
  • 13. Configure blocked and allowed domains as an additional layer of security SharePoint Online Configure domains users are allowed to share with.}
  • 14. Create DLP rules according to corporate policies and keep in mind that DLP rules are not in effect immediately SharePoint online Data Loss Prevention Configure external sharing in the Office365 Security and Compliance Center. Rules might take a long time to become active!
  • 16. Configure external sharing according to corporate policies OneDrive for Business Configure sharing with external users} Configure defaults for sharing links}
  • 17. Configure blocked and allowed domains as an additional layer of security OneDrive for Business Limit external sharing by domain. Domains can be blocked or allowed}
  • 18. Create DLP rules according to corporate policies and keep in mind that DLP rules are not in effect immediately OneDrive for Business OneDrive for Business is using the same DLP rules as SharePoint Online
  • 19. Limit sync’ing to PCs joined to a corporate domain OneDrive for Business List domains that devices need to join to be included into synchronization}
  • 21. Only allow connectors which are safe to handle corporate data. Content transferred by connectors is not checked! PowerApps / Flow Data Loss Prevention is handled by allowing specific connectors to be used with Business Data} Redmond Magazine: How to Secure SharePoint Online Workflows with Microsoft Flow
  • 23. Configure external access based on corporate policies Skype for Business Control how users can access Skype for Business users in other organizations} Configure blocked and allowed domains}
  • 25. Configure who is allowed to share externally and who is allowed to publish to the web Power BI Control how users can share dashboards with external users} Control who can share dashboards with external users} Control who is allowed to publish reports to the web}
  • 26. Control who is allowed to export data or to print dashboards and reports Power BI
  • 27. Configure carefully who is allowed to use integrations services, audits and usage metrics Power BI Control who is allowed to use integration services } Control who is allowed to create audits and usage metrics }
  • 29. Configure privacy settings according to governance policies Office Groups Office Groups can be either ‘Public’ or ‘Private’} Configure if the group can receive external email}
  • 31. Add only trusted network domains to Yammer Yammer Access list of allowed domains } Add domains as ‘allowed’ domains}
  • 32. Configure who is allowed to create External Networks Yammer Configure who is allowed to create ‘External Networks’} Configure additional options for ‘External Networks’}
  • 33. Configure IP ranges for Office network or VPN access Yammer Define a range of allowed IP addresses} Define how logins from outside are handled}
  • 35. Configure options for external sharing and what viewers are allowed to do with a Sway they receive. Sway Select with whom the Sway should be shared} Configure additional options regarding what Viewers are allowed to do}
  • 37. Assign roles and permissions according to tasks. Don’t assign all roles to just a few admins. Office 365 Assign roles and permissions to employees who need to perform specific tasks}
  • 38. Create alerts based on various predefined activities } Set alerts and know what is happing to your data. Office 365
  • 39. Only use Supervision with permission of your corporation Office 365 Configure who’s communication should be supervised, how often it should supervised and define supervisors }
  • 40. Fine-tune the communication that should be supervised Office 365 “The conditions you choose will apply to communications from both email and 3rd-party sources in your organization (like from Facebook or DropBox).” https://support.office.com/en-us/article/Configure-supervision-policies-for-your-organization-d14ae7c3-fcb0-4a03-967b-cbed861bb086
  • 41. Summary and Best Practices Agenda
  • 42. Best practice guidance Security restricts employees in their day-to-day business! Too much security restrictions might constrict users in a disproportionate manner. On the other hand, too less security will definitely have a negative impact on the business and jeopardize the enterprise. My personal best practices:  Develop governance rules and security guidelines with business owners and external experts.  Apply the necessary amount of security rules based on these governance rules.  Log each applied security setting thoroughly and utilize the “Four- eye principle”.  Review governance rules and security settings at least twice per year.  Be transparent and train users