New Microsoft Office 365 Features Enhance Control Over Data and Cloud Security
Many businesses use Microsoft Office 365 for email and other office applications such as Word, Excel, PowerPoint, Access, Publisher, Outlook etc. However, Microsoft is always improving and adding additional features to Office 365 that give better control over access to data, services and applications. Some of the most valuable features include:
Conditional Access Policies
OneDrive for Business is a great way for users to have access to data they need daily. However, your business may want that user to access OneDrive for Business only from company-approved devices. To solve this issue, Microsoft has added a feature called Conditional Access Policies. This allows the organization to create business rules around how, when and where a user can access company data or a company service such as SharePoint. Conditional Access Policies are a great way to strengthen any compliance or policy an organization has around data and application access.
Identity and Access Management
A second feature that is not as well-known is a new feature for IAM (Identity and Access Management). Office 365 now offers a portal that can be configured to allow secure access to other cloud services such as SalesForce, Office 365 apps, or any other web application that supports SAML. SAML (Security Assertion Markup Language) is used for exchanging authentication and authorization data between two different organizations. Rather than having a username and password for every cloud service that a user needs to keep track of, Office 365 can setup a SAML connection to the other cloud service and allow that user to access that application from a portal called MyApps.
This approach is much better as users do not have to remember different usernames and passwords. One username and password is required for MyApps and from there all applications can be accessed using a SAML connection. SAML does not pass any usernames or passwords, but rather sends a configured token that authorizes the user to authenticate. SAML allows an organization to manage just one identity for the user vs. the traditional approach of an identity per cloud service.
Using SAML has a big impact on several areas that cost organizations money and can lead to:
- Decreased calls to the Help Desk for forgotten passwords
- Eliminated costly security breaches that occur after a user has left an organization and their account for a cloud service was overlooked and they still have access to data
- Eliminated security breaches that may occur when a user is fooled into providing a password to an unknown entity
Some of you may be asking yourself, “What if the user gives up their password for MyApps? Won’t that now give an attacker access to all of their applications?"
The answer is “Yes!” If the password to the portal MyApps was inadvertently given out it would reveal the keys to all the applications/data a user has access to. With this new model, a username and password is not sufficient protection, because of the risk to the organization.
That’s why Office 365 also provides two-factor authentication which needs to be an essential part of the solution when moving to the MyApps portal. Now an attacker would need a username, password and the code generated by Office 365’s two-factor authentication! This is a much more secure approach that severely limits an attacker’s ability to get access to your data.
Want to know more about Microsoft Office 365 Security and how to implement it at your business?
Pete is the "Cloud Master" at Loffler and likes to wear cowboy boots.