Customer Lockbox ensures that no one at Microsoft can access customer content without the customer’s explicit approval.
Customer Lockbox brings the customer into the approval workflow for access to customer content.
For the purpose of maximizing data security and privacy for Office 365 customers, we have engineered the service to require nearly zero interaction with customer content by Microsoft employees.
Nearly all service operations performed by Microsoft are either fully automated so there is no human interaction, or the human involvement is abstracted away from Office 365 customer content.
In the very rare instances someone may need access to customer content to resolve a customer issue. Today within Microsoft, Lockbox enforces access control through multiple levels of approval, providing just-in-time access with limited and time-bound authorization. In addition, all access control activities in the service are logged and audited.
Customer Lockbox for Office 365, provides unprecedented customer control over content residing in Office 365, so customers can be assured that their content will not be accessed by Microsoft employees without their explicit approval. It brings customers into the access approval loop, requiring the customer to provide explicit approval of access to their content by a Microsoft employee for service operations.
-
Administrators in the customer’s Office 365 environment are notified via email that there is a request for access.
-
Office 365 Admin Center portal will also display requests that have been submitted to the customer for approval.
-
Administrators in the customer’s Office 365 environment can approve or reject Customer Lockbox requests.
-
Microsoft can only proceed following approval of a Customer Lockbox request.
-
If a customer rejects a Customer Lockbox request, no access to customer content will occur.
-
If a user was experiencing a service issue that required Microsoft to access customer content in order to resolve (though such circumstances are expected to be extremely rare), then the service issue might simply persist. Microsoft would inform the customer of this outcome.
-
Customer Lockbox requests have a default lifetime of 12 hours; after which they expire. Expired requests do not result in access to customer content.
Resources
Watch Videos …
-
An Overview of Customer Lockbox in Office 365 - Duration: 2 minutes, 49 seconds.
Read …
-
Announcing Customer Lockbox for Office 365
-
Microsoft Mechanics: An Overview of Customer Lockbox in Office 365
Office 365 Advanced Security Management
The cloud offers many security benefits to organizations, but also raises new security considerations. It can also add to existing ones such as shadow IT, the use of software that is not formally sanctioned by the organization. Office 365 Advanced Security Management, a new set of capabilities powered by Microsoft Cloud App Security gives you greater visibility and control over your Office 365 environment.
Advanced Security Management includes:
-
Threat detection - Helps you identify high-risk and abnormal usage, and security incidents.
-
Enhanced control - Shapes your Office 365 environment leveraging granular controls and security policies.
-
Discovery and insights - Get enhanced visibility into your Office 365 usage and shadow IT without installing an end point agent.
Threat detection
Advanced Security Management enables you to set up anomaly detection policies, so you can be alerted to potential breaches of your network. Anomaly detection works by scanning user activities and evaluating their risk against over 70 different indicators, including sign-in failures, administrator activity and inactive accounts. For example, you can be alerted to impossible travel scenarios, such as if a user signs in to the service to check their mail from New York and then two minutes later is downloading a document from SharePoint Online in Tokyo.
Advanced Security Management also leverages behavioral analytics as part of its anomaly detection to assess potentially risky user behavior. It does this by understanding how users typically interact with Office 365, spotting anomalies and giving the anomalous activity a risk score to help IT decide whether to take further action.
Enhanced control
Advanced Security Management lets you set up activity policies that can track specific activities. With out-of-the-box templates, IT can easily create policies that flag when someone is downloading an unusually large amount of data, has multiple failed sign-in attempts or signs in from a risky IP address. Policies can also be customized to your environment. Using activity filters, IT can look for the location of a user, device type, IP address or if someone is granted admin rights. Alerts can be created to notify an IT lead immediately via email or text message.
Default activity policy templates that are included
The policy templates that are included are the following:
-
Administrative activity from a non-administrative IP address Alert when an admin user performs an administrative activity from an IP address that is not included in a specific IP range category.
-
User logon from a non-categorized IP address Alert when a user logs on from an IP address that is not included in a specific IP range category.
-
Mass download by a single user Alert when a single user performs more than 30 downloads within 5 minutes.
-
Multiple failed user log on attempts to an app Alert when a single user attempts to log on to a single app, and fails more than 10 times within 5 minutes.
-
Logon from a risky IP address Alert when a user logs on from a risky IP address to your sanctioned services. The Risky IP category contains, by default, anonymous proxies and TOR exits point.
After reviewing an alert and investigating a user’s activities, IT may deem that the behavior is risky and want to stop the user from doing anything else. This can be done directly from the alert. Some activities may be deemed so risky that IT may want to immediately suspend the account. To help with this, IT can configure the activity policy so that an account is automatically suspended if that risky activity takes place.
Advanced Security Management also shows which apps are connected to Office 365 in their environment, who is using them and the permissions they have. For example, if a user grants a scheduling application access to their Office 365 calendar data, IT will be able to see the details of the connection and revoke that application’s permissions with one click if they deem it a security risk.
Discovery and insights
Advanced Security Management also provides an app discovery dashboard that allows IT Pros to visualize your organization’s usage of Office 365 and other productivity cloud services, so you can maximize investments in IT-approved solutions. With the ability to discover about 1,000 applications in categories like collaboration, cloud storage, webmail and others, IT can better determine the extent to which shadow IT is occurring in your organization. Advanced Security Management will also give you details about the top apps in each category. For example, you can see how much data is being sent to OneDrive for Business, Box, Dropbox and other cloud storage providers.
You can do all this without installing anything on device end points. To load the data into the dashboard, all you have to do is take the logs from your network devices and upload them via an easy-to-use interface.
Many organizations allow users to connect apps to Office 365 without IT intervention to help them be more productive. The challenge is that it reduces the visibility and control that IT has over what apps are doing with the data. App Permissions as part of Office 365 Advanced Security Management can help mitigate that risk.
App Permissions provides information to IT about which applications in their network have access to Office 365 data, what permissions they have and which users granted these apps access to their Office 365 accounts.
Based on this information, IT admins can choose to approve the app or revoke its access to Office 365. If they choose to revoke permissions to the app, it will no longer be able to access the information for any of the users in the Office 365 tenant. App Permissions also makes it easy for IT admins to notify users who have installed the application that is going to be banned.
Resources -
Blog post: Gain enhanced visibility and control with Office 365 Advanced Security Management
-
Video: Introducing Advanced Security Management for Office 365
-
Overview of Advanced Security Management in Office 365
-
Get started with Advanced Security Management
-
Create app discovery reports in Advanced Security Management
-
Blog post: Enhanced control over third-party apps now available in Office 365
Share with your friends: |