Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Bringing deeper integration and new capabilities to Office 365 security & compliance
Published Sep 25 2017 08:00 AM 28.3K Views

Today’s post is from Alym Rayani, director, Office 365 security & compliance team


We’re excited to share several Office 365 security and compliance announcements and updates – as part of the news announced at the Microsoft Ignite conference. These new capabilities and enhancements provide a more complete and integrated set of solutions – enabling customers to better protect, detect and respond to threats. I’ll cover the highlights across each of the areas here, with deeper dives to follow during the course of this week at Ignite.


Protect against advanced threats

There are several feature updates to Office 365 threat protection services that address the evolution and advances in the threat landscape.  


Updates to Office 365 Advanced Threat Protection (ATP):

  • Enhanced anti-phishing capabilities – We’re expanding the existing machine-learning based phishing technology to help protect against phishing attacks. Customers can now turn on Safe Links protection for internal emails to help protect against a comprised account sending phish mails within the organization. Office 365 ATP’s detonation technology is leveraged to detect phishing URLs in the email body and phishing URLs within attachments. Rich integration with Windows 10 and Microsoft Edge expands detection capability of malicious and phishing links in emails leveraging signals from both Windows 10 and Edge. This integration also benefits Exchange Online Protection (EOP) only users. These are all available for you to use now.


Later this year, we’ll be adding new intelligence to enhance our protection against domain spoofing. We’ll also deliver improved impersonation detection to help prevent business email compromise and sophisticated spear phishing attacks. We’ll provide users safety tips when emails that impersonate a known contact land in a user’s inbox.


  • Expansion of ATP to Office 365 workloads – SharePoint Online, OneDrive for Business and Microsoft Teams are now protected by ATP, leveraging our signal strength, smart heuristics, machine learning, file detonation and reputation filters.

 Example of Advanced Threat Protection protecting a file in OneDrive for BusinessExample of Advanced Threat Protection protecting a file in OneDrive for Business


  • Safe Links updates – We’ve heard your feedback and have removed the URL wrapping. Users can now see the original URL when they hover over a link.Later this fall, Safe Links will be available for Office clients on the iOS and Android platforms.


  • Safe Attachments updates – While we’ve greatly reduced our malware scanning times over the last year, we know there are still some scenarios where users need immediate access to documents. We’re introducing a new capability that enables users to preview the content of the attachment even as it’s being scanned. The user can also interact with the preview document as they would with the real document, such as make edits or other changes to the document.

Learn more about these updates in the Advanced Threat Protection blog.


New in Office 365 Threat Intelligence:

  • Attack Simulator – Admins will have the ability to simulate different threat scenarios to gain an understanding of how your users would behave in the event of a real attack and evaluate how secure their configurations are.

Attack Simulator in Office 365 Threat IntelligenceAttack Simulator in Office 365 Threat Intelligence


  • Threat Tracker Provides a trend summary of different categories of threat campaigns (e.g. noteworthy, targeted, etc.). Threat tracker also gives a detailed view on evolving and trending threats, including attacks targeting specific users in your organization.


  • Threat Explorer New reports showing risky content activity (e.g. files with sensitive data being shared outside the organization) and risky user activities (e.g. a suspicious login).


  • Enhanced remediation capabilities Admins will now be able to remediate content malware (e.g. removing all links to malicious documents in SharePoint) and delete malicious emails.


Begin your Threat Intelligence trial today!


Accelerate your compliance journey and prepare for the GDPR

Achieving organizational compliance can be very challenging. We’re introducing several updates that will help you stay up-to-date with all the regulations that matter to your organization and to define and implement the right controls.


Introducing Compliance Manager

Today we’re introducing Compliance Manager, a new compliance solution that helps you manage your compliance posture. Compliance Manager enables you to conduct real-time risk assessment, providing one intelligent score that reflects your compliance performance against data protection regulatory requirements when using Microsoft cloud services. You will also be able to use the built-in control management and audit-ready reporting tools to improve and monitor your compliance posture. Read our blog to learn more about Compliance Manager, and sign up for the preview program, which will be available starting in November.*


 Compliance Manager dashboardCompliance Manager dashboard

Updates to Advanced eDiscovery:

  • Analysis of non-Office 365 data – While the amount of data being generated and stored in Office 365 is growing at an exponential rate, many organizations still have data in legacy file shares, archives as well as being generated in other cloud services – all which may be relevant for an eDiscovery case. Analysis of non-Office 365 data allows organizations to import the case-specific copy of such data into a specifically assigned Azure container and analyze it using Office 365 Advanced eDiscovery. Having one eDiscovery workflow for both Office 365 and non-Office 365 data provides organizations with the consistency they need to make defensible decisions across the entire data set of a case.


This feature is currently in preview and requires an Advanced eDiscovery license for each user whose data is being analyzed. Later this year, in addition to Advanced eDiscovery licenses, this feature will require the purchase of the eDiscovery Storage plan for all non-Office 365 data imported into the specifically assigned Azure container for analysis by Advanced eDiscovery. The eDiscovery Storage plan comes in increments of 500GB of storage and is priced at $100 per month. 

Analyze non-Office 365 data in Advanced eDiscoveryAnalyze non-Office 365 data in Advanced eDiscovery
New in Advanced Data Governance:

  • Event based retention – Effectively managing records that have retention periods which are associated with specific events, e.g. employee termination, contract expiration, tax audit, etc., can be challenging. Event based retention in Office 365 Advanced Data Governance allows customers to create events which will trigger the retention period of data in Office 365 to consistently comply with industry regulations or internal business requirements. This feature is currently in the standard Office 365 Universal Preview Program and available for you to try.


  • Disposition review – Many organizations keep almost all their data because they don’t necessarily have a consistent and defensible process showing why they deleted something. Disposing of data in a defensible manner allows organizations to effectively reduce their security and compliance risks. Disposition review in Office 365 Advanced Data Governance allows organizations trigger a disposition review at the end of a data retention period and decide whether the data can be safely deleted (“disposed”). This feature is now available for data in both SharePoint Online and OneDrive for Business; Exchange Online will be available in preview soon.


Announcing general availability of Customer Key

Customers have been asking for the option to use customer-managed encryption keys in Office 365 to meet their compliance needs. Today, we are introducing Customer Key, which enables organizations to provide and control their own encryption keys used to encrypt mailboxes and files in Office 365. Customer Key can help organizations meet compliance obligations that specify key management arrangements with their cloud service providers.

Due to the risk of data deletion, Customer Key also offers increased protection from lost or destroyed keys and provides added data integrity and availability. Customers can verify activity related to Customer Key within their tenant, and the feature will be included in an upcoming SOC audit.

Learn how Customer Key works in SharePoint Online. Customer Key is offered as part of Office 365 E5 or the Advanced Compliance SKU. Learn more in the Customer Key announcement blog


Preparing for the GDPR

Our announcements at Ignite add to the extensive built-in Office 365 security and compliance capabilities that are helping organizations prepare for the GDPR. Customers are choosing to simplify their compliance journey by using these integrated management tools that provide a single place for data governance and auditing. These intelligent tools offer better ways to manage and protect your data across the apps, services and devices that people use every day. For more details on these and other capabilities, read the new whitepaper "Accelerate your GDPR compliance journey with Microsoft 365 GDPR".


Protect your sensitive information – throughout the data lifecycle

We have a number of updates that help you identify, classify, protect, and monitor your critical data.


Enhancing integration across our information protection solutions

Microsoft’s Information Protection solutions help you identify, classify, protect and monitor your sensitive data – as it is created, stored or shared. We’re making several investments across our information protection solutions – helping provide more comprehensive protection across the data lifecycle. A key part of this vision is to provide a more consistent and integrated classification, labeling and protection approach across our core information protection technologies – enabling more persistent protection of your data.


New in Office 365 Message Encryption:


Making it easier for end user to send encrypted emails – As part of our integrated information protection investments, we are introducing rich new email encryption and rights protection capabilities in Office 365 Message Encryption that's built on top of Azure Information Protection. The new Office 365 Message Encryption capabilities make it easier to share protected emails with anybody – inside or outside your organization. For example, can now apply encryption to emails using Do Not Forward or other custom templates.


Secure collaboration outside the organization – Users can also apply rights management templates to emails sent outside the organization, enabling secure collaboration for B2B and B2C scenarios. We've improved the recipient experience and removed most hurdles required to read a protected message. Office 365 users can now read and reply to encrypted messages natively within their Outlook clients (desktop, Mac, web, iOS or Android mobile). Additionally, non-Office 365 users can authenticate and read protected messages using their Google or Yahoo identities, in addition to other options that's been previously available – a One-Time Passcode or a Microsoft Account.


Example of an end-user protecting an emailExample of an end-user protecting an email


 Additional encryption key options – Lastly, for customers who need to provide their own encryption keys, Office 365 Message Encryption also provides the option for customer-managed keys which encrypts your email while in-transit. This is complementary to Customer Key which uses customer-managed keys for Office 365 data-at rest. 


Setting up Office 365 Message Encryption is now even easier, and we can also support Exchange hybrid customers. If you have Office 365 E3 or E5 you can learn how to quickly get started here

To learn more about the Office 365 Message Encryption updates, read the announcement blog.


Increase your visibility and control with intelligent security management

Office 365 security management updates – We are making a few updates to Advanced Security Management to give you even better visibility and control over Office 365. To help organizations in the EU meet their compliance obligations, starting in October we will begin hosting Advanced Security Management in our EU datacenter region. We are also giving you additional visibility into the service by adding support for activities from Office 365 Threat Intelligence and Yammer (in preview). The signals from these services will be used to generate activity alerts and be factored into anomaly detection alerts. Lastly, to better align our Microsoft 365 investments, we are renaming Advanced Security Management to Office 365 Cloud App Security.


Join the Security, Privacy and Compliance Tech Community

Make sure to visit the Security, Privacy and Compliance Tech Community throughout this week – we’ll be providing additional details on many of our announcements. If you haven’t already, join the community now to further evolve your organization’s security and compliance with these services and learn and contribute to security, privacy, and compliance best practices. The Tech Community is a great resource to communicate and learn from your peers—as well as offer your insights on the growing importance of security, privacy and compliance.


“Compliance Manager preview is a dashboard that provides a summary of your data protection and compliance stature and recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate its effectiveness in your regulatory environment prior to implementation. Recommendations from Compliance Manager preview should not be interpreted as a guarantee of compliance.


Version history
Last update:
‎May 11 2021 01:55 PM
Updated by: