Today at Microsoft Ignite we shared our investments, our vision, and strategy for addressing today’s most challenging business and technology trends that are ever broadening the threat landscape.  From meeting complex corporate and governmental regulatory compliance, to addressing a more mobile and connected workforce, SharePoint and OneDrive and uniquely positioned to address your business needs. 

Stay ahead of data residency requirements

Governments around the world are strengthening laws and regulations to protect citizens’ data, preserve national security, and protect business interests.

New Multi-Geo Capabilities in Microsoft 365 with SharePoint and OneDrive provide global organizations a solution to maximizing the value of Office 365, including SharePoint and OneDrive, while meeting data residency and compliance requirements.  Multi-geo capabilities provide you with a choice of geographical locations in which to store, manage, and secure your data by allowing a single Office 365 tenant to span multiple regions, storing data on a per-user or per-site basis.  So whether you’re adding a new user to your organization or need to move an existing user, as well as their data, seamlessly and transparently to that user, to a new region, new multi-geo capabilities are designed to address those needs.

Multi-geo is in private preview today. If you’re interested and want to learn more visit the links below.

OneDrive http://aka.ms/OneDriveMultiGeo

SharePoint http://aka.ms/SharePointMultiGeo

Manage your service-level encryption key

Gain greater trust from your own clients, with service-level encryption with customer key so that Microsoft does not see or extract any encryption keys. 

Customer key with Office 365 allows you to take control of your information, providing an additional layer of security and data privacy above which is already supplied by Microsoft with SharePoint and OneDrive in Office 365. Customer key can be used to encrypt and/or decrypt the individual encryption keys used to encrypt your cloud storage service for SharePoint Online and OneDrive for Business.  Additionally, you can decide when to change and/or revoke access to these keys limiting Microsoft’s ability to access encrypted content.

Microsoft encrypts your content at rest and in transit throughout SharePoint, OneDrive and Office 365. In fact, we use multiple keys to encrypt your data, and distribute those keys across multiple data centers.  At the service level, we encrypt those keys that are used to encrypt your data. With customer lockbox, even our administrators have no ability to access your data without your explicit, time-bounded consent. Learn more about our encryption features here.

Service-level encryption with customer key goes one step further. You can manage the service-level key(s) that is used to encrypt the SharePoint and OneDrive data encryption keys. You can decide when to change this key(s) and, if your business requires, you can revoke the service-level key(s) and thereby deny the service access to your content.

Limit information overexposure

The risk of information exposure has increased because users don’t always work on desktop computers connected to the corporate network. Access controls now need to account for users connecting their mobile devices to non-secure networks or using their own unmanaged devices. These new access controls start with conditional access policies. Conditional access allows you to keep your corporate data safe while providing your users a secure environment in which they can work from any device. Conditional access in SharePoint Online and OneDrive for Business offers security that goes beyond user permissions. It considers the identity of the user, the devices and applications being used, the network that the user has connected to, and the sensitivity of the data being accessed.

Site-level device access policies

In March 2017, we introduced device access policies at the tenant level so you can control access from unmanaged or non-compliant devices to content stored in SharePoint and OneDrive.  At Microsoft Ignite 2017, we announced and demonstrated new support for bringing these device access policies to the site collection level, so you can limit access from these devices on a site by site basis, based on the classification of the content.  In addition, an administrator can also allow these devices access to collaborate using the Web browser to provide a seamless user experience for instances where unmanaged devices still need the ability to access and use content stored in one or more sites.

Session timeout policies

Unmanaged and non-compliant devices represent just one of many risks of information overexposure. The use of shared systems has also increased—from shared computers in the workplace, to kiosks at hotels and airports, devices and networks often change, but the one constant is the corporate data they access.  Also at Microsoft Ignite we shared our investments in idle-timeout scenarios that allow you to configure policy to automatically sign-out sessions at a specified interval on these shared systems after a period of inactivity.

Moving forward...

In today’s volatile economic climate, organizations require collaboration, communication, and productivity solutions to be both cost-effective and flexible.  SharePoint and OneDrive can help businesses achieve new levels of reliability and performance, delivering features and capabilities that simplify administration, protect communications and information, and empower users while meeting their demands for greater business mobility. 

However, data loss is non-negotiable, and overexposure to information can have legal and compliance implications.  In SharePoint and OneDrive, we’re providing a broad array of features and capabilities designed to make certain that sensitive information remains that way, and to ensure that the right people have access to the right information at the right time – whether challenged by an increasingly distributed and remote workforce, ubiquities connectivity, or rapid changes in corporate and regulatory compliance, we’ll be there each step of the way, evolving our protection in parallel to your risk.

After all, the security landscape has changed. Ubiquitous connectivity has led to users to expect data mobility, across networks, across devices, and more often, personal devices and shared systems, like kiosks.  These challenges and more complex corporate and regulatory compliance requirements have only made it more challenging to stay ahead of the trends. The video below demonstrates a subset of the latest controls we've built and announced at Microsoft Ignite, and how we'll continue to evolve our capabilities with more fine-grained controls – from the tenant and site level all the way down to the file level.

Office 365 is designed to help every company’s needs for business productivity, content security and compliance with technical, legal and regulatory standards. We’ve been hard at work in lighting up new productivity scenarios in OneDrive and SharePoint and architecting the service to support advanced features to help customers meet their regulatory security and compliance needs. 

Resources

We understand that there is no security without usability. If security gets in the way of productivity, users will find a different, less secure way to do their work.  Learn more about how we address our customers security and compliance concerns with the resources here.

eBook – Securing your content in the new world of work with SharePoint and OneDrive

Visual Interactive – Share with confidence with SharePoint and OneDrive