Dec 11 2017 12:46 AM
Hey guys,
Wondering if there is any recommendations/checklist, etc. to hardening security on Office 365 groups when working externals. My scenario is having hundreds of people (mostly external) having to contribute with content that is highly classified and we are trying to lockdown and control access, while tracking what is going on.
So far our measures have gone from making Private groups, restrictions for reception of mail from designated recipients only, enabling auditing for content access (read/update, check-in, etc.), up to conditional access and Intune control to forbid access from non-managed devices, DLP + AIP and RMS for documents tracking as they travel outside our organisation, etc.
What else (besides Nespr.....)? I'm taking suggestions 🙂
Dec 11 2017 12:47 AM
Dec 11 2017 10:44 AM
quite a list already, I would add implementing guest re-attestation using this: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-azure-ad-controls-perform-a... (still in public preview)
Dec 18 2017 10:44 AM
SolutionI'd consider segmenting the confidential material across multiple groups to give some extra granularity in access control. In other words, consider each group as a "bucket" of information and only allow certain users access to that bucket. I know people don't like the idea of creating multiple groups because this makes email communication harder (solution: create a DL composed of nested Office 365 Groups), but it does help control access.
TR
Dec 18 2017 10:44 AM
SolutionI'd consider segmenting the confidential material across multiple groups to give some extra granularity in access control. In other words, consider each group as a "bucket" of information and only allow certain users access to that bucket. I know people don't like the idea of creating multiple groups because this makes email communication harder (solution: create a DL composed of nested Office 365 Groups), but it does help control access.
TR