News

Office 365 Gets New Security, Compliance Upgrades

• By Kurt Mackie
• April 30, 2019

A raft of security and compliance improvements are coming to Office 365 -- and specifically to Microsoft 365 subscribers -- according to Microsoft this week.

Microsoft's announcements mainly focused on improving the ability of organizations to clamp down on how corporate information gets distributed by Office 365 end users. Microsoft is adding things like encryption for external messages, as well as improvements to its "e-discovery" forensic tools for finding wayward information leakers. General availability releases and previews were announced, and most of the announcements concerned tenancies using the upper-tier Microsoft 365 E5 plan.

Also, there was a recap of April Office 365 improvements, including mention of the coming Microsoft Kaizala addition to Office 365 subscriptions. The Microsoft Kaizala messaging app will be added to Microsoft Teams "over the next 12-18 months," Microsoft indicated.

Advanced eDiscovery GA
On the forensics front, Microsoft announced that an improved Advanced eDiscovery Microsoft 365 solution is "now generally available," or ready for commercial use.

The Advanced eDiscovery solution is improved because Microsoft redesigned it based on "a custodian-based approach to holding content." Custodians are employees with access to sensitive information. They can be added to a search investigation, along with people having similar access privileges. Users of the tool can send hold notifications regarding documents, as well as notices that certain end users "are part of an investigation or litigation," Microsoft indicated.

Office 365 Data Investigations Preview
Microsoft is previewing the ability to search for "sensitive, malicious or misplaced data across Office 365" via a new Data Investigations tool added to the Security and Compliance Center portal, according to a Tuesday announcement. Organizations can block access to the data or delete it, and a graphical user interface will enable those sorts of actions.

"Today this is done through PowerShell but we plan on providing a UI experience at the end of May," Microsoft's announcement explained.

Advanced Message Encryption
Microsoft began offering its Office 365 Message Encryption service back in 2014. On Tuesday, Microsoft announced a new "Office 365 Advanced Message Encryption" service, which will let IT pros use custom e-mail templates (to add things like logos or branding), set expiration dates on e-mails and permit the revoking of encrypted e-mails.

Microsoft expects that the Office 365 Advanced Message Encryption service "will be available in eligible tenants by the end of May." The Advanced version requires having the Office 365 Message Encryption service plus an "Office 365 E5 subscription or an Office 365 E3 subscription with the E5 Compliance add-on or Advance Compliance add-on."

Compliance Manager 'New Experience' Preview
Microsoft began offering its Compliance Manager service commercially last year. It's an add-on for Office 365 Business and Enterprise customers that tracks how well organizations are aligning with various standards and regulations. Microsoft on Tuesday announced a "public preview of Compliance Manager['s] new experience," which is accessible via the Service Trust Portal.

The new experience lets organizations "build and import templates," which can be used to assess "any application or service (including on-premises and non-Microsoft apps and services) against any regulation or standard." Microsoft is also promising that the new Compliance Manager will automatically incorporate computing environment changes, such as a switch to using multifactor authentication, in its Secure Score assessments. It also has a "new action pivot" to show required and recommended activities.

The so-called new experience will replace the current Compliance Manager solution. When the new Compliance Manager solution reaches the general availability stage, data used with the old Compliance Manager will get retained for 12 months, Microsoft's announcement explained.

Organizations will need to take a couple of actions to use the new Compliance Manager. "Organizations need to assign permission roles before turning on the 'continuous update from Secure Score,' so only people with permission will see the tenant-specific information, such as the status of the security-oriented controls (see these instructions)," Microsoft's announcement indicated.

Compliance Manager doesn't yet have a General Data Protection Regulation (GDPR) assessment yet, but it'll be coming "in a few weeks," Microsoft promised.

Multi-Geo Support
Microsoft also noted that Multi-Geo regional support was added for SharePoint Online and Office 365 Groups. The new support options apparently hit the general availability stage last month. Microsoft also offers Multi-Geo support for Exchange Online and OneDrive data.

The new Multi-Geo support lets organizations control where SharePoint Online and Office 365 Groups data gets stored at rest. It's a concern typically for European Union countries with data residency compliance requirements.