Fully supported by Microsoft’s Security Development Lifecycle (SDL), Office 365 is Microsoft’s most defended version of Office, implementing powerful threat modeling, analysis of attack surface and design essentials capable of identifying and subduing threats and vulnerabilities. Microsoft also updates SDL continuously using the latest data about “in the wilds” malware to ensure all software and services related to Office 365 remain safeguarded against hackers and destructive computer viruses.
Office 365 Safety Tips
Infected emails and phishing attacks are the easiest and quickest way hackers gain access to network data. To increase awareness of suspicious emails, Office 365 offers Safety Tips, a color-coded system that helps users identify safety levels of emails received. Emails labeled red indicate phishing emails or emails failing sender authentication processes and should be deleted immediately.
Yellow emails are marked as spam by Office 365’s Exchange Online Protection. To mark yellow emails as “not spam” and move them to the inbox, users can click “it’s not spam” located in the yellow bar.
“Trusted” emails are green emails that have been sent from a domain Microsoft considers legitimate. Gray emails are “safe” because the user’s organization marked the email as safe or the email was sent by a contact listed in the safe sender folder.
Multiple Layers of Security
Geographically distributed data centers insulate Office 365 user data from cyber attacks by employing multiple authentication methods involving smart cards, on-premise security personnel, biometric scanners and 24/7 video surveillance of data centers. Network security and perimeter protection is supported by controlled devices that only permit passage of communications and connections essential for systems to function. These devices also block all other protocols, connections and ports.
This network is further fortified by Access Control Lists implemented as ACLs arranged in layers on routers. Edge router protection enhances detection of vulnerabilities and intrusions while networks operating in Office 365 data storage facilities are segmented to increase physical separation of storage devices and back-end servers from public-oriented interfaces.
Anti-malware software provides continuous protection of user assets stored in Office 365 cloud servers. In addition to stopping Trojan worms and viruses from entering Office 365, this software also quarantines infected computer systems to prevent irreparable damage from occurring until corrective measures are taken by users or IT departments.
Operational Security Assurance and Encryption Technology
While most cyber threats target unpatched or otherwise vulnerable software, other threats besiege operational weaknesses. To protect undiagnosed weaknesses within systems using Office 365, Microsoft relies on an Operational Security Assuranceframework. OSA initiates robust monitoring of operations to quickly identify existing security risks according to established guidelines. In addition, Operational Security Assurance reinforces Microsoft’s cloud infrastructure by significantly reducing time needed to detect and initiate a counterattack against an incoming security threat.
Office 365 also offers encryption features users can manage and configure to their specifications. Technologies providing multiple methods of encrypting data include Rights Management Services, Secure Multipurpose Internet Mail Extension and Office 365 Message Encryption.
Office 365 and Data Loss Prevention
Although most data breaches result from targeted attacks and malware, errors made by users comprise a large portion of lost data within organizational systems. To combat the problem of data loss, Microsoft integrates Exchange Online into Office 365, a proactive technology especially designed to identify sensitive data contained in emails and protect this information from breach and/or loss. Administrators can also control and customize restriction levels regarding the transmission of sensitive data to block unauthorized sending of certain information. Attachments and email messages are scanned accordingly and administrators can access these data reports detailing what is being sent and who is sending the data.
To learn more about Office 365’s many security features, visit Office 365 Trust Center.