Successful Office 365 Management: Security

Much of the administrative experience inside of Office 365 streamlines and automates tasks that you previously had granular control over within the individual on-premises workloads. From an auditing and compliance perspective, this means you need to understand:

  1. Your organizational requirements, standards, and policies.
  2. What capabilities are possible within each of your hybrid components, from discovery through technical enforcement.
  3. What can be managed centrally versus within each individual system or component, and by whom.
Photo by Louise Viallesoubranne on Unsplash

Photo by Louise Viallesoubranne on Unsplash

Whether your environment is on-premises, in the cloud, or in a temporary or permanent hybrid state, it is critical that organizations clearly understand their security and compliance requirements, and whether these requirements are being met. All planning should begin with a detailed, step-by-step review of security and compliance policies and procedures, mapping out how each of them is currently accomplished.

As organizations consider moving to the cloud, they should use this baseline to understand how each will be accomplished within the future environment, and how current metrics and key performance indicators (KPIs) will be updated.

Security

The topic of cyber-security has become more visible in the past several years due to major breaches that have compromised the personal identity of millions of customers. Most organizations gather information about who they do business with, such as banks with credit card applications or software companies with customer logins and passwords, which requires that every company be vigilant in their security measures. Companies have an ethical obligation to safeguard their customers personal information.

What Microsoft provides

Microsoft Office 365 handles both trade secrets and other sensitive information, and it is critical that companies wanting to benefit from the platform can trust that it will not leak out sensitive information. You can find an overview of the Office 365 Security and Compliance Centers at https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/office-365-securitycompliance-center

Additionally, Microsoft provides additional security guidance for several leading sectors:

Potential gaps that organizations should plan for

According to 2019 research conducted by CollabTalk and the Marriott School of Management at Brigham Young University, two areas that organizations need to supplement to ensure that their unique security requirements are being met include:

    1. Monitoring solutions that actively look for security breaches
    2. Data protection and recovery from loss and lack of adequate encryption

Next Steps

For more in depth data around this topic, download a free copy of the Office 365 Operational Success Playbook. In the next two posts in this series, I’ll highlight data and relevant links for Compliance and Governance.

Christian Buckley

Christian is a Microsoft Regional Director and M365 Apps & Services MVP, and an award-winning product marketer and technology evangelist, based in Silicon Slopes (Lehi), Utah. He is a startup advisor and investor, and an independent consultant providing fractional marketing and channel development services for Microsoft partners. He hosts the weekly #CollabTalk Podcast, weekly #ProjectFailureFiles series, monthly Guardians of M365 Governance (#GoM365gov) series, and the Microsoft 365 Ask-Me-Anything (#M365AMA) series.

2 Responses

  1. January 9, 2022

    […] I outlined in the first post in this series on Office 365 security, much of the administrative experience inside of Office 365 streamlines and […]

  2. February 1, 2022

    […] Successful Office 365 Management: Security [buckleyPLANET] […]